[monkeyboyblues]

Have a Dell Lattitude D620

Running XP.

 

Thank you for your help.

[Advertisements]

Hi monkeyboyblues,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• Please read all of my response through at least once before attempting to follow the procedures described.  I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.  If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
• Posts that are not replied to in four (4) days will result in the topic being closed.   We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.  All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.  If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.  Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.  Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

- Save ALL Tools to your Desktop-

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab.  Thank you.

Let's get started....
 

 

Not much to go on so far.  Can you read through the steps here ( http://www.geekstogo...cleaning-guide/) and provide the FRST.txt and Addition.txt logs please?

[dbreeze]

Hi monkeyboyblues,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• Please read all of my response through at least once before attempting to follow the procedures described.  I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.  If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
• Posts that are not replied to in four (4) days will result in the topic being closed.   We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.  All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.  If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.  Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.  Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

- Save ALL Tools to your Desktop-

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab.  Thank you.

Let's get started....
 

 

Not much to go on so far.  Can you read through the steps here ( http://www.geekstogo...cleaning-guide/) and provide the FRST.txt and Addition.txt logs please?

[monkeyboyblues]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2016
Ran by Administrator (administrator) on LATITUDED620 (07-07-2016 13:25:10)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(FileHippo.com) C:\Program Files\FileHippo.com\UpdateChecker.exe
(FUJIFILM Corporation) C:\Program Files\FinePixViewer\QuickDCF2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [REGSHAVE] => C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NVHotkey] => rundll32.exe nvHotkey.dll,Start
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-05-11] (Hewlett-Packard Co.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2498560 2010-10-29] (Dell Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-11] (AVAST Software)
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\zalmaninstaller_52330\otshotcomponent39.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\zalmaninstaller_52330\otshotcomponent39.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\zalmaninstaller_52330\otshotcomponent39.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\zalmaninstaller_52330\otshotcomponent39.exe <====== ATTENTION
HKU\S-1-5-21-515967899-1604221776-1417001333-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-515967899-1604221776-1417001333-500\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-515967899-1604221776-1417001333-500\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-515967899-1604221776-1417001333-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-01-28] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk [2011-09-29]
ShortcutTarget: ExifLauncher2.lnk -> C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-10-04]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 4.2.2.2
Tcpip\..\Interfaces\{3D27322F-F708-4BD9-BFB0-B4DBBD8B4353}: [DhcpNameServer] 192.168.1.1 192.168.0.1
Tcpip\..\Interfaces\{9C365071-9F7B-41CF-AA92-AF6A97F3D08C}: [DhcpNameServer] 8.8.8.8 4.2.2.2

Internet Explorer:
==================
HKU\S-1-5-21-515967899-1604221776-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-28] (AVAST Software)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-28] (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Homepage: hxxps://ixquick.com/
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_207.dll [2016-07-05] ()
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll [2011-06-07] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2003-07-14] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\searchplugins\startpage-https.xml [2014-01-19]
FF Extension: Video DownloadHelper - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-07-05]
FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-07-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-07-06] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-07-06] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-28] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-10-20] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-28]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-28]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-28]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-28]
CHR Extension: (Store) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-28]
CHR Extension: (Store) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-01-28]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-28]
CHR HKLM\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-28]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-28] (AVAST Software)
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2232320 2010-10-29] (Dell Inc.) [File not signed]
S2 XAudioService; C:\WINDOWS\system32\DRIVERS\xaudio.exe [386560 2006-08-04] (Conexant Systems, Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-02-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-28] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-19] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-28] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-28] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-28] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-19] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2649216 2010-10-29] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys [986624 2006-10-18] (Conexant Systems, Inc.) [File not signed]
R3 HSXHWAZL; C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys [206848 2006-10-18] (Conexant Systems, Inc.) [File not signed]
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-19] (Conexant) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 PCX500; C:\WINDOWS\System32\DRIVERS\pcx500.sys [169984 2008-04-13] (Cisco Systems)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [659968 2006-10-18] (Conexant Systems, Inc.) [File not signed]
R2 XAudio; C:\WINDOWS\System32\DRIVERS\xaudio.sys [8192 2006-08-04] (Conexant Systems, Inc.) [File not signed]
S4 IntelIde; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-07 13:25 - 2016-07-07 13:26 - 00027384 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-07-07 13:25 - 2016-07-07 13:25 - 00000000 ____D C:\FRST
2016-07-07 13:24 - 2016-07-07 13:24 - 01740288 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2016-07-06 10:00 - 2016-07-06 13:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-06 09:39 - 2016-07-06 19:16 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-06 09:38 - 2016-07-06 09:38 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-06 09:37 - 2016-07-06 09:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-06 09:37 - 2016-07-06 09:37 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-06 09:37 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-04 10:38 - 2016-07-04 10:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\iolo
2016-07-04 10:38 - 2016-07-04 10:45 - 00065536 _____ C:\WINDOWS\system32\config\iolo App.evt
2016-07-04 10:38 - 2016-07-04 10:38 - 00074703 _____ C:\WINDOWS\system32\mfc45.dat
2016-07-04 10:38 - 2016-07-04 10:38 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\iolo
2016-06-28 20:30 - 2016-06-28 20:30 - 01785094 _____ C:\Documents and Settings\Administrator\Desktop\IMSLP26217-PMLP01595-Beethoven_-_Symphony_No6_in_F_Major_Op68_Pastoral__cello-part_a.pdf
2016-06-28 16:38 - 2016-06-28 16:38 - 00001049 _____ C:\Documents and Settings\Administrator\Desktop\Audio1.nra
2016-06-26 16:40 - 2016-06-26 16:40 - 00400896 _____ C:\Documents and Settings\Administrator\Desktop\CD Cover.zdp
2016-06-22 09:20 - 2016-06-22 09:22 - 16821402 _____ C:\Documents and Settings\Administrator\Desktop\Allison & Guilty.zip
2016-06-18 23:05 - 2016-06-18 23:05 - 02125004 _____ C:\Documents and Settings\Administrator\Desktop\Bach Chorale #65.mp4
2016-06-17 12:26 - 2016-06-18 11:29 - 00050062 _____ C:\Documents and Settings\Administrator\Desktop\Rhythmic Exercise in 3 parts.mus
2016-06-17 09:34 - 2016-06-16 23:19 - 00049278 _____ C:\Documents and Settings\Administrator\Desktop\Sight Singing Intonation Exercise #59.mus
2016-06-16 12:26 - 2016-06-16 12:26 - 11042860 _____ C:\Documents and Settings\Administrator\Desktop\Bach Chorale #65.wav
2016-06-16 10:16 - 2016-06-16 11:46 - 00049190 _____ C:\Documents and Settings\Administrator\Desktop\3rd species counterpoint.mus

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-07 13:26 - 2011-04-15 15:06 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-07-07 13:25 - 2014-01-19 13:46 - 00000378 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-07-07 13:20 - 2014-04-20 17:45 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-07 13:20 - 2011-04-15 15:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-07 13:17 - 2011-04-15 15:06 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-07-07 13:14 - 2014-04-20 17:45 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-07 12:55 - 2011-04-15 15:06 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-07-07 12:41 - 2013-09-07 01:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-07 11:57 - 2012-08-30 18:32 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-07-06 20:12 - 2011-04-15 15:06 - 00032480 _____ C:\WINDOWS\SchedLgU.Txt
2016-07-06 19:15 - 2012-05-23 10:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-06 10:55 - 2013-10-20 18:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330
2016-07-06 09:38 - 2012-06-30 16:14 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2016-07-06 09:37 - 2012-06-30 16:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2016-07-06 09:37 - 2012-06-30 16:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2016-07-06 09:37 - 2012-06-30 16:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-07-05 15:52 - 2012-05-16 19:13 - 00000000 ____D C:\Documents and Settings\Administrator\dwhelper
2016-07-05 09:44 - 2012-07-10 15:25 - 00800448 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-07-05 09:44 - 2011-11-18 11:32 - 00143040 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-07-05 09:44 - 2011-04-15 14:59 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-04 21:52 - 2011-10-05 18:30 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
2016-07-04 14:36 - 2011-11-17 00:27 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2016-07-04 14:34 - 2014-01-28 17:13 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2016-07-04 13:59 - 2011-11-14 22:23 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-04 13:59 - 2011-04-15 16:14 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2016-07-04 10:44 - 2011-04-15 15:26 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2016-07-04 10:44 - 2011-04-15 09:41 - 00000000 ____D C:\WINDOWS\Help
2016-07-03 10:15 - 2015-08-15 14:21 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Solutions for Creditors
2016-07-01 10:16 - 2011-04-15 09:50 - 00578438 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-01 10:09 - 2008-04-14 08:00 - 00001374 _____ C:\WINDOWS\system32\wpa.dbl
2016-06-26 18:20 - 2012-06-30 18:29 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Audacity
2016-06-22 09:23 - 2011-04-15 15:06 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Music
2016-06-18 23:05 - 2012-05-18 18:51 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\ConverterLite

==================== Files in the root of some directories =======

2012-05-16 19:21 - 2014-04-01 17:11 - 0019968 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-13 21:12 - 2012-08-13 21:12 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2013-07-10 23:15 - 2013-11-16 15:15 - 0019472 __RSH () C:\Documents and Settings\All Users\Application Data\3002.abs
2013-07-10 23:15 - 2014-03-18 17:12 - 0000100 __RSH () C:\Documents and Settings\All Users\Application Data\3002.xml
2011-10-04 11:17 - 2012-08-13 21:22 - 0002399 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-07-2016
Ran by Administrator (2016-07-07 13:28:10)
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-04-15 19:02:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-515967899-1604221776-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-515967899-1604221776-1417001333-1003 - Limited - Enabled)
Guest (S-1-5-21-515967899-1604221776-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-515967899-1604221776-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-515967899-1604221776-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Out of date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5600 (Version: 50.0.206.000 - Hewlett-Packard) Hidden
5600_Help (Version: 50.0.206.000 - Hewlett-Packard) Hidden
5600Trb (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.61 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.207 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AiO_Scan (Version: 50.0.206.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Audacity 2.0 (HKLM\...\Audacity_is1) (Version:  - Audacity Team)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
Avery DesignPro (HKLM\...\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}) (Version:  - )
Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.22.11 - Broadcom Corporation)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
ConverterLite 1.4.0 (HKLM\...\ConverterLite) (Version: 1.4.0 - ConverterLite)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DeviceFunctionQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 5.2.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DocumentViewerQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.18.47 - Dell Inc.)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
EZdrummer (HKLM\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.3.0 - Toontrack)
EZXCocktail (HKLM\...\{147567F0-8575-4BE0-B5B3-62706C67FA5A}) (Version: 1.2.4 - Toontrack)
Fax (Version: 50.0.206.000 - Hewlett-Packard) Hidden
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
Finale NotePad 2012 (HKLM\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
FinePix Studio (HKLM\...\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}) (Version:  - )
FinePixViewer Resource (HKLM\...\{B44529FF-501E-47CD-A06D-223C161BE058}) (Version: 1.2 - FUJIFILM Corporation)
FinePixViewer Ver.5.4 (HKLM\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.4 - FUJIFILM Corporation)
FinePrint (HKLM\...\FinePrint) (Version: 7.04 - FinePrint Software, LLC)
FUJIFILM USB Driver (HKLM\...\{5490882C-6961-11D5-BAE5-00E0188E010B}) (Version:  - )
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HP Document Viewer 5.3 (HKLM\...\HP Document Viewer) (Version: 5.3 - HP)
HP Extended Capabilities 5.3 (HKLM\...\HPExtendedCapabilities) (Version: 5.3 - HP)
HP Image Zone Express (HKLM\...\{FE64AE29-0883-4C70-8388-DC026019C900}) (Version: 1.5.1.29 - Hewlett-Packard)
HP Imaging Device Functions 5.3 (HKLM\...\HP Imaging Device Functions) (Version: 5.3 - HP)
HP PSC & OfficeJet 5.3.B (HKLM\...\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}) (Version:  - HP)
HP Solution Center & Imaging Support Tools 5.3 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 5.3 - HP)
HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden
I-Doser Free (HKLM\...\I-Doser) (Version: 5.0 - I-Doser.com)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Midisport 1x1 1.0.1.0 (HKLM\...\MidiSport1x1) (Version:  - )
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version:  - )
NetAssistant (Version: 3.6.5 - Freeze.com) Hidden
NetAssistant for Firefox (HKU\S-1-5-21-515967899-1604221776-1417001333-500\...\NetAssistant 3.6.5) (Version: 3.6.5 - Freeze.com)
NewCopy (Version: 50.0.206.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OZ776 SCR Driver V1.1.4.202 (HKLM\...\InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}) (Version: 1.1.4.202 - O2Micro)
OZ776 SCR Driver V1.1.4.202 (Version: 1.1.4.202 - O2Micro) Hidden
PanoStandAlone (Version: 53.0.13.000 - Hewlett-Packard) Hidden
ProductContext (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Readme (Version: 50.0.206.000 - Hewlett-Packard) Hidden
saveansHare (HKLM\...\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}) (Version: 2.3.0.1859 - savensHaore) <==== ATTENTION
Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 5.2.0.0 - Hewlett-Packard) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden
Status (Version: 53.0.13.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toontrack solo (HKLM\...\{5866520C-8857-4986-833A-039F4584C3F7}) (Version: 1.3.1 - Toontrack)
TrayApp (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Unload (Version: 5.0.0 - Hewlett-Packard) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
ZSMC USB PC Camera (ZS211) (HKLM\...\{44D02D8B-FFB3-4245-8D26-68D10B4C4023}) (Version: 2007.07.05 - ZSMC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-04-15 16:18 - 2010-10-29 10:14 - 00025088 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2011-04-15 16:18 - 2010-10-29 10:14 - 00761856 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2014-07-03 16:00 - 2014-07-03 15:03 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070301\algo.dll
2011-04-15 16:18 - 2010-10-29 10:14 - 00143360 _____ () C:\WINDOWS\system32\preflib.dll
2014-01-19 13:42 - 2014-01-19 13:42 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-09-29 15:12 - 2007-02-16 20:01 - 00081920 _____ () C:\Program Files\FinePixViewer\wia_register_event.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 01288192 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 [127]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:80337C03 [124]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 [109]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 08:00 - 2014-01-19 12:27 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515967899-1604221776-1417001333-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 8.8.8.8 - 4.2.2.2
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe] => Enabled:hpqcopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe] => Enabled:hpfccopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe] => Enabled:hpqphunl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe] => Enabled:hpqdia.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dmwu.exe] => Enabled:dmwu
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

==================== Restore Points =========================

11-04-2016 14:39:23 System Checkpoint
22-04-2016 19:05:33 System Checkpoint
23-04-2016 19:30:00 System Checkpoint
26-04-2016 13:51:22 System Checkpoint
27-04-2016 19:15:05 System Checkpoint
29-04-2016 21:13:56 System Checkpoint
11-05-2016 13:18:03 System Checkpoint
20-05-2016 10:11:20 System Checkpoint
26-05-2016 12:11:47 System Checkpoint
28-05-2016 19:42:45 System Checkpoint
31-05-2016 11:37:39 System Checkpoint
04-06-2016 14:07:04 System Checkpoint
06-06-2016 16:31:12 System Checkpoint
08-06-2016 19:54:37 System Checkpoint
15-06-2016 09:57:58 System Checkpoint
16-06-2016 11:16:47 System Checkpoint
17-06-2016 11:42:27 System Checkpoint
26-06-2016 15:16:39 System Checkpoint
28-06-2016 10:22:15 System Checkpoint
29-06-2016 21:56:28 System Checkpoint
02-07-2016 21:44:04 System Checkpoint
03-07-2016 21:57:17 System Checkpoint
06-07-2016 19:54:51 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2016 01:53:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 2.3.173.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/06/2016 01:52:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 2.3.173.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/04/2016 01:56:34 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/04/2016 01:56:34 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/04/2016 01:54:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 31.0.0.5294, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/04/2016 01:44:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 31.0.0.5294, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/04/2016 11:18:14 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/04/2016 11:18:14 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/04/2016 10:02:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/16/2016 09:23:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Finale NotePad.exe, version 2012.0.4.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (07/07/2016 09:16:18 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll.
Reference error message: The operation completed successfully.
.

Error: (07/07/2016 09:16:18 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Avast.VC140.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (07/07/2016 09:16:18 AM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (07/07/2016 09:08:44 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 172.16.0.22 for the Network Card with network address 0016CF6B0602 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/07/2016 09:08:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XAudioService service failed to start due to the following error:
%%193

Error: (07/06/2016 09:35:14 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll.
Reference error message: The operation completed successfully.
.

Error: (07/06/2016 09:35:14 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Avast.VC140.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (07/06/2016 09:35:14 AM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (07/06/2016 09:30:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XAudioService service failed to start due to the following error:
%%193

Error: (07/05/2016 01:39:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XAudioService service failed to start due to the following error:
%%193


==================== Memory info ===========================

Processor: Genuine Intel® CPU T2400 @ 1.83GHz
Percentage of memory in use: 65%
Total physical RAM: 1014.11 MB
Available physical RAM: 352.02 MB
Total Virtual: 2963.14 MB
Available Virtual: 2397.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:42.71 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: BFFFBFFF)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[dbreeze]

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

saveansHare
NetAssistant for Firefox

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope value is missing
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Session Restore: -> is enabled.
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\searchplugins\startpage-https.xml [2014-01-19]
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\searchplugins\startpage-https.xml
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-10-20] <==== ATTENTION
CHR Extension: (Store) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-28]
CHR Extension: (Store) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-01-28]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]
S4 IntelIde; no ImagePath
C:\Documents and Settings\Administrator\Local Settings\Temp\vlc-2.1.3-win32.exe
NetAssistant (Version: 3.6.5 - Freeze.com) Hidden
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 [127]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:80337C03 [124]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 [109]
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.



If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


LAST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.
 

 

[monkeyboyblues]

Fix result of Farbar Recovery Scan Tool (x86) Version: 09-07-2016
Ran by Administrator (2016-07-09 12:24:11) Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope value is missing
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Session Restore: -> is enabled.
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\searchplugins\startpage-https.xml [2014-01-19]
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\searchplugins\startpage-https.xml
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-10-20] <==== ATTENTION
CHR Extension: (Store) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-28]
CHR Extension: (Store) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-01-28]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]
S4 IntelIde; no ImagePath
C:\Documents and Settings\Administrator\Local Settings\Temp\vlc-2.1.3-win32.exe
NetAssistant (Version: 3.6.5 - Freeze.com) Hidden
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 [127]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:80337C03 [124]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 [109]
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
Firefox DefaultSearchEngine removed successfully.
Firefox SelectedSearchEngine removed successfully.
FF Session Restore: -> removed successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\searchplugins\startpage-https.xml => moved successfully
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\searchplugins\startpage-https.xml" => not found.
C:\Program Files\mozilla firefox\firefox.cfg => moved successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => moved successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
IntelIde => service removed successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\vlc-2.1.3-win32.exe => moved successfully
C:\Documents and Settings\All Users\Application Data\TEMP => ":430C6D84" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\TEMP => ":80337C03" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\TEMP => ":DFC5A2B2" ADS removed successfully..

=========  ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


=========  netsh advfirewall reset =========

The following command was not found: advfirewall reset.

========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

The following command was not found: advfirewall set allprofiles state on.

========= End of CMD: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========


=========  bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-515967899-1604221776-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-515967899-1604221776-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 13552 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 139841 B
Java, Flash, Steam htmlcache => 1237 B
Windows/system/dllcache/drivers => 10745482 B
Edge => 0 B
Chrome => 7369236 B
Firefox => 377848344 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default User => 32994 B
All Users => 0 B
systemprofile => 32994 B
LocalService => 977 B
NetworkService => 76364 B
Administrator => 2926310440 B

RecycleBin => 615158998 B
EmptyTemp: => 3.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:33:40 ====

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Microsoft Windows XP x86
Ran by Administrator (Administrator) on Sat 07/09/2016 at 12:41:33.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 9

Successfully deleted: C:\user.js (File)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\A4JHW1EB (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NBCU8S57 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NMSPKGKF (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UDBDMCSK (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A4JHW1EB (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NBCU8S57 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NMSPKGKF (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UDBDMCSK (Temporary Internet Files Folder)

Deleted the following from C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\prefs.js
user_pref(CT2704262.RSSapp2704262a129531303481232105000000cat3, %5B%7B%22type%22%3A%22rss%22%2C%22version%22%3A%222.0%22%2C%22title%22%3A%22TechCrunch%22%2C%22link%22%3A%22
user_pref(browser.startup.homepage, hxxps://ixquick.com/);
user_pref(valueApps.storage.mam_gk_userId, 30626635623362332D666438662D346261352D613931352D636661653566316335373339);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/09/2016 at 12:48:06.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[dbreeze]

FIRST >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:


Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this


On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt


Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


SECOND >>>>

Malwarebytes' Anti-Malware
Please start Malwarebytes' Anti-Malware from either the desktop shortcut or the START menu shortcut.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link


Once the program has loaded and updated, select "Scan Now >>" to start the scan.


The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.


If any malware is found, make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
The report screen will open.
At the bottom click on Export and select as txt file, save the file to your desktop and click OK.  When the export is complete, select OPEN.
The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.
 
 
 
How is your system running now?
 
Did you ever have CryptoPrevent installed on this system?

[monkeyboyblues]

Nothing found on Adware Cleaner of Malware Bytes.

Internet is running pretty good now thanks.

 

The only issue is the long lag when bringing up the Shut Down Menu.

And the long lag when shutting down the computer.

[dbreeze]

Let's take a look at some things that could be affecting that system lag:

 

FIRST >>>>

Please download Farbar Service Scanner to your desktop and double click on the file to run it.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

 

 

 

SECOND >>>>

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

• Flush DNS
• Report IE Proxy Settings
• Report FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices [ Only Problems / No Driver / All ]
• List Users, Partitions and Memory size.
• List Minidump Files
• List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


 

 

[monkeyboyblues]

Farbar Service Scanner Version: 27-01-2016
Ran by Administrator (administrator) on 14-07-2016 at 11:19:15
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Administrator (administrator) on 14-07-2016 at 11:21:11
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Model: Latitude D620 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Dell Wireless 1490 Dual Band WLAN Mini-Card = Wireless Network Connection 4 (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 4"

set address name="Wireless Network Connection 4" source=dhcp
set dns name="Wireless Network Connection 4" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 4" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : latituded620

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

        Physical Address. . . . . . . . . : 00-15-C5-53-31-2A



Ethernet adapter Wireless Network Connection 4:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Dell Wireless 1490 Dual Band WLAN Mini-Card

        Physical Address. . . . . . . . . : 00-16-CF-6B-06-02

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.153

        Subnet Mask . . . . . . . . . . . : 255.255.252.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 8.8.8.8

                                            4.2.2.2

        Lease Obtained. . . . . . . . . . : Thursday, July 14, 2016 11:03:12 AM

        Lease Expires . . . . . . . . . . : Thursday, July 14, 2016 12:03:12 PM

Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    google.com
Address:  172.217.4.78



Pinging google.com [172.217.4.78] with 32 bytes of data:



Reply from 172.217.4.78: bytes=32 time=12ms TTL=55

Reply from 172.217.4.78: bytes=32 time=12ms TTL=55



Ping statistics for 172.217.4.78:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 12ms, Maximum = 12ms, Average = 12ms

Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  98.139.183.24, 98.138.253.109, 206.190.36.45



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=23ms TTL=48

Reply from 98.139.183.24: bytes=32 time=22ms TTL=48



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 22ms, Maximum = 23ms, Average = 22ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 c5 53 31 2a ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 16 cf 6b 06 02 ...... Dell Wireless 1490 Dual Band WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.153      25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.0.0    255.255.252.0    192.168.1.153   192.168.1.153      25
    192.168.1.153  255.255.255.255        127.0.0.1       127.0.0.1      25
    192.168.1.255  255.255.255.255    192.168.1.153   192.168.1.153      25
        224.0.0.0        240.0.0.0    192.168.1.153   192.168.1.153      25
  255.255.255.255  255.255.255.255    192.168.1.153               2      1
  255.255.255.255  255.255.255.255    192.168.1.153   192.168.1.153      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/13/2016 03:28:00 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 47.0.1.6018, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/11/2016 07:46:32 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 2.3.173.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/11/2016 07:40:09 PM) (Source: Application Hang) (User: )
Description: Hanging application nero.exe, version 6.6.0.13, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/11/2016 04:25:55 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 2.3.173.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/11/2016 04:23:28 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 2.3.173.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/11/2016 04:22:16 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 2.3.173.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/10/2016 04:54:09 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 2.3.173.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (07/14/2016 09:46:45 AM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll.
Reference error message: The operation completed successfully.
.

Error: (07/14/2016 09:46:45 AM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Avast.VC140.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (07/14/2016 09:46:45 AM) (Source: SideBySide) (User: )
Description: Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (07/14/2016 09:31:15 AM) (Source: Service Control Manager) (User: )
Description: The XAudioService service failed to start due to the following error:
%%193

Error: (07/13/2016 10:01:11 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (07/13/2016 09:58:38 PM) (Source: DCOM) (User: LATITUDED620)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (07/13/2016 09:17:41 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0016CF6B0602.  The following error
occurred:
%%1223 = The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (07/13/2016 08:31:01 PM) (Source: Service Control Manager) (User: )
Description: The XAudioService service failed to start due to the following error:
%%193

Error: (07/13/2016 03:39:05 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll.
Reference error message: The operation completed successfully.
.

Error: (07/13/2016 03:39:05 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Avast.VC140.CRT.
Reference error message: The referenced assembly is not installed on your system.
.


Microsoft Office Sessions:
=========================
Error: (07/13/2016 03:28:00 PM) (Source: Application Hang)(User: )
Description: firefox.exe47.0.1.6018hungapp0.0.0.000000000

Error: (07/11/2016 07:46:32 PM) (Source: Application Hang)(User: )
Description: mbam.exe2.3.173.0hungapp0.0.0.000000000

Error: (07/11/2016 07:40:09 PM) (Source: Application Hang)(User: )
Description: nero.exe6.6.0.13hungapp0.0.0.000000000

Error: (07/11/2016 04:25:55 PM) (Source: Application Hang)(User: )
Description: mbam.exe2.3.173.0hungapp0.0.0.000000000

Error: (07/11/2016 04:23:28 PM) (Source: Application Hang)(User: )
Description: mbam.exe2.3.173.0hungapp0.0.0.000000000

Error: (07/11/2016 04:22:16 PM) (Source: Application Hang)(User: )
Description: mbam.exe2.3.173.0hungapp0.0.0.000000000

Error: (07/10/2016 04:54:09 PM) (Source: Application Hang)(User: )
Description: mbam.exe2.3.173.0hungapp0.0.0.000000000


=========================== Installed Programs ============================

5600 (HKLM\...\{2466E904-7E48-4597-9321-722CF02930EB}) (Version: 50.0.206.000 - Hewlett-Packard) Hidden
5600_Help (HKLM\...\{CC7984C5-020D-4944-85A0-58D09D4A8BFB}) (Version: 50.0.206.000 - Hewlett-Packard) Hidden
5600Trb (HKLM\...\{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}) (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\{0A3925EA-5B0E-401B-A189-7419149747B2}) (Version: 13.0.0.61 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.61 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.207 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AiO_Scan (HKLM\...\{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}) (Version: 50.0.206.000 - Hewlett-Packard) Hidden
AiOSoftware (HKLM\...\{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}) (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Audacity 2.0 (HKLM\...\Audacity_is1) (Version:  - Audacity Team)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
Avery DesignPro (HKLM\...\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}) (Version:  - )
Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.22.11 - Broadcom Corporation)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
ConverterLite 1.4.0 (HKLM\...\ConverterLite) (Version: 1.4.0 - ConverterLite)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CP_Package_Variety1 (HKLM\...\{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}) (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (HKLM\...\{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}) (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (HKLM\...\{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}) (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (HKLM\...\{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (HKLM\...\{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}) (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DeviceFunctionQFolder (HKLM\...\{5F26311C-B135-4F7F-B11E-8E650F83651E}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (HKLM\...\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (HKLM\...\{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}) (Version: 5.2.0.0 - Hewlett-Packard) Hidden
DocumentViewer (HKLM\...\{172975EB-9465-4861-95B5-C7BB6D3DE62A}) (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DocumentViewerQFolder (HKLM\...\{7C03270C-4FAB-4F5C-B10D-52FEDA190790}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.18.47 - Dell Inc.)
eSupportQFolder (HKLM\...\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
EZdrummer (HKLM\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.3.0 - Toontrack)
EZXCocktail (HKLM\...\{147567F0-8575-4BE0-B5B3-62706C67FA5A}) (Version: 1.2.4 - Toontrack)
Fax (HKLM\...\{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}) (Version: 50.0.206.000 - Hewlett-Packard) Hidden
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
Finale NotePad 2012 (HKLM\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
FinePix Studio (HKLM\...\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}) (Version:  - )
FinePixViewer Resource (HKLM\...\{B44529FF-501E-47CD-A06D-223C161BE058}) (Version: 1.2 - FUJIFILM Corporation)
FinePixViewer Ver.5.4 (HKLM\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.4 - FUJIFILM Corporation)
FinePrint (HKLM\...\FinePrint) (Version: 7.04 - FinePrint Software, LLC)
FUJIFILM USB Driver (HKLM\...\{5490882C-6961-11D5-BAE5-00E0188E010B}) (Version:  - )
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
HP Document Viewer 5.3 (HKLM\...\HP Document Viewer) (Version: 5.3 - HP)
HP Extended Capabilities 5.3 (HKLM\...\HPExtendedCapabilities) (Version: 5.3 - HP)
HP Image Zone Express (HKLM\...\{FE64AE29-0883-4C70-8388-DC026019C900}) (Version: 1.5.1.29 - Hewlett-Packard)
HP Imaging Device Functions 5.3 (HKLM\...\HP Imaging Device Functions) (Version: 5.3 - HP)
HP PSC & OfficeJet 5.3.B (HKLM\...\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}) (Version:  - HP)
HP Solution Center & Imaging Support Tools 5.3 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 5.3 - HP)
HPProductAssistant (HKLM\...\{E3F90083-80D4-4b5a-87C7-E97E12F5516D}) (Version: 53.0.13.000 - Hewlett-Packard) Hidden
I-Doser Free (HKLM\...\I-Doser) (Version: 5.0 - I-Doser.com)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (HKLM\...\{5B622B7A-60FB-4630-B11D-F121D20BCCD6}) (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Midisport 1x1 1.0.1.0 (HKLM\...\MidiSport1x1) (Version:  - )
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version:  - )
NewCopy (HKLM\...\{54E3707F-808E-4fd4-95C9-15D1AB077E5D}) (Version: 50.0.206.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OZ776 SCR Driver V1.1.4.202 (HKLM\...\{EDC2B89F-3F72-48EA-B63E-985BC51622E4}) (Version: 1.1.4.202 - O2Micro) Hidden
OZ776 SCR Driver V1.1.4.202 (HKLM\...\InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}) (Version: 1.1.4.202 - O2Micro)
PanoStandAlone (HKLM\...\{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}) (Version: 53.0.13.000 - Hewlett-Packard) Hidden
ProductContext (HKLM\...\{7C9B95B7-B598-4398-B30F-7F6827192E6C}) (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Readme (HKLM\...\{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}) (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Scan (HKLM\...\{C506A18C-1469-4678-B094-F4EC9DAE6DB7}) (Version: 5.2.0.0 - Hewlett-Packard) Hidden
ScannerCopy (HKLM\...\{A195B13E-A5E3-4BAF-A995-7F70F445CD06}) (Version: 5.2.0.0 - Hewlett-Packard) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SolutionCenter (HKLM\...\{EA103B64-C0E4-4C0E-A506-751590E1653D}) (Version: 50.0.152.000 - Hewlett-Packard) Hidden
Status (HKLM\...\{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}) (Version: 53.0.13.000 - Hewlett-Packard) Hidden
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toontrack solo (HKLM\...\{5866520C-8857-4986-833A-039F4584C3F7}) (Version: 1.3.1 - Toontrack)
TrayApp (HKLM\...\{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}) (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Unload (HKLM\...\{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}) (Version: 5.0.0 - Hewlett-Packard) Hidden
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}) (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
ZSMC USB PC Camera (ZS211) (HKLM\...\{44D02D8B-FFB3-4245-8D26-68D10B4C4023}) (Version: 2007.07.05 - ZSMC)

========================= Devices: ================================

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_01C21028&REV_03\3&61AAA01&0&10
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_01C21028&REV_03\3&61AAA01&0&11
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 80%
Total physical RAM: 1014.11 MB
Available physical RAM: 194.92 MB
Total Virtual: 2963.14 MB
Available Virtual: 2097.43 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:45.33 GB) NTFS

========================= Users: ========================================

User accounts for \\LATITUDED620

Administrator            ASPNET                   Guest                    
HelpAssistant            SUPPORT_388945a0         

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini122813-01.dmp
========================= Restore Points ==================================

22-04-2016 23:05:33 System Checkpoint
23-04-2016 23:30:00 System Checkpoint
26-04-2016 17:51:22 System Checkpoint
27-04-2016 23:15:05 System Checkpoint
30-04-2016 01:13:56 System Checkpoint
11-05-2016 17:18:03 System Checkpoint
20-05-2016 14:11:20 System Checkpoint
26-05-2016 16:11:47 System Checkpoint
28-05-2016 23:42:45 System Checkpoint
31-05-2016 15:37:39 System Checkpoint
04-06-2016 18:07:04 System Checkpoint
06-06-2016 20:31:12 System Checkpoint
08-06-2016 23:54:37 System Checkpoint
15-06-2016 13:57:58 System Checkpoint
16-06-2016 15:16:47 System Checkpoint
17-06-2016 15:42:27 System Checkpoint
26-06-2016 19:16:39 System Checkpoint
28-06-2016 14:22:15 System Checkpoint
30-06-2016 01:56:28 System Checkpoint
03-07-2016 01:44:04 System Checkpoint
04-07-2016 01:57:17 System Checkpoint
06-07-2016 23:54:51 System Checkpoint
08-07-2016 13:54:31 Removed NetAssistant
09-07-2016 16:24:19 Restore Point Created by FRST
09-07-2016 16:41:41 JRT Pre-Junkware Removal
10-07-2016 23:06:49 System Checkpoint
11-07-2016 23:35:41 System Checkpoint
13-07-2016 01:16:08 System Checkpoint

**** End of log ****
 

[dbreeze]

The log says there is no video driver installed.  If you go to START > Control Panel > Device Manager, is there a yellow triangle on the video (display) adapter?  Expand the line to get to the graphic card and double click on it.  Under Driver, click on Update Driver and follow the prompts.  Once this updates the driver, reboot your system and see if that helps.

[monkeyboyblues]

XP doesn't have a device manager or anything related to video in control panel.
I did try to search for a video driver but nothing.

[dbreeze]

Dell shows three different drivers for a D620 Latitude ( http://www.dell.com/...rivers/advanced).  They may even have a working tool on the site to detect and repair device drivers.

[monkeyboyblues]

It appears I updated the driver but shut down still very slow.

[dbreeze]

Actually, for now, it would be best to removal our Malware Removal tools and let you post in the XP support section.  While competent in Malware Removal, I am no where near the expertise that our Technical staff has with Hardware / OS issues.

 

All right!!    Your logs are clean and you're good to go now!!    We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way.  I must say though, even though we met through less than ideal circumstances, it has been really great to work with you.    Thanks. 


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.
 

• Download Delfix from  here or here to your desktop and double click it to start the program
• Ensure Remove disinfection tools is ticked
  Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

You can delete any log files left on your desktop as these are no longer needed.

Keep Windows Updated

Please make sure you follow this and activate the Update function to get all the available updates as Microsoft has been known to release some support updates for XP.

• Click Start and then click Control Panel.
• Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
• Scroll down and click on Windows Update.
• Click on Change settings.
• Under Important Updates, click on Install updates automatically (recommended).
• Select (click on) the other options on this page.
• Select a day and time to have windows install the updates.
• Click on Ok to change the settings.

If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated.  Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this.  You can read some of the articles on this here and here.  I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

• How to disable Java in your web browser
• How to unplug Java from the browser

 

To uninstall Java (on Win XP):

• Click Start and then click Control Panel.
• If you need to, click View by: and select either Large Icons or Small Icons.
• Click on Add / Remove Programs.
• Scroll down until you find Java and click on it to select that program.
• (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
• Click Uninstall.

If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.
 

To check for the latest version of Java and installation steps:

• Go to java.com and click on Do I have Java?.
• On the next page, click on Verify Java Version.
• If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
• Follow the recommendations (if any) on the results screen.
• If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download.  Click on it to update or install Java.
• The site will start a download of jxpiinstall.exe.  Save the file to your desktop.
• When the download is finished, close your browser.
• Right click on the jxpiinstall.exe and select Run as Administrator.
• On the opening window, check Change destination folder and then click Install>.
• The program will now download the rest of the files needed to install Java.
• On the Destination Folder window, click Next>.
• On the next window, the install will present you the option of adding additional software (this is known as Foistware).
• Uncheck the Set and keep Ask as my default search provider.
• Uncheck the Install the Ask Toolbar.
• Click Next> to finish the install.
• When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

 
Adobe Reader
Adobe Reader is the second most targeted (by malware) common software.  If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable.  One that we recommend is Sumatra PDF.

 

To update Adobe Reader:

• Launch your Adobe Reader.
• Click Help and then click on About Adobe Reader from the menu list.
• If the version is 11.0.04 then you are up to date.  If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
• The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
• Click on Download in the menu bar on top of the Adobe web page.
• Click on Adobe Reader in the list on the right hand side of the page.
• On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install.  Make sure the check is NOT marked (this is another example of Foistware).
• Click the Install Now button and follow the directions on next page.
• If you are prompted to Save the installer file, choose to save it to your desktop.  Once it is saved, right click on the file and select Run as Administrator.
• When the installation is finished, you can delete the installer file on your desktop.

 
Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process.  An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Update Checker from FileHippo.com (you can get the software from here and read more about it on the same page).

You are now done!   


Now some information on programs to help keep you safe:

I know that you have a Malware Protection Suite from Rogers running on your system now; should you ever stop using that, here is some points to consider:

First, an Antivirus program.  You NEED one; free is just as good as paid-for as long as you keep them updated.  ONLY use one at a time as having more than that will cause system problems.  Here are some free ones to check out:
Avast! Free Antivirus
Avira Free Antivirus

Next, a firewall is a must have now-a-days.  For XP, you need a third party firewall; the built in firewall in Vista /Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)).  Or, if you like, you could choose one of the free ones listed here:
Zone Alarm Free Firewall

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing.  By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.  You can read the details about this program here.

Also, consider keep MalwareBytes Antimalware to your arsenal of safe keeping programs.  Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program.  Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread: How did I get infected in the first place?
 
Also, I noticed that your system was running low on available free memory (when we first started the cleaning process).  How is your system running now?  If you still find it a little slow, you might consider adding some more RAM memory to allow the processes a little more freedom of 'running'.

I'll leave this topic open for a few days so that if you have any questions you can come back here.  Surf safe, my friend!!
 

The XP support section is here.  You can link this topic in a post there by referencing this post.

 

[dbreeze]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.