Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dell Computer Very Slow to Shutdown


  • Please log in to reply

#1
monkeyboyblues

monkeyboyblues

    Member

  • Member
  • PipPip
  • 93 posts

Running XP and have a Dell Lattitude D620.

 

Lagging when trying to open shutdown menu and lagging when selected to shutdown.

 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP

You might want to try UPHCLEAN:

 

http://www.majorgeek...up_service.html

 

If that doesn't help then:

 

Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
 
Reboot. 
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
(Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 

  • 0

#3
monkeyboyblues

monkeyboyblues

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts

Having a problem with the event viewer link.


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP

Seems to work OK.  It doesn't take you to a page.  Just starts the download.


  • 0

#5
monkeyboyblues

monkeyboyblues

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts

Vino's Event Viewer v01c run on Windows XP in English
Report run at 02/08/2016 12:47:36 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/08/2016 12:34:47 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The XAudioService service failed to start due to the following error:  %1 is not a valid Win32 application.  

Log: 'System' Date/Time: 01/08/2016 11:15:06 PM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 01/08/2016 11:12:38 PM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 01/08/2016 7:08:31 PM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 10.10.4.72 for the Network Card with network address 0016CF6B0602 has been denied by the DHCP server 192.168.169.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 01/08/2016 7:06:23 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The XAudioService service failed to start due to the following error:  %1 is not a valid Win32 application.  

Log: 'System' Date/Time: 01/08/2016 1:27:46 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll. Reference error message: The operation completed successfully. .

Log: 'System' Date/Time: 01/08/2016 1:27:46 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error message: The referenced assembly is not installed on your system. .

Log: 'System' Date/Time: 01/08/2016 1:27:46 PM
Type: error Category: 0
Event: 32 Source: SideBySide
Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.  

Log: 'System' Date/Time: 01/08/2016 1:27:41 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll. Reference error message: The operation completed successfully. .

Log: 'System' Date/Time: 01/08/2016 1:27:41 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error message: The referenced assembly is not installed on your system. .

Log: 'System' Date/Time: 01/08/2016 1:27:41 PM
Type: error Category: 0
Event: 32 Source: SideBySide
Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.  

Log: 'System' Date/Time: 01/08/2016 1:23:49 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The XAudioService service failed to start due to the following error:  %1 is not a valid Win32 application.  

Log: 'System' Date/Time: 01/08/2016 1:22:36 PM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 01/08/2016 1:20:02 PM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/08/2016 12:34:55 PM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down.  Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 01/08/2016 8:16:38 PM
Type: warning Category: 0
Event: 1006 Source: Dhcp
Your computer was unable to automatically configure the IP parameters for the Network Card with the network address 0016CF6B0602.  The following error occurred during configuration: The DHCP client has obtained an IP address that is already in use on the network. The local interface will be disabled until the DHCP client can obtain a new address. .

Log: 'System' Date/Time: 01/08/2016 7:09:32 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0016CF6B0602.  The IP address being used is 169.254.239.32.

Log: 'System' Date/Time: 01/08/2016 7:06:26 PM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down.  Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 01/08/2016 1:23:51 PM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down.  Check to make sure the network cable is properly connected.
 

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
alg.exe        1,136 K    3,508 K    1280    Application Layer Gateway Service    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
AvastSvc.exe        40,104 K    38,648 K    1576    avast! Service    AVAST Software    (Verified) AVAST Software a.s.
avastui.exe        25,240 K    13,264 K    2688    avast! Antivirus    AVAST Software    (Verified) AVAST Software a.s.
BCMWLTRY.EXE        3,844 K    8,224 K    1540    DW WLAN Card Wireless Network Controller    Dell Inc.    (No signature was present in the subject) Dell Inc.
c2c_service.exe        3,516 K    6,048 K    196    Skype C2C Service    Skype Technologies S.A.    (Verified) Skype Technologies SA
csrss.exe        1,700 K    3,816 K    832    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
ctfmon.exe        872 K    3,596 K    2880    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
hkcmd.exe        688 K    2,880 K    2768    hkcmd Module    Intel Corporation    (Verified) Microsoft Windows Hardware Compatibility Publisher
hpqste08.exe        10,316 K    15,496 K    3452    HP CUE Status    Hewlett-Packard Co.    (No signature was present in the subject) Hewlett-Packard Co.
hpqtra08.exe        7,568 K    10,772 K    3076    HP Digital Imaging Monitor    Hewlett-Packard Co.    (No signature was present in the subject) Hewlett-Packard Co.
hprblog.exe        788 K    2,796 K    3564    Hewlett-Packard Product Assistant    Hewlett-Packard Co.    (No signature was present in the subject) Hewlett-Packard Co.
hpwuSchd2.exe        584 K    2,204 K    2648    Hewlett-Packard Product Assistant    Hewlett-Packard Co.    (No signature was present in the subject) Hewlett-Packard Co.
igfxpers.exe        668 K    2,928 K    2844    persistence Module    Intel Corporation    (Verified) Microsoft Windows Hardware Compatibility Publisher
instup.exe        73,992 K    74,360 K    3828    avast! Antivirus Installer    AVAST Software    (Verified) AVAST Software a.s.
lsass.exe        3,812 K    896 K    912    LSA Shell (Export Version)    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
msmsgs.exe        1,368 K    2,040 K    2868    Windows Messenger    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
notepad.exe        980 K    736 K    2504    Notepad    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
QuickDCF2.exe        1,064 K    3,984 K    3004    Exif Launcher 2    FUJIFILM Corporation    (No signature was present in the subject) FUJIFILM Corporation
rundll32.exe        1,952 K    2,864 K    2572    Run a DLL as an App    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
scardsvr.exe        864 K    2,592 K    1860    Smart Card Resource Management Server    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
services.exe        1,704 K    3,468 K    900    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
smss.exe        172 K    408 K    784    Windows NT Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
spoolsv.exe        4,016 K    6,176 K    1792    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        3,116 K    5,016 K    1088    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,916 K    4,468 K    1156    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        2,336 K    3,260 K    1236    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,336 K    3,528 K    1284    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,772 K    4,688 K    1380    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        2,396 K    4,280 K    344    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        14,592 K    24,976 K    1196    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
UpdateChecker.exe        34,128 K    32,524 K    2916    FileHippo.com Update Checker    FileHippo.com    (No signature was present in the subject) FileHippo.com
winlogon.exe        6,664 K    2,360 K    856    Windows NT Logon Application    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
WLTRAY.EXE        2,364 K    7,184 K    2668    DW WLAN Card Wireless Network Tray Applet    Dell Inc.    (No signature was present in the subject) Dell Inc.
WLTRYSVC.EXE        400 K    1,576 K    1508            (No signature was present in the subject)
wmiprvse.exe        1,820 K    4,780 K    3912    WMI    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
wscntfy.exe        548 K    2,240 K    1712    Windows Security Center Notification App    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
Interrupts    < 0.01    0 K    0 K    n/a    Hardware Interrupts and DPCs        
explorer.exe    0.77    15,352 K    23,232 K    2316    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
System    0.77    0 K    252 K    4            
procexp.exe    2.31    26,540 K    23,396 K    2644    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
firefox.exe    3.08    372,088 K    373,004 K    3572    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
System Idle Process    93.08    0 K    28 K    0            
 


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
Log: 'System' Date/Time: 02/08/2016 12:34:47 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The XAudioService service failed to start due to the following error:  %1 is not a valid Win32 application.  

 

 

The XAudioService is sometimes associated with a Zero Access infection so I think I will have this moved to our Malware forum.

 

 
 
  •  
 
  • Get FRST from
  • You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  (Expect you have a 32 bit system)  Only one will work and that's the right one.
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #7
    monkeyboyblues

    monkeyboyblues

      Member

    • Topic Starter
    • Member
    • PipPip
    • 93 posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2016
    Ran by Administrator (administrator) on LATITUDED620 (02-08-2016 13:47:19)
    Running from C:\Documents and Settings\Administrator\Desktop
    Loaded Profiles: Administrator (Available Profiles: Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () C:\WINDOWS\system32\WLTRYSVC.EXE
    (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
    (Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
    (FileHippo.com) C:\Program Files\FileHippo.com\UpdateChecker.exe
    (FUJIFILM Corporation) C:\Program Files\FinePixViewer\QuickDCF2.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
    HKLM\...\Run: [REGSHAVE] => C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.)
    HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
    HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    HKLM\...\Run: [NVHotkey] => rundll32.exe nvHotkey.dll,Start
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-05-11] (Hewlett-Packard Co.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2498560 2010-10-29] (Dell Inc.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-11] (AVAST Software)
    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-07-14] (Intel Corporation)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-07-14] (Intel Corporation)
    HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: ** <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\zalmaninstaller_52330\otshotcomponent39.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\zalmaninstaller_52330\otshotcomponent39.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\zalmaninstaller_52330\otshotcomponent39.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Application Data\zalmaninstaller_52330\otshotcomponent39.exe <====== ATTENTION
    HKU\S-1-5-21-515967899-1604221776-1417001333-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-515967899-1604221776-1417001333-500\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
    HKU\S-1-5-21-515967899-1604221776-1417001333-500\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
    HKU\S-1-5-21-515967899-1604221776-1417001333-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-01-28] (AVAST Software)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk [2011-09-29]
    ShortcutTarget: ExifLauncher2.lnk -> C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-10-04]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 4.2.2.2
    Tcpip\..\Interfaces\{3D27322F-F708-4BD9-BFB0-B4DBBD8B4353}: [DhcpNameServer] 192.168.1.1 192.168.0.1
    Tcpip\..\Interfaces\{9C365071-9F7B-41CF-AA92-AF6A97F3D08C}: [DhcpNameServer] 8.8.8.8 4.2.2.2

    Internet Explorer:
    ==================
    HKU\S-1-5-21-515967899-1604221776-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-28] (AVAST Software)
    BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
    Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-28] (AVAST Software)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default
    FF Homepage: hxxps://www.ixquick.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_111.dll [2016-07-27] ()
    FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll [2011-06-07] (RocketLife, LLP)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2003-07-14] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Extension: Video DownloadHelper - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-07-05]
    FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-07-05]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-07-06] [not signed]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-07-06] [not signed]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-28] [not signed]

    Chrome:
    =======
    CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-28]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-28]
    CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-28]
    CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-28]
    CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-28]
    CHR HKLM\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-28]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-28] (AVAST Software)
    S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
    R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
    R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2232320 2010-10-29] (Dell Inc.) [File not signed]
    S2 XAudioService; C:\WINDOWS\system32\DRIVERS\xaudio.exe [386560 2006-08-04] (Conexant Systems, Inc.) [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-02-05] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-28] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-19] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-28] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-28] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-28] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-19] ()
    R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2649216 2010-10-29] (Broadcom Corporation)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    R3 guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro)
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
    R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys [986624 2006-10-18] (Conexant Systems, Inc.) [File not signed]
    R3 HSXHWAZL; C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys [206848 2006-10-18] (Conexant Systems, Inc.) [File not signed]
    R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-19] (Conexant) [File not signed]
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    S3 PCX500; C:\WINDOWS\System32\DRIVERS\pcx500.sys [169984 2008-04-13] (Cisco Systems)
    R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
    R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [659968 2006-10-18] (Conexant Systems, Inc.) [File not signed]
    R2 XAudio; C:\WINDOWS\System32\DRIVERS\xaudio.sys [8192 2006-08-04] (Conexant Systems, Inc.) [File not signed]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-02 13:47 - 2016-08-02 13:48 - 00026535 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
    2016-08-02 13:47 - 2016-08-02 13:47 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion
    2016-08-02 12:53 - 2016-08-02 12:53 - 00005299 _____ C:\Documents and Settings\Administrator\Desktop\System Idle Process.txt
    2016-08-02 12:48 - 2016-08-02 12:49 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Administrator\Desktop\procexp.exe
    2016-08-02 12:47 - 2016-08-02 12:47 - 00005111 _____ C:\VEW.txt
    2016-08-02 12:46 - 2016-08-02 12:46 - 00061440 _____ ( ) C:\Documents and Settings\Administrator\Desktop\VEW.exe
    2016-08-02 12:44 - 2016-08-02 12:44 - 00087510 _____ C:\Documents and Settings\Administrator\Desktop\3470_001.pdf
    2016-08-01 13:05 - 2016-08-01 13:07 - 209185064 _____ C:\Documents and Settings\Administrator\Desktop\Tchaikovsky - Symphony No 5 in E minor, Op 64 - Mravinsky.mp4
    2016-08-01 13:03 - 2016-08-01 13:06 - 158007980 _____ C:\Documents and Settings\Administrator\Desktop\P. I. Tchaikovsky - Violin Concerto in D major, Op. 35 - Itz.mp4
    2016-08-01 13:00 - 2016-08-01 13:03 - 299619482 _____ C:\Documents and Settings\Administrator\Desktop\Russian Easter Overture, op. 36. Nikolai Rimsky-Korsakov (18.mp4
    2016-07-20 17:21 - 2016-07-20 17:24 - 125133196 _____ C:\Documents and Settings\Administrator\Desktop\How to Set your Training for Muscle Growth.mp4
    2016-07-18 10:30 - 2006-07-14 17:03 - 00139264 _____ (Intel Corporation) C:\WINDOWS\system32\igfxres.dll
    2016-07-18 10:26 - 2006-07-14 17:49 - 00023232 _____ C:\WINDOWS\system32\igxpxs32.vp
    2016-07-18 10:26 - 2006-07-14 17:30 - 01170140 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ialmnt5.sys
    2016-07-18 10:26 - 2006-07-14 17:29 - 00956026 _____ (Intel Corporation) C:\WINDOWS\system32\ialmdd5.dll
    2016-07-18 10:26 - 2006-07-14 17:22 - 00238650 _____ (Intel Corporation) C:\WINDOWS\system32\ialmdev5.dll
    2016-07-18 10:26 - 2006-07-14 17:22 - 00121467 _____ (Intel Corporation) C:\WINDOWS\system32\ialmdnt5.dll
    2016-07-18 10:26 - 2006-07-14 17:22 - 00061440 _____ (Intel Corporation) C:\WINDOWS\system32\iAlmCoIn_v4634.dll
    2016-07-18 10:26 - 2006-07-14 17:22 - 00049152 _____ (Intel Corporation) C:\WINDOWS\system32\ialmrem.dll
    2016-07-18 10:26 - 2006-07-14 17:22 - 00045694 _____ (Intel Corporation) C:\WINDOWS\system32\ialmrnt5.dll
    2016-07-18 10:26 - 2006-07-14 17:15 - 00524288 _____ (Intel Corporation) C:\WINDOWS\system32\igldev32.dll
    2016-07-18 10:26 - 2006-07-14 17:14 - 02318336 _____ (Intel Corporation) C:\WINDOWS\system32\iglicd32.dll
    2016-07-18 10:26 - 2006-07-14 17:08 - 00155648 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
    2016-07-18 10:26 - 2006-07-14 17:08 - 00155648 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
    2016-07-18 10:26 - 2006-07-14 17:08 - 00151552 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
    2016-07-18 10:26 - 2006-07-14 17:08 - 00151552 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresp.lrc
    2016-07-18 10:26 - 2006-07-14 17:08 - 00143360 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
    2016-07-18 10:26 - 2006-07-14 17:08 - 00131072 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
    2016-07-18 10:26 - 2006-07-14 17:08 - 00118784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    2016-07-18 10:26 - 2006-07-14 17:08 - 00098304 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
    2016-07-18 10:26 - 2006-07-14 17:08 - 00098304 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
    2016-07-18 10:26 - 2006-07-14 17:08 - 00081920 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
    2016-07-18 10:26 - 2006-07-14 17:08 - 00081920 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
    2016-07-18 10:26 - 2006-07-14 17:08 - 00040960 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
    2016-07-18 10:26 - 2006-07-14 17:07 - 01503232 _____ (Intel Corporation) C:\WINDOWS\system32\igfxress.dll
    2016-07-18 10:26 - 2006-07-14 17:07 - 00143360 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
    2016-07-18 10:26 - 2006-07-14 17:07 - 00114688 _____ (Intel Corporation) C:\WINDOWS\system32\igfxzoom.exe
    2016-07-18 10:26 - 2006-07-14 17:07 - 00094208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
    2016-07-18 10:26 - 2006-07-14 17:07 - 00094208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
    2016-07-18 10:26 - 2006-07-14 17:06 - 00450560 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcfg.exe
    2016-07-18 10:26 - 2006-07-14 17:06 - 00081920 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
    2016-07-18 10:26 - 2006-07-14 17:04 - 00163840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
    2016-07-18 10:26 - 2006-07-14 17:04 - 00086016 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll
    2016-07-18 10:26 - 2006-07-14 17:04 - 00061440 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll
    2016-07-18 10:26 - 2006-07-14 17:03 - 00139264 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
    2016-07-18 10:26 - 2006-07-14 17:03 - 00139264 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
    2016-07-18 10:26 - 2006-07-14 16:58 - 00524850 _____ C:\WINDOWS\system32\igxpxa32.cpa
    2016-07-18 10:26 - 2006-07-14 16:58 - 00058704 _____ C:\WINDOWS\system32\igxpxk32.vp
    2016-07-18 10:26 - 2006-07-14 16:58 - 00000929 _____ C:\WINDOWS\system32\igxpxa32.vp
    2016-07-18 10:25 - 2016-07-18 10:25 - 04682616 _____ C:\Documents and Settings\Administrator\Desktop\R135765.EXE
    2016-07-18 10:25 - 2006-07-14 17:04 - 00077824 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    2016-07-18 10:25 - 2006-07-14 17:03 - 00073728 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.dll
    2016-07-14 11:21 - 2016-07-14 11:22 - 00025280 _____ C:\Documents and Settings\Administrator\Desktop\MTB.txt
    2016-07-14 11:19 - 2016-07-14 11:19 - 00892416 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\MiniToolBox.exe
    2016-07-14 11:19 - 2016-07-14 11:19 - 00002401 _____ C:\Documents and Settings\Administrator\Desktop\FSS.txt
    2016-07-14 11:18 - 2016-07-14 11:18 - 00899584 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FSS.exe
    2016-07-14 11:11 - 2016-07-14 11:11 - 00248961 _____ C:\Documents and Settings\Administrator\Desktop\STATUS-COURSE-CONTRACT.pdf
    2016-07-14 11:06 - 2016-07-14 11:06 - 00101104 _____ C:\Documents and Settings\Administrator\Desktop\f9465.pdf
    2016-07-13 15:38 - 2016-07-13 15:39 - 00175459 _____ C:\Documents and Settings\Administrator\Desktop\i9465.pdf
    2016-07-13 15:37 - 2016-07-13 15:37 - 00439526 _____ C:\Documents and Settings\Administrator\Desktop\i1040sc--2014.pdf
    2016-07-12 10:00 - 2016-07-20 17:10 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-07-12 09:29 - 2016-07-12 09:29 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2016-07-12 09:29 - 2016-07-12 09:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-07-12 09:29 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-07-12 09:29 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-07-12 09:24 - 2016-07-12 09:29 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2016-07-11 16:08 - 2016-07-12 22:03 - 00000000 ____D C:\AdwCleaner
    2016-07-11 16:07 - 2016-07-11 16:07 - 03712064 _____ C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
    2016-07-10 16:49 - 2016-07-10 16:49 - 02485096 _____ C:\Documents and Settings\Administrator\Desktop\i1040a--2014.pdf
    2016-07-09 12:38 - 2016-07-09 12:39 - 01610560 _____ (Malwarebytes) C:\Documents and Settings\Administrator\Desktop\JRT.exe
    2016-07-07 13:25 - 2016-08-02 13:47 - 00000000 ____D C:\FRST
    2016-07-07 13:24 - 2016-08-02 13:47 - 01744384 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
    2016-07-06 10:00 - 2016-07-09 12:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-07-04 10:38 - 2016-07-04 10:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\iolo
    2016-07-04 10:38 - 2016-07-04 10:45 - 00065536 _____ C:\WINDOWS\system32\config\iolo App.evt
    2016-07-04 10:38 - 2016-07-04 10:38 - 00074703 _____ C:\WINDOWS\system32\mfc45.dat
    2016-07-04 10:38 - 2016-07-04 10:38 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\iolo

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-02 13:48 - 2011-04-15 15:06 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
    2016-08-02 13:41 - 2013-09-07 01:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-08-02 13:20 - 2014-04-20 17:45 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-08-02 13:00 - 2014-01-19 13:46 - 00000378 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
    2016-08-02 12:34 - 2014-04-20 17:45 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-08-02 12:34 - 2011-04-15 15:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-08-01 23:15 - 2011-04-15 15:06 - 00032620 _____ C:\WINDOWS\SchedLgU.Txt
    2016-08-01 23:13 - 2011-04-15 15:06 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
    2016-08-01 23:10 - 2011-10-05 18:30 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
    2016-08-01 13:03 - 2011-11-17 00:27 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
    2016-08-01 12:03 - 2014-01-28 17:13 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
    2016-08-01 12:02 - 2013-04-08 14:20 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\SCORES
    2016-08-01 11:39 - 2008-04-14 08:00 - 00001374 _____ C:\WINDOWS\system32\wpa.dbl
    2016-07-27 11:42 - 2012-07-10 15:25 - 00800448 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2016-07-27 11:42 - 2011-11-18 11:32 - 00143040 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2016-07-21 09:23 - 2011-04-15 15:06 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
    2016-07-20 17:49 - 2011-04-15 15:06 - 00000000 ____D C:\Documents and Settings\Administrator
    2016-07-18 12:49 - 2012-05-16 11:18 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
    2016-07-18 12:48 - 2012-07-27 20:14 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Finale Files
    2016-07-18 12:48 - 2011-09-29 15:12 - 00000000 ____D C:\Program Files\FinePixViewer
    2016-07-18 10:26 - 2011-04-15 09:41 - 00000000 ___HD C:\WINDOWS\inf
    2016-07-14 10:53 - 2012-08-30 18:32 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
    2016-07-12 11:45 - 2012-06-07 23:21 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\FinePrint files
    2016-07-12 10:25 - 2011-04-15 15:06 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
    2016-07-12 09:29 - 2012-06-30 16:14 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2016-07-12 09:24 - 2012-06-30 16:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2016-07-12 09:24 - 2012-06-30 16:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    2016-07-10 16:52 - 2012-05-16 19:13 - 00000000 ____D C:\Documents and Settings\Administrator\dwhelper
    2016-07-09 12:28 - 2011-04-15 15:03 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
    2016-07-06 19:15 - 2012-05-23 10:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-07-06 10:55 - 2013-10-20 18:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330
    2016-07-06 09:37 - 2012-06-30 16:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2016-07-05 09:44 - 2011-04-15 14:59 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-07-04 13:59 - 2011-11-14 22:23 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    2016-07-04 13:59 - 2011-04-15 16:14 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    2016-07-04 10:44 - 2011-04-15 15:26 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
    2016-07-04 10:44 - 2011-04-15 09:41 - 00000000 ____D C:\WINDOWS\Help
    2016-07-03 10:15 - 2015-08-15 14:21 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Solutions for Creditors

    ==================== Files in the root of some directories =======

    2012-05-16 19:21 - 2014-04-01 17:11 - 0019968 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-08-13 21:12 - 2012-08-13 21:12 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
    2013-07-10 23:15 - 2013-11-16 15:15 - 0019472 __RSH () C:\Documents and Settings\All Users\Application Data\3002.abs
    2013-07-10 23:15 - 2014-03-18 17:12 - 0000100 __RSH () C:\Documents and Settings\All Users\Application Data\3002.xml
    2011-10-04 11:17 - 2012-08-13 21:22 - 0002399 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================

     

     

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-07-2016
    Ran by Administrator (2016-08-02 13:48:56)
    Running from C:\Documents and Settings\Administrator\Desktop
    Microsoft Windows XP Professional Service Pack 3 (X86) (2011-04-15 19:02:58)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-515967899-1604221776-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-515967899-1604221776-1417001333-1003 - Limited - Enabled)
    Guest (S-1-5-21-515967899-1604221776-1417001333-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-515967899-1604221776-1417001333-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-515967899-1604221776-1417001333-1002 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Out of date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    5600 (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    5600_Help (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    5600Trb (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.61 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.111 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    AiO_Scan (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    AiOSoftware (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    Audacity 2.0 (HKLM\...\Audacity_is1) (Version:  - Audacity Team)
    avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
    Avery DesignPro (HKLM\...\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}) (Version:  - )
    Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.22.11 - Broadcom Corporation)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
    ConverterLite 1.4.0 (HKLM\...\ConverterLite) (Version: 1.4.0 - ConverterLite)
    ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
    CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Destinations (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    DeviceFunctionQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    DocProc (Version: 5.2.0.0 - Hewlett-Packard) Hidden
    DocumentViewer (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    DocumentViewerQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.18.47 - Dell Inc.)
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    EZdrummer (HKLM\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.3.0 - Toontrack)
    EZXCocktail (HKLM\...\{147567F0-8575-4BE0-B5B3-62706C67FA5A}) (Version: 1.2.4 - Toontrack)
    Fax (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
    Finale NotePad 2012 (HKLM\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
    FinePix Studio (HKLM\...\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}) (Version:  - )
    FinePixViewer Resource (HKLM\...\{B44529FF-501E-47CD-A06D-223C161BE058}) (Version: 1.2 - FUJIFILM Corporation)
    FinePixViewer Ver.5.4 (HKLM\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.4 - FUJIFILM Corporation)
    FinePrint (HKLM\...\FinePrint) (Version: 7.04 - FinePrint Software, LLC)
    FUJIFILM USB Driver (HKLM\...\{5490882C-6961-11D5-BAE5-00E0188E010B}) (Version:  - )
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
    HP Document Viewer 5.3 (HKLM\...\HP Document Viewer) (Version: 5.3 - HP)
    HP Extended Capabilities 5.3 (HKLM\...\HPExtendedCapabilities) (Version: 5.3 - HP)
    HP Image Zone Express (HKLM\...\{FE64AE29-0883-4C70-8388-DC026019C900}) (Version: 1.5.1.29 - Hewlett-Packard)
    HP Imaging Device Functions 5.3 (HKLM\...\HP Imaging Device Functions) (Version: 5.3 - HP)
    HP PSC & OfficeJet 5.3.B (HKLM\...\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}) (Version:  - HP)
    HP Solution Center & Imaging Support Tools 5.3 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 5.3 - HP)
    HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    I-Doser Free (HKLM\...\I-Doser) (Version: 5.0 - I-Doser.com)
    Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4634 - )
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    MarketResearch (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Midisport 1x1 1.0.1.0 (HKLM\...\MidiSport1x1) (Version:  - )
    Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
    Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version:  - )
    NewCopy (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
    OZ776 SCR Driver V1.1.4.202 (HKLM\...\InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}) (Version: 1.1.4.202 - O2Micro)
    OZ776 SCR Driver V1.1.4.202 (Version: 1.1.4.202 - O2Micro) Hidden
    PanoStandAlone (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    ProductContext (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    Readme (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
    ScannerCopy (Version: 5.2.0.0 - Hewlett-Packard) Hidden
    SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
    Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
    SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden
    Status (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Toontrack solo (HKLM\...\{5866520C-8857-4986-833A-039F4584C3F7}) (Version: 1.3.1 - Toontrack)
    TrayApp (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    Unload (Version: 5.0.0 - Hewlett-Packard) Hidden
    VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    ZSMC USB PC Camera (ZS211) (HKLM\...\{44D02D8B-FFB3-4245-8D26-68D10B4C4023}) (Version: 2007.07.05 - ZSMC)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2011-04-15 16:18 - 2010-10-29 10:14 - 00025088 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
    2011-04-15 16:18 - 2010-10-29 10:14 - 00761856 _____ () C:\WINDOWS\System32\bcm1xsup.dll
    2014-07-03 16:00 - 2014-07-03 15:03 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070301\algo.dll
    2011-04-15 16:18 - 2010-10-29 10:14 - 00143360 _____ () C:\WINDOWS\system32\preflib.dll
    2014-01-19 13:42 - 2014-01-19 13:42 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2011-09-29 15:12 - 2007-02-16 20:01 - 00081920 _____ () C:\Program Files\FinePixViewer\wia_register_event.dll
    2008-04-14 08:00 - 2008-04-14 08:00 - 01288192 _____ () C:\WINDOWS\system32\quartz.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2008-04-14 08:00 - 2014-01-19 12:27 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1       localhost
    ::1       localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-515967899-1604221776-1417001333-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 8.8.8.8 - 4.2.2.2
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe] => Enabled:hpqcopy.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe] => Enabled:hpfccopy.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe] => Enabled:hpqphunl.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe] => Enabled:hpqdia.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dmwu.exe] => Enabled:dmwu
    StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
    StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

    ==================== Restore Points =========================

    23-04-2016 19:30:00 System Checkpoint
    26-04-2016 13:51:22 System Checkpoint
    27-04-2016 19:15:05 System Checkpoint
    29-04-2016 21:13:56 System Checkpoint
    11-05-2016 13:18:03 System Checkpoint
    20-05-2016 10:11:20 System Checkpoint
    26-05-2016 12:11:47 System Checkpoint
    28-05-2016 19:42:45 System Checkpoint
    31-05-2016 11:37:39 System Checkpoint
    04-06-2016 14:07:04 System Checkpoint
    06-06-2016 16:31:12 System Checkpoint
    08-06-2016 19:54:37 System Checkpoint
    15-06-2016 09:57:58 System Checkpoint
    16-06-2016 11:16:47 System Checkpoint
    17-06-2016 11:42:27 System Checkpoint
    26-06-2016 15:16:39 System Checkpoint
    28-06-2016 10:22:15 System Checkpoint
    29-06-2016 21:56:28 System Checkpoint
    02-07-2016 21:44:04 System Checkpoint
    03-07-2016 21:57:17 System Checkpoint
    06-07-2016 19:54:51 System Checkpoint
    08-07-2016 09:54:31 Removed NetAssistant
    09-07-2016 12:24:19 Restore Point Created by FRST
    09-07-2016 12:41:41 JRT Pre-Junkware Removal
    10-07-2016 19:06:49 System Checkpoint
    11-07-2016 19:35:41 System Checkpoint
    12-07-2016 21:16:08 System Checkpoint
    15-07-2016 14:01:00 System Checkpoint
    16-07-2016 19:20:19 System Checkpoint
    17-07-2016 19:53:43 System Checkpoint
    22-07-2016 14:39:53 System Checkpoint
    29-07-2016 12:48:01 Installed User Profile Hive Cleanup Service
    01-08-2016 13:13:42 Removed User Profile Hive Cleanup Service

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (08/02/2016 01:25:15 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll.
    Reference error message: The operation completed successfully.
    .

    Error: (08/02/2016 01:25:15 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Resolve Partial Assembly failed for Avast.VC140.CRT.
    Reference error message: The referenced assembly is not installed on your system.
    .

    Error: (08/02/2016 01:25:15 PM) (Source: SideBySide) (EventID: 32) (User: )
    Description: Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

    Error: (08/02/2016 01:14:38 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll.
    Reference error message: The operation completed successfully.
    .

    Error: (08/02/2016 01:14:38 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Resolve Partial Assembly failed for Avast.VC140.CRT.
    Reference error message: The referenced assembly is not installed on your system.
    .

    Error: (08/02/2016 01:14:38 PM) (Source: SideBySide) (EventID: 32) (User: )
    Description: Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

    Error: (08/02/2016 12:58:46 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll.
    Reference error message: The operation completed successfully.
    .

    Error: (08/02/2016 12:58:46 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Resolve Partial Assembly failed for Avast.VC140.CRT.
    Reference error message: The referenced assembly is not installed on your system.
    .

    Error: (08/02/2016 12:58:46 PM) (Source: SideBySide) (EventID: 32) (User: )
    Description: Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

    Error: (08/02/2016 12:58:42 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll.
    Reference error message: The operation completed successfully.
    .


    ==================== Memory info ===========================

    Processor: Genuine Intel® CPU T2400 @ 1.83GHz
    Percentage of memory in use: 73%
    Total physical RAM: 1014.11 MB
    Available physical RAM: 266.05 MB
    Total Virtual: 2963.14 MB
    Available Virtual: 2137.18 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:74.53 GB) (Free:41.81 GB) NTFS ==>[drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: BFFFBFFF)
    Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,007 posts
    • MVP

    Not an infection.  Apparently you need a new Soft56 modem driver.  Looking at Dell there are two Conexant  modem drivers so I would try both of them:

     

     

    http://www.dell.com/...?driverId=3P747

     

    http://www.dell.com/...n&categoryId=CM

     

    See if they will install.

     

    The other problem I see is that Avast install is hanging.  I would download a new copy then uninstall the old one and reboot then install the new.

     

    If you still have your slowness problem:

     

    Start Run, msconfig, OK
    Go to Services tab and click on the box to hide Microsoft Services then uncheck
    everything that remains.  Go to Startup tab and uncheck everything.  OK and
    reboot.  If it doesn't shutdown faster then go back into msconfig and recheck the
    things you turned off.  If it helps then go back and turn on a few items each
    time until you find the culprit

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP