Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Windows: "The system has recovered from a serious error".


  • This topic is locked This topic is locked
21 replies to this topic

#1 willlig

willlig

  • Members
  • 401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 17 November 2013 - 09:09 PM

After just starting the Netbook I got a Microsoft Windows message that said "The system has recovered from a serious error".
Error Codes;
BCCode : 24     BCP1 : 001902FE     BCP2 : F7CDA948     BCP3 : F7CDA644    
BCP4 : F765CAE8     OSVer : 5_1_2600     SP : 3_0     Product : 768_1

I clicked on a link for Technical Details and it showed these 2 lines:
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\WERc084.dir00\Mini101613-01.dmp
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\WERc084.dir00\sysdata.xml

 

I also clicked on "Send Error Report" to send to Microsoft, and the Microsoft website page that came up is copied below.  (The reason the copy is so long is because there are links on the page that you can click on for instructions on how to attempt various possible checks and when I copied the whole page into a Notepad, they expanded.)
I didn't see a blue screen when the computer was starting. Should I attempt this stuff or can you shed some light on this issue first? I have the Seagate external drive plugged in to this computer all the time (never unplugging it). Could it have something to do with that? Also, while all this was going on, a Microsoft Security Essentials window came up indicating it was running, even though it is not listed in Add or Remove Programs. I also haven't yet gotten around to removing extra copies of my music files from the C drive. Thanks.

 

Stop (blue screen) error caused by a device or driver
You received this message because a hardware device, its driver, or related software has caused a stop error, also called a blue screen error. This type of error means the computer has shut down abruptly to protect itself from potential data corruption or loss. In this case, we were unable to detect the specific device or driver that caused the problem.

The following troubleshooting steps might prevent the stop error from recurring. Try them in the order given. If one step does not solve the problem, then move on to the next one.

Steps to solve this problem
Download and install the latest updates and device drivers for your computer

Use Windows Update to check for and install updates:

Tap or click to go online to the Windows Update website

Note
If Microsoft Update is installed, you'll be taken to the Microsoft Update website.

Click Custom to check for available updates.

In the left pane, under Select by Type, click each of the following links to view all available updates:

High Priority

Software, Optional

Hardware, Optional

Select the updates you want, click Review and install updates, and then click Install Updates.

If you recently added a new hardware device to your computer, go online to the manufacturer's website to see if a driver update is available.

How do I find my computer manufacturer?

Click Start, click Run, type msinfo32, and then click OK. Your computer manufacturer is listed as the System Manufacturer in the right pane of the System Information window.

Tap or click to go online to see contact info for most computer manufacturers
If you recently added a new program to your computer, go online to the manufacturer's website to see if an update is available.

Scan your computer for viruses

Many blue screen errors can be caused by computer viruses or other types of malicious software.

If you have an antivirus program installed on your computer, make sure it is up to date with the latest antivirus definitions and perform a complete scan of your system. Check your antivirus product's website for information on getting the latest updates.

If you do not have antivirus software installed on your computer, we recommend using a web-based scanner to check your computer for malware. Many of the top antivirus software providers offer this service free of charge on their websites.

To see a list of Microsoft and third-party providers of antispyware, anti-malware, and antivirus software, go online to the following website:

Security software: Downloads and trials
To see a list of antivirus software vendors, go online to the following Knowledge Base article:

List of antivirus software vendors
 Tip
Consider scanning your computer using more than one web-based antivirus scanner, even if you have an antivirus program installed on your computer. This will help make sure that you are using the most up-to-date antivirus definitions and allows you to benefit from the different strengths of each antivirus software manufacturer. If you do run multiple antivirus products, make sure you run only one product at a time. Running multiple antivirus products simultaneously can produce incorrect results.

Check your hard disk for errors

You can help solve some computer problems and improve the performance of your computer by making sure that your hard drive has no errors.

Tap or click Start, and then tap or click My Computer.

Press and hold or right-click the hard drive that you want to check, and then tap or click Properties.

Tap or click the Tools tab, and then, under Error-checking, tap or click Check Now.

To automatically repair problems with files and folders that the scan detects, select Automatically fix file system errors. Otherwise, the disk check will report problems but not fix them.

To perform a thorough disk check, select Scan for and attempt recovery of bad sectors. This scan attempts to find and repair physical errors on the hard drive itself, and it can take much longer to complete.

To check for both file errors and physical errors, select both Automatically fix file system errors and Scan for and attempt recovery of bad sectors.

Tap or click Start.

Depending upon the size of your hard drive, this might take several minutes or longer. For best results, don't use your computer for any other tasks while it's checking for errors.

Note
If you select Automatically fix file system errors for a disk that is in use (for example, the partition that contains Windows), you'll be prompted to reschedule the disk check for the next time you restart your computer.

For more information, go online to read the following article:

How to perform disk error checking in Windows XP
Steps to work around this problem
Warning
These steps are designed to address a particular problem but might do so by temporarily disabling or removing some functionality on your computer.

Remove any new hardware or software to isolate the cause of the blue screen

If you received the blue screen error after adding a new hardware device or program, and downloading updates didn't solve the problem, try removing the device or program and restarting Windows. If removing the new device or program allows Windows to start without the error, contact the device or program's manufacturer to get product updates or to learn about any known issues with the device or program.

Restore your computer to an earlier state

If the blue screen error occurred after installing a system or program update, consider using the System Restore feature to remove the changes. System Restore uses "restore points" that have been saved on your computer to return your system to a point in time before the problem began. This won't fix the problem, but it can make your computer work again.

Do one of the following:

If Windows doesn't start:

Restart the computer and, when the screen becomes blank during startup, repeatedly press F8 until the Windows Advanced Options Menu displays.

Use your arrow keys to select Safe Mode with Command Prompt, and then press ENTER.

For more information about safe mode start up options, go online to read an article in the Microsoft Knowledge Base:

Click to read KB315222
If you are prompted to select a version of Windows, select the correct version, and then press ENTER.

Log on to the computer using the Administrator account or an account that has administrator credentials.

Type the following command at a command prompt, and then press ENTER:

[systemroot]\system32\restore\rstrui.exe

(Where [systemroot] is the drive and directory where your Windows system files are located -- for example, "C:\Windows")

Follow the instructions that appear on the screen to restore the computer to an earlier state.

Or, if Windows starts:

Log on to Windows using an administrator account.

Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.

On the Welcome to System Restore page, select Restore my computer to an earlier time, and then click Next.

On the Select a Restore Point page, click the most recent system checkpoint in the On this list, click a restore point list, and then click Next. You might receive a message that lists configuration changes that System Restore will make. Review this list, and then click OK.

On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows configuration, and then restarts the computer.

Log on to the computer as an administrator.

When the System Restore Restoration Complete page appears, click OK.
   



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 22 November 2013 - 09:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/514564 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 willlig

willlig
  • Topic Starter

  • Members
  • 401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 24 November 2013 - 07:24 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/28/2008 3:49:39 AM
System Uptime: 11/24/2013 6:30:08 PM (1 hours ago)
.
Motherboard: Acer |  |            
Processor:          Intel® Atom™ CPU N270   @ 1.60GHz |  | 1596/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 107 GiB total, 1.062 GiB free.
D: is FIXED (NTFS) - 931 GiB total, 856.458 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP191: 10/17/2013 9:23:04 PM - System Checkpoint
RP192: 10/19/2013 2:46:05 PM - System Checkpoint
RP193: 10/21/2013 8:50:05 PM - System Checkpoint
RP194: 10/22/2013 10:28:09 PM - avast! antivirus system restore point
RP195: 10/23/2013 11:46:43 PM - System Checkpoint
RP196: 10/26/2013 5:41:43 PM - System Checkpoint
RP197: 10/27/2013 8:45:41 PM - System Checkpoint
RP198: 10/30/2013 7:18:53 PM - System Checkpoint
RP199: 10/30/2013 11:45:37 PM - Installed iTunes
RP200: 11/6/2013 10:51:48 PM - System Checkpoint
RP201: 11/8/2013 8:39:23 PM - System Checkpoint
RP202: 11/10/2013 8:00:12 PM - Installed Safari
RP203: 11/10/2013 8:01:21 PM - Removed Safari
RP204: 11/17/2013 9:53:03 PM - System Checkpoint
RP205: 11/18/2013 7:02:50 PM - Software Distribution Service 3.0
RP206: 11/22/2013 11:24:59 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acer Crystal Eye webcam
Acer Crystal Eye Webcam 1.0.1.3
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
avast! Free Antivirus
AVG SafeGuard toolbar
Bonjour
Flash Player Pro V5.4
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Board Games 3
Inbox Toolbar
Intel® Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
iTunes
JMicron JMB38X Flash Media Controller
Launch Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Carioca Rummy
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 8.1
Microsoft IntelliType Pro 5.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Open It!
Paragon HFS+ for Windows™ 9.1
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 4.2
Synaptics Pointing Device Driver
SySaver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Zip Opener
VCRedistSetup
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WiseFixer 3.2
Zip Opener Packages
.
==== Event Viewer Messages From Past Week ========
.
11/18/2013 11:00:01 PM, error: System Error [1003]  - Error code 00000077, parameter1 00000001, parameter2 74c0850c, parameter3 00000000, parameter4 a97c4cbc.
11/17/2013 7:54:51 PM, error: System Error [1003]  - Error code 00000024, parameter1 001902fe, parameter2 f7cda948, parameter3 f7cda644, parameter4 f765cae8.
.
==== End Of File ===========================
 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Dorinne at 19:19:18 on 2013-11-24
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1012.397 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Paragon Software\HFS+ for Windows  9.1\apmwinsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1375839964390
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1873E8E3-60C0-460E-8A19-618EC259D48B} : DHCPNameServer = 192.168.1.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.1.2\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 apmwin;apmwin;c:\windows\system32\drivers\apmwin.sys [2013-10-17 42448]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-10-22 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-10-22 178304]
R0 gpt_loader;GUID Partition table support driver;c:\windows\system32\drivers\gpt_loader.sys [2013-10-17 44624]
R0 mounthlp;Mounter helper driver for HFS+ volumes;c:\windows\system32\drivers\mounthlp.sys [2013-10-17 33488]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-22 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-10-22 403440]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-8-26 37664]
R2 apmwinsrv;Paragon APM service;c:\program files\paragon software\hfs+ for windows  9.1\apmwinsrv.exe [2013-7-26 64720]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-22 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-22 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-10-22 50344]
R2 HfsplusRec;HfsplusRec;c:\windows\system32\drivers\hfsplusrec.sys [2013-10-17 14544]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-1-7 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.8.13\ccSvcHst.exe [2011-1-7 126392]
R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\common files\avg secure search\vtoolbarupdater\17.1.2\ToolbarUpdater.exe [2013-11-17 1734680]
R3 Hfsplus;Hfsplus;c:\windows\system32\drivers\hfsplus.sys [2013-10-17 169168]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [2008-5-5 254976]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-8-7 45464]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-28 96856]
.
=============== Created Last 30 ================
.
2013-11-18 00:56:28 -------- d-----w- c:\windows\system32\cache
2013-10-31 03:49:10 -------- d-----w- c:\program files\iPod
2013-10-31 03:48:56 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-27 23:27:50 -------- d-----w- c:\documents and settings\dorinne\application data\Malwarebytes
2013-10-27 03:10:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-10-27 03:10:02 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-27 03:10:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M  ====================
.
2013-11-19 04:03:54 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-19 04:03:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-18 00:55:32 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-23 02:28:47 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-23 02:28:47 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-23 02:28:47 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-23 02:28:47 43152 ----a-w- c:\windows\avastSS.scr
2013-10-23 02:28:47 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57:59 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:20:30.07 ===============
 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:47 PM

Posted 03 December 2013 - 04:33 PM

Greetings Will and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

We meet again my friend. :)

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Could you please update me on the status of your computer. Following that I will post some steps for you to take.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 willlig

willlig
  • Topic Starter

  • Members
  • 401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 05 December 2013 - 07:45 PM

Hello Gary and thanks. Good to hear from you again. Sorry for the long post. I should have zipped one of them. Oops.

I haven't gotten that error message since I got it twice on that same day (Nov 17) but the computer now has issues starting up. When I press the power button the usual whirring sound only lasts for a second then goes silent for 5-10 seconds, then starts whirring again for a few seconds, then goes silent for several seconds, then finally starts up. I think I recall we installed the latest version of Adobe Reader just before it started to do this but that may just be coincidence. Aside from that, my observations are 1. the Seagate external drive remains plugged into the computer at all times (does not get unplugged) and 2. there is a lot of stuff on the computer (programs on the Desktop, music files). Although even with the stuff mentioned in these 2 points being on the computer, It didn't have the start up issue before installing the Adobe Reader latest version.


Edited by willlig, 05 December 2013 - 07:48 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:47 PM

Posted 05 December 2013 - 08:55 PM

There should be a hard drive light that flickers as your computer is booting up. Does that seem to stall during the start up process. What you are describing in not necessarily out of the ordinary.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 willlig

willlig
  • Topic Starter

  • Members
  • 401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 05 December 2013 - 09:51 PM

It does stall a couple of times for a second or two. I guess I will just live with it. It's just that it's different than it was and as it seems like it's stopping and starting I feel like one time it might not start and give the error again. At least I know which option to choose if I get the message again. I just like to know what it is that changes and makes a compter behave differently, so that I could maybe prevent things from happening again. The computer does seem to be a bit slower now. 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:47 PM

Posted 05 December 2013 - 10:45 PM

Let's run this report just to take a look.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Farbar reports (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:47 PM

Posted 09 December 2013 - 11:11 AM

Hi Will,

You still with me?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 willlig

willlig
  • Topic Starter

  • Members
  • 401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 09 December 2013 - 06:29 PM

Yes, thanks. I was in Vermont from Friday to Sunday. Here are the 2 logs.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2013
Ran by Dorinne (administrator) on DWCACER on 09-12-2013 18:24:47
Running from C:\Documents and Settings\Dorinne\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
() C:\Program Files\Paragon Software\HFS+ for Windows  9.1\apmwinsrv.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\type32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo Inc.) C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realtek Semiconductor Corp.) C:\Documents and Settings\Dorinne\Local Settings\temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LaunchApp] - Alaunch
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AzMixerSel] - C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [53248 2006-07-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1044480 2008-04-24] (Synaptics, Inc.)
HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\ime\imjp8_1\imjpmig.exe [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE [59392 2008-04-14] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [M3000Mnt] - Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [821768 2008-05-13] (Dritek System Inc.)
HKLM\...\Run: [eRecoveryService] - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [425984 2008-05-22] (Acer Inc.)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.exe [16862720 2008-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1808784 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2420248 2013-11-17] ()
HKLM\...\Run: [type32] - C:\Program Files\Microsoft IntelliType Pro\type32.exe [172032 2004-06-03] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\avastui.exe [3567800 2013-10-22] (AVAST Software)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\08b52326-db1e-4d1a-b8da-e1b40b3fcda0.exe [180184 2013-11-26] (AVAST Software)
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\WINDOWS\ACER\run_NB.exe [ 2007-07-23] ()
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
ShortcutTarget: InterVideo WinCinema Manager.lnk -> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={5DCB1D32-7807-484C-8AF1-323FC76DA9AF}&mid=Unknown&lang=en&ds=co011&pr=sa&d=2013-09-05 21:52:30&v=15.6.1.2&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Google Docs) - C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (AVG SafeGuard) - C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.1.12_0
CHR Extension: (Google Wallet) - C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\17.1.2.1\avg.crx

========================== Services (Whitelisted) =================

R2 apmwinsrv; C:\Program Files\Paragon Software\HFS+ for Windows  9.1\apmwinsrv.exe [64720 2013-07-26] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-22] (AVAST Software)
R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [123320 2013-08-31] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll [132984 2009-08-29] (Symantec Corporation)
S4 RemoteAccess; C:\Windows\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
R2 vToolbarUpdater17.1.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [1734680 2013-11-17] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R0 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation)
R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [42448 2013-07-26] (Paragon Software Group)
R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1312576 2008-05-20] (Atheros Communications, Inc.)
R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-10-22] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-10-22] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-10-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-10-22] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-10-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-11-08] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-10-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-10-22] ()
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-17] (AVG Technologies)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [44624 2013-07-26] (Paragon Software Group)
R3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [169168 2013-07-26] (Paragon Software Group)
R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [14544 2013-07-26] (Paragon Software Group)
R3 int15.sys; C:\Acer\Empowering Technology\eRecovery\int15.sys [69632 2005-01-13] ()
R3 M3000Srv; C:\Windows\System32\Drivers\M3000KNT.sys [254976 2008-05-05] ()
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [33488 2013-07-26] (Paragon Software Group)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-04-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [x]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-09 18:21 - 2013-12-09 18:21 - 01060641 _____ (Farbar) C:\Documents and Settings\Dorinne\Desktop\FRST.exe
2013-11-24 19:20 - 2013-11-24 19:20 - 00017707 _____ C:\Documents and Settings\Dorinne\Desktop\attach.txt
2013-11-24 19:20 - 2013-11-24 19:20 - 00011694 _____ C:\Documents and Settings\Dorinne\Desktop\dds.txt
2013-11-18 19:11 - 2013-11-18 19:11 - 00009415 _____ C:\WINDOWS\KB2900986.log
2013-11-18 19:11 - 2013-11-18 19:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-18 19:11 - 2013-11-18 19:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-18 19:11 - 2013-11-18 19:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-18 19:11 - 2013-11-18 19:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-18 19:10 - 2013-11-18 19:11 - 00006789 _____ C:\WINDOWS\setupapi.log
2013-11-18 19:09 - 2013-11-18 19:10 - 00011713 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-18 19:07 - 2013-11-18 19:07 - 00009137 _____ C:\Documents and Settings\Dorinne\Desktop\System has recovered from a serious error troubleshoot.txt
2013-11-17 20:22 - 2013-11-18 19:11 - 00015582 _____ C:\WINDOWS\KB2868626.log
2013-11-17 20:22 - 2013-11-18 19:11 - 00014565 _____ C:\WINDOWS\KB2862152.log
2013-11-17 20:21 - 2013-11-18 19:11 - 00014057 _____ C:\WINDOWS\KB2876331.log
2013-11-17 19:57 - 2013-12-05 21:37 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-11-17 19:56 - 2013-11-17 19:56 - 00000000 ____D C:\WINDOWS\system32\cache

==================== One Month Modified Files and Folders =======

2013-12-09 18:25 - 2013-10-22 21:29 - 00000888 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-09 18:25 - 2013-10-22 21:29 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-09 18:25 - 2013-10-19 19:15 - 00014299 _____ C:\Documents and Settings\Dorinne\Desktop\FRST.txt
2013-12-09 18:21 - 2013-12-09 18:21 - 01060641 _____ (Farbar) C:\Documents and Settings\Dorinne\Desktop\FRST.exe
2013-12-09 18:20 - 2013-08-26 19:13 - 00000000 ____D C:\FRST
2013-12-09 18:17 - 2008-08-15 15:37 - 01879338 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-09 18:17 - 2008-08-15 15:37 - 00032494 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-05 22:36 - 2013-03-31 16:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-05 21:40 - 2008-08-15 14:59 - 00004584 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-05 21:37 - 2013-11-17 19:57 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-12-05 21:36 - 2008-08-15 15:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-05 21:36 - 2008-08-15 05:33 - 00000157 _____ C:\WINDOWS\wiadebug.log
2013-12-05 21:36 - 2008-08-15 05:33 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-12-05 21:33 - 2008-12-28 03:50 - 00000178 ___SH C:\Documents and Settings\Dorinne\ntuser.ini
2013-12-05 21:33 - 2008-12-28 03:50 - 00000000 ____D C:\Documents and Settings\Dorinne
2013-12-05 19:42 - 2013-10-22 21:30 - 00001817 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-12-05 19:01 - 2008-08-15 15:37 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-29 20:21 - 2009-01-02 10:14 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\Skype
2013-11-29 19:50 - 2009-01-02 10:13 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-11-24 19:20 - 2013-11-24 19:20 - 00017707 _____ C:\Documents and Settings\Dorinne\Desktop\attach.txt
2013-11-24 19:20 - 2013-11-24 19:20 - 00011694 _____ C:\Documents and Settings\Dorinne\Desktop\dds.txt
2013-11-18 23:04 - 2008-12-27 15:24 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\Adobe
2013-11-18 23:03 - 2013-03-31 16:20 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-18 23:03 - 2011-08-06 12:48 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-18 19:11 - 2013-11-18 19:11 - 00009415 _____ C:\WINDOWS\KB2900986.log
2013-11-18 19:11 - 2013-11-18 19:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-18 19:11 - 2013-11-18 19:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-18 19:11 - 2013-11-18 19:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-18 19:11 - 2013-11-18 19:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-18 19:11 - 2013-11-18 19:10 - 00006789 _____ C:\WINDOWS\setupapi.log
2013-11-18 19:11 - 2013-11-17 20:22 - 00015582 _____ C:\WINDOWS\KB2868626.log
2013-11-18 19:11 - 2013-11-17 20:22 - 00014565 _____ C:\WINDOWS\KB2862152.log
2013-11-18 19:11 - 2013-11-17 20:21 - 00014057 _____ C:\WINDOWS\KB2876331.log
2013-11-18 19:11 - 2008-08-15 15:19 - 00742021 _____ C:\WINDOWS\tsoc.log
2013-11-18 19:11 - 2008-08-15 15:19 - 00306429 _____ C:\WINDOWS\iis6.log
2013-11-18 19:11 - 2008-08-15 12:53 - 01941856 _____ C:\WINDOWS\FaxSetup.log
2013-11-18 19:11 - 2008-08-15 12:53 - 00931085 _____ C:\WINDOWS\ocgen.log
2013-11-18 19:11 - 2008-08-15 12:53 - 00653602 _____ C:\WINDOWS\comsetup.log
2013-11-18 19:11 - 2008-08-15 12:53 - 00395055 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-18 19:11 - 2008-08-15 12:53 - 00206806 _____ C:\WINDOWS\updspapi.log
2013-11-18 19:11 - 2008-08-15 12:53 - 00106905 _____ C:\WINDOWS\ocmsn.log
2013-11-18 19:11 - 2008-08-15 12:53 - 00096661 _____ C:\WINDOWS\msgsocm.log
2013-11-18 19:11 - 2008-08-15 12:53 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-18 19:11 - 2008-08-15 12:53 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-18 19:10 - 2013-11-18 19:09 - 00011713 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-18 19:10 - 2009-11-02 09:36 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-18 19:08 - 2013-08-06 20:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-18 19:07 - 2013-11-18 19:07 - 00009137 _____ C:\Documents and Settings\Dorinne\Desktop\System has recovered from a serious error troubleshoot.txt
2013-11-18 19:03 - 2009-01-02 14:31 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-17 19:56 - 2013-11-17 19:56 - 00000000 ____D C:\WINDOWS\system32\cache
2013-11-17 19:55 - 2013-08-26 17:38 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-11-17 19:55 - 2013-08-26 17:37 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-11-10 20:01 - 2010-09-19 07:47 - 00001854 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
2013-11-10 20:01 - 2009-09-16 11:29 - 00001854 _____ C:\Documents and Settings\All Users\Desktop\Safari.lnk
2013-11-10 20:01 - 2009-09-16 11:28 - 00000000 ____D C:\Program Files\Safari
2013-11-10 19:54 - 2008-08-15 13:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-11-09 14:36 - 2010-11-07 20:08 - 00006144 _____ C:\Documents and Settings\Dorinne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Documents and Settings\Dorinne\Local Settings\temp\install_reader11_en_chrd_awa_aih[1].exe
C:\Documents and Settings\Dorinne\Local Settings\temp\RtkBtMnt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-12-2013
Ran by Dorinne at 2013-12-09 18:26:22
Running from C:\Documents and Settings\Dorinne\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

Acer Crystal Eye webcam
Acer Crystal Eye Webcam 1.0.1.3 (Version: 1.0.1.3)
Acer ScreenSaver (Version: 1.11.0613)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program (Version: 7.6.0.224)
avast! Free Antivirus (Version: 9.0.2006)
AVG SafeGuard toolbar (Version: 17.1.2.1)
Bonjour (Version: 3.0.0.10)
Flash Player Pro V5.4
Google Chrome (Version: 31.0.1650.63)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.22.3)
Hoyle Board Games 3
Inbox Toolbar (Version: 1.0.0)
Intel® Graphics Media Accelerator Driver
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD (Version: 5.0-B11.1255)
iTunes (Version: 11.1.2.32)
JMicron JMB38X Flash Media Controller (Version: 1.00.16.01)
Launch Manager
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Carioca Rummy (Version: 1.0.047)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft IntelliType Pro 5.2 (Version: 5.20.413.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Works (Version: 08.05.0818)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
neroxml (Version: 1.0.0)
Open It! (Version: 1.1.1)
Paragon HFS+ for Windows™ 9.1 (Version: 1.00)
QuickTime (Version: 7.70.80.34)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.17.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5628)
Safari (Version: 5.34.57.2)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.187)
Synaptics Pointing Device Driver (Version: 11.1.4.0)
SySaver (HKCU Version: 2)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Zip Opener
VCRedistSetup (Version: 1.0.0)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
WiseFixer 3.2 (Version: 3.2)
Zip Opener Packages

==================== Restore Points  =========================

18-10-2013 01:23:04 System Checkpoint
19-10-2013 18:46:05 System Checkpoint
22-10-2013 00:50:05 System Checkpoint
23-10-2013 02:28:09 avast! antivirus system restore point
24-10-2013 03:46:43 System Checkpoint
26-10-2013 21:41:43 System Checkpoint
28-10-2013 00:45:41 System Checkpoint
30-10-2013 23:18:53 System Checkpoint
31-10-2013 03:45:37 Installed iTunes
07-11-2013 03:51:48 System Checkpoint
09-11-2013 01:39:23 System Checkpoint
11-11-2013 01:00:12 Installed Safari
11-11-2013 01:01:21 Removed Safari
18-11-2013 02:53:03 System Checkpoint
19-11-2013 00:02:50 Software Distribution Service 3.0
23-11-2013 04:24:59 System Checkpoint
06-12-2013 01:58:57 System Checkpoint

==================== Hosts content: ==========================

2008-04-14 22:00 - 2013-10-20 21:40 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-05 19:04 - 2013-12-05 06:11 - 02150912 _____ () C:\Program Files\AVAST Software\Avast\defs\13120500\algo.dll
2013-12-09 18:19 - 2013-12-09 17:06 - 02152448 _____ () C:\Program Files\AVAST Software\Avast\defs\13120902\algo.dll
2008-12-28 04:01 - 2007-04-06 01:56 - 00356352 _____ () C:\Acer\Empowering Technology\eRecovery\it41.dll
2008-12-28 04:01 - 2006-01-12 09:33 - 00212992 _____ () C:\Acer\Empowering Technology\eRecovery\imagefile.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-17 19:55 - 2013-11-17 19:55 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll
2013-11-17 19:56 - 2013-11-17 19:55 - 00142360 _____ () C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll
2013-10-22 21:28 - 2013-10-22 21:28 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2013 11:08:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8140

Error: (12/05/2013 11:08:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8140

Error: (12/05/2013 11:08:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/05/2013 11:08:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6062

Error: (12/05/2013 11:08:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6062

Error: (12/05/2013 11:08:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/05/2013 11:08:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4000

Error: (12/05/2013 11:08:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4000

Error: (12/05/2013 11:08:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/05/2013 11:08:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2047

System errors:
=============
Error: (12/09/2013 06:17:41 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.104 on the
Network Card with network address 00226984C619.

Error: (11/24/2013 07:08:47 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.104 on the
Network Card with network address 00226984C619.

Error: (11/18/2013 11:00:01 PM) (Source: System Error) (User: )
Description: Error code 00000077, parameter1 00000001, parameter2 74c0850c, parameter3 00000000, parameter4 a97c4cbc.

Error: (11/17/2013 07:54:51 PM) (Source: System Error) (User: )
Description: Error code 00000024, parameter1 001902fe, parameter2 f7cda948, parameter3 f7cda644, parameter4 f765cae8.

Error: (11/09/2013 11:09:03 AM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_015B1025&REV_00\4&2f707902&0&04E3) disappeared from the system without first being prepared for removal.

Error: (11/09/2013 11:09:03 AM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_015B1025&REV_00\4&2f707902&0&03E3) disappeared from the system without first being prepared for removal.

Error: (11/09/2013 11:09:03 AM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_015B1025&REV_00\4&2f707902&0&02E3) disappeared from the system without first being prepared for removal.

Error: (11/09/2013 11:09:03 AM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_015B1025&REV_00\4&2f707902&0&00E3) disappeared from the system without first being prepared for removal.

Error: (11/09/2013 11:04:22 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (11/08/2013 07:56:00 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_015B1025&REV_00\4&2f707902&0&04E3) disappeared from the system without first being prepared for removal.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 1011.88 MB
Available physical RAM: 475.84 MB
Total Pagefile: 2427.39 MB
Available Pagefile: 1944.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.76 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:106.91 GB) (Free:0.74 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Seagate Backup Plus Drive) (Fixed) (Total:931.19 GB) (Free:856.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 112 GB) (Disk ID: 11A8BA38)
Partition 1: (Not Active) - (Size=5 GB) - (Type=12)
Partition 2: (Active) - (Size=107 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: BDA16AD8)

Partition: GPT Partition Type
==================== End Of Log ============================



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:47 PM

Posted 09 December 2013 - 07:10 PM

I don't see anything of concern there. How is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 willlig

willlig
  • Topic Starter

  • Members
  • 401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 09 December 2013 - 10:34 PM

Maybe a bit slow. Today it took about 20 seconds for my web based email program yo open from Google.       


Edited by willlig, 09 December 2013 - 10:36 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:47 PM

Posted 09 December 2013 - 11:38 PM

OK, please run this.

===================================================

OTL

--------------------
  • Please download OTL and save it to your desktop
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Copy and paste the two reports in your next reply.

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • OTL logs (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 willlig

willlig
  • Topic Starter

  • Members
  • 401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 10 December 2013 - 10:21 PM

OTL logfile created on: 12/10/2013 10:01:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Dorinne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1011.88 Mb Total Physical Memory | 355.04 Mb Available Physical Memory | 35.09% Memory free
2.37 Gb Paging File | 1.77 Gb Available in Paging File | 74.84% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.91 Gb Total Space | 0.47 Gb Free Space | 0.44% Space Free | Partition Type: NTFS
Drive D: | 931.19 Gb Total Space | 856.46 Gb Free Space | 91.97% Space Free | Partition Type: NTFS
 
Computer Name: DWCACER | User Name: Dorinne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/10 22:00:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dorinne\Desktop\OTL.exe
PRC - [2013/12/10 21:53:44 | 002,471,448 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/12/10 21:53:38 | 001,771,544 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
PRC - [2013/12/10 21:53:33 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
PRC - [2013/11/01 19:33:55 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Dorinne\Local Settings\temp\RtkBtMnt.exe
PRC - [2013/10/22 21:31:50 | 003,567,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2013/10/22 21:28:43 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/08/31 11:57:09 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
PRC - [2013/07/26 00:31:44 | 000,064,720 | ---- | M] () -- C:\Program Files\Paragon Software\HFS+ for Windows  9.1\apmwinsrv.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
PRC - [2008/05/22 15:30:16 | 000,425,984 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2008/05/13 22:14:34 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/10 21:53:49 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll
MOD - [2013/12/10 21:53:44 | 002,471,448 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/12/10 21:53:33 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
MOD - [2013/12/10 16:40:19 | 002,152,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13121001\algo.dll
MOD - [2013/12/09 17:06:41 | 002,152,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13120902\algo.dll
MOD - [2013/10/22 21:28:46 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/07/26 00:31:44 | 000,064,720 | ---- | M] () -- C:\Program Files\Paragon Software\HFS+ for Windows  9.1\apmwinsrv.exe
MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/14 22:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 22:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/04/06 01:56:30 | 000,356,352 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll
MOD - [2006/01/12 09:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/12/10 21:53:38 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
SRV - [2013/11/18 23:03:56 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/22 21:28:43 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/08/31 11:57:09 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/07/26 00:31:44 | 000,064,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Paragon Software\HFS+ for Windows  9.1\apmwinsrv.exe -- (apmwinsrv)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2007/01/04 21:48:52 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/11/17 19:55:32 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/11/08 19:52:07 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2013/10/22 21:28:47 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/10/22 21:28:47 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/10/22 21:28:47 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/10/22 21:28:47 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/10/22 21:28:47 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/10/22 21:28:47 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/10/22 21:28:47 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/07/26 00:31:44 | 000,169,168 | ---- | M] (Paragon Software Group) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hfsplus.sys -- (Hfsplus)
DRV - [2013/07/26 00:31:44 | 000,044,624 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gpt_loader.sys -- (gpt_loader)
DRV - [2013/07/26 00:31:44 | 000,042,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\apmwin.sys -- (apmwin)
DRV - [2013/07/26 00:31:44 | 000,033,488 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mounthlp.sys -- (mounthlp)
DRV - [2013/07/26 00:31:44 | 000,014,544 | ---- | M] (Paragon Software Group) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\hfsplusrec.sys -- (HfsplusRec)
DRV - [2011/04/13 14:02:36 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2008/07/07 20:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/06/30 22:27:44 | 000,108,800 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/05/20 19:31:26 | 001,312,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/05/20 04:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/05/05 15:01:02 | 000,254,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
IE - HKU\S-1-5-21-3694143550-3995696074-1286615016-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-3694143550-3995696074-1286615016-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3694143550-3995696074-1286615016-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3694143550-3995696074-1286615016-1006\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-3694143550-3995696074-1286615016-1006\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={5DCB1D32-7807-484C-8AF1-323FC76DA9AF}&mid=Unknown&lang=en&ds=co011&pr=sa&d=2013-09-05 21:52:30&v=15.6.1.2&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3694143550-3995696074-1286615016-1006\..\SearchScopes\{9B23781A-C58C-4C9F-BF13-3BB02BD6DA36}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3694143550-3995696074-1286615016-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3694143550-3995696074-1286615016-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38 [2013/12/10 21:56:31 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: AVG SafeGuard = C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.1.12_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/10/20 21:40:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKU\S-1-5-21-3694143550-3995696074-1286615016-1006\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\08b52326-db1e-4d1a-b8da-e1b40b3fcda0.exe (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3694143550-3995696074-1286615016-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3694143550-3995696074-1286615016-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3694143550-3995696074-1286615016-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1375839964390 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1873E8E3-60C0-460E-8A19-618EC259D48B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 12:37:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/07/16 17:31:30 | 000,000,032 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/10 22:00:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dorinne\Desktop\OTL.exe
[2013/12/09 23:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/12/09 23:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/12/09 23:14:03 | 001,551,008 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Dorinne\Desktop\SkypeSetup.exe
[2013/12/09 18:21:45 | 001,060,641 | ---- | C] (Farbar) -- C:\Documents and Settings\Dorinne\Desktop\FRST.exe
[2013/11/17 19:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/10 22:01:08 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/10 22:00:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dorinne\Desktop\OTL.exe
[2013/12/10 21:56:52 | 000,784,834 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/10 21:56:52 | 000,228,776 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/10 21:51:26 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/10 21:50:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/10 21:50:52 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/09 23:41:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/09 23:36:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/09 23:25:13 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/09 23:16:26 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/12/09 23:14:08 | 001,551,008 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Dorinne\Desktop\SkypeSetup.exe
[2013/12/09 18:21:49 | 001,060,641 | ---- | M] (Farbar) -- C:\Documents and Settings\Dorinne\Desktop\FRST.exe
[2013/12/05 19:42:07 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/11/18 23:03:54 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/11/18 23:03:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/11/18 19:11:35 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/11/17 19:55:32 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
 
========== Files Created - No Company Name ==========
 
[2013/12/09 23:16:26 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/11/17 19:57:35 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/10/22 21:28:55 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/10/22 21:28:55 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/10/20 21:10:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/10/20 21:10:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/10/20 21:10:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/10/20 21:10:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/10/20 21:10:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/10/17 21:30:50 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/10/15 23:06:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dorinne\Application Data\wklnhst.dat
[2013/09/22 21:30:07 | 000,055,340 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/09/01 10:30:28 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Dorinne\Application Data\WB.CFG
[2013/09/01 10:30:28 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Dorinne\Application Data\WBPU-TTL.DAT
[2013/08/31 12:37:02 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/08/31 12:37:02 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
[2012/02/16 23:42:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/11/07 20:08:44 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Dorinne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/27 14:21:43 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Dorinne\.rnd
 
========== ZeroAccess Check ==========
 
[2008/08/15 12:44:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 22:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 22:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

 

 

 

OTL Extras logfile created on: 12/10/2013 10:01:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Dorinne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1011.88 Mb Total Physical Memory | 355.04 Mb Available Physical Memory | 35.09% Memory free
2.37 Gb Paging File | 1.77 Gb Available in Paging File | 74.84% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.91 Gb Total Space | 0.47 Gb Free Space | 0.44% Space Free | Partition Type: NTFS
Drive D: | 931.19 Gb Total Space | 856.46 Gb Free Space | 91.97% Space Free | Partition Type: NTFS
 
Computer Name: DWCACER | User Name: Dorinne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3694143550-3995696074-1286615016-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\Dorinne\Local Settings\temp\7zS3.tmp\SymNRT.exe" = C:\Documents and Settings\Dorinne\Local Settings\temp\7zS3.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype  -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{456534C0-51E7-11DF-B336-005056C00008}" = Paragon HFS+ for Windows™ 9.1
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = Acer Crystal Eye webcam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{900C2AB5-3F37-4F84-B58C-893FA5F42D7D}_is1" = WiseFixer 3.2
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{924CCB82-8E0A-4123-B33B-AFDDCF0AFC8F}" = Microsoft Carioca Rummy
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8EBB0DE-5655-4D32-99E1-9447E702A89F}" = iTunes
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F7952CA2-A925-4CA1-A934-A46E8EC9CA18}" = Acer Crystal Eye Webcam 1.0.1.3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avast" = avast! Free Antivirus
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Flash Player Pro_is1" = Flash Player Pro V5.4
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hoyle Board Games 3" = Hoyle Board Games 3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenIt Open It!" = Open It!
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3694143550-3995696074-1286615016-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DSite" = Update for Zip Opener
"SySaver" = SySaver
"Zip Opener Packages" = Zip Opener Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/9/2013 8:28:31 PM | Computer Name = DWCACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4485
 
Error - 12/9/2013 8:28:31 PM | Computer Name = DWCACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4485
 
Error - 12/9/2013 8:28:33 PM | Computer Name = DWCACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/9/2013 8:28:33 PM | Computer Name = DWCACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6532
 
Error - 12/9/2013 8:28:33 PM | Computer Name = DWCACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6532
 
Error - 12/9/2013 8:28:35 PM | Computer Name = DWCACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/9/2013 8:28:35 PM | Computer Name = DWCACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8563
 
Error - 12/9/2013 8:28:35 PM | Computer Name = DWCACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8563
 
Error - 12/10/2013 10:56:47 PM | Computer Name = DWCACER | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when  process Performance extension counter provider. BaseIndex value from Performance
registry
 is the first DWORD in Data section, LastCounter value is the second  DWORD in Data
 section, and LastHelp value is the third DWORD in Data section.
 
Error - 12/10/2013 10:56:47 PM | Computer Name = DWCACER | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The  Error code is the first DWORD in Data section.
 
[ System Events ]
Error - 11/8/2013 8:56:00 PM | Computer Name = DWCACER | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_015B1025&REV_00\4&2f707902&0&04E3)
 disappeared from the system without first being prepared for removal.
 
Error - 11/9/2013 12:04:22 PM | Computer Name = DWCACER | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
 while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring
 the volume.
 
Error - 11/9/2013 12:09:03 PM | Computer Name = DWCACER | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_015B1025&REV_00\4&2f707902&0&00E3)
 disappeared from the system without first being prepared for removal.
 
Error - 11/9/2013 12:09:03 PM | Computer Name = DWCACER | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_015B1025&REV_00\4&2f707902&0&02E3)
 disappeared from the system without first being prepared for removal.
 
Error - 11/9/2013 12:09:03 PM | Computer Name = DWCACER | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_015B1025&REV_00\4&2f707902&0&03E3)
 disappeared from the system without first being prepared for removal.
 
Error - 11/9/2013 12:09:03 PM | Computer Name = DWCACER | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_015B1025&REV_00\4&2f707902&0&04E3)
 disappeared from the system without first being prepared for removal.
 
Error - 11/17/2013 8:54:51 PM | Computer Name = DWCACER | Source = System Error | ID = 1003
Description = Error code 00000024, parameter1 001902fe, parameter2 f7cda948, parameter3
 f7cda644, parameter4 f765cae8.
 
Error - 11/19/2013 12:00:01 AM | Computer Name = DWCACER | Source = System Error | ID = 1003
Description = Error code 00000077, parameter1 00000001, parameter2 74c0850c, parameter3
 00000000, parameter4 a97c4cbc.
 
Error - 11/24/2013 8:08:47 PM | Computer Name = DWCACER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.104 on
 the  Network Card with network address 00226984C619.
 
Error - 12/9/2013 7:17:41 PM | Computer Name = DWCACER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.104 on
 the  Network Card with network address 00226984C619.
 
 
< End of report >
 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:47 PM

Posted 10 December 2013 - 10:51 PM

Hi Will,

Everything looks fine. To be honest I am surprised your computer runs at all. This is far too little available hard drive space for an operating system to run effectively. 
 

Drive C: | 106.91 Gb Total Space | 0.47 Gb Free Space | 0.44% Space Free | Partition Type: NTFS

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users