Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Dell Computer Very Slow to Shutdown

Started by monkeyboyblues , Jul 27 2016 10:50 AM

Please log in to reply

#1
monkeyboyblues

Posted 27 July 2016 - 10:50 AM

Member

Member
146 posts

Running XP and have a Dell Lattitude D620.

Lagging when trying to open shutdown menu and lagging when selected to shutdown.

#2
RKinner

Posted 28 July 2016 - 10:38 AM

Malware Expert

Expert
24,625 posts

You might want to try UPHCLEAN:

http://www.majorgeek...up_service.html

If that doesn't help then:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Double-click VEW.exe

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

(Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

#3
monkeyboyblues

Posted 01 August 2016 - 11:31 AM

Member

Topic Starter
Member
146 posts

Having a problem with the event viewer link.

#4
RKinner

Posted 01 August 2016 - 08:14 PM

Malware Expert

Expert
24,625 posts

Seems to work OK. It doesn't take you to a page. Just starts the download.

#5
monkeyboyblues

Posted 02 August 2016 - 10:53 AM

Member

Topic Starter
Member
146 posts

Vino's Event Viewer v01c run on Windows XP in English
Report run at 02/08/2016 12:47:36 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/08/2016 12:34:47 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The XAudioService service failed to start due to the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 01/08/2016 11:15:06 PM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 01/08/2016 11:12:38 PM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 01/08/2016 7:08:31 PM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 10.10.4.72 for the Network Card with network address 0016CF6B0602 has been denied by the DHCP server 192.168.169.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 01/08/2016 7:06:23 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The XAudioService service failed to start due to the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 01/08/2016 1:27:46 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll. Reference error message: The operation completed successfully. .

Log: 'System' Date/Time: 01/08/2016 1:27:46 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error message: The referenced assembly is not installed on your system. .

Log: 'System' Date/Time: 01/08/2016 1:27:46 PM
Type: error Category: 0
Event: 32 Source: SideBySide
Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Log: 'System' Date/Time: 01/08/2016 1:27:41 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll. Reference error message: The operation completed successfully. .

Log: 'System' Date/Time: 01/08/2016 1:27:41 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error message: The referenced assembly is not installed on your system. .

Log: 'System' Date/Time: 01/08/2016 1:27:41 PM
Type: error Category: 0
Event: 32 Source: SideBySide
Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Log: 'System' Date/Time: 01/08/2016 1:23:49 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The XAudioService service failed to start due to the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 01/08/2016 1:22:36 PM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 01/08/2016 1:20:02 PM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/08/2016 12:34:55 PM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 01/08/2016 8:16:38 PM
Type: warning Category: 0
Event: 1006 Source: Dhcp
Your computer was unable to automatically configure the IP parameters for the Network Card with the network address 0016CF6B0602. The following error occurred during configuration: The DHCP client has obtained an IP address that is already in use on the network. The local interface will be disabled until the DHCP client can obtain a new address. .

Log: 'System' Date/Time: 01/08/2016 7:09:32 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0016CF6B0602. The IP address being used is 169.254.239.32.

Log: 'System' Date/Time: 01/08/2016 7:06:26 PM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 01/08/2016 1:23:51 PM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
alg.exe       1,136 K   3,508 K   1280   Application Layer Gateway Service   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
AvastSvc.exe       40,104 K   38,648 K   1576   avast! Service   AVAST Software   (Verified) AVAST Software a.s.
avastui.exe       25,240 K   13,264 K   2688   avast! Antivirus   AVAST Software   (Verified) AVAST Software a.s.
BCMWLTRY.EXE       3,844 K   8,224 K   1540   DW WLAN Card Wireless Network Controller   Dell Inc.   (No signature was present in the subject) Dell Inc.
c2c_service.exe       3,516 K   6,048 K   196   Skype C2C Service   Skype Technologies S.A.   (Verified) Skype Technologies SA
csrss.exe       1,700 K   3,816 K   832   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
ctfmon.exe       872 K   3,596 K   2880   CTF Loader   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
hkcmd.exe       688 K   2,880 K   2768   hkcmd Module   Intel Corporation   (Verified) Microsoft Windows Hardware Compatibility Publisher
hpqste08.exe       10,316 K   15,496 K   3452   HP CUE Status   Hewlett-Packard Co.   (No signature was present in the subject) Hewlett-Packard Co.
hpqtra08.exe       7,568 K   10,772 K   3076   HP Digital Imaging Monitor   Hewlett-Packard Co.   (No signature was present in the subject) Hewlett-Packard Co.
hprblog.exe       788 K   2,796 K   3564   Hewlett-Packard Product Assistant   Hewlett-Packard Co.   (No signature was present in the subject) Hewlett-Packard Co.
hpwuSchd2.exe       584 K   2,204 K   2648   Hewlett-Packard Product Assistant   Hewlett-Packard Co.   (No signature was present in the subject) Hewlett-Packard Co.
igfxpers.exe       668 K   2,928 K   2844   persistence Module   Intel Corporation   (Verified) Microsoft Windows Hardware Compatibility Publisher
instup.exe       73,992 K   74,360 K   3828   avast! Antivirus Installer   AVAST Software   (Verified) AVAST Software a.s.
lsass.exe       3,812 K   896 K   912   LSA Shell (Export Version)   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
msmsgs.exe       1,368 K   2,040 K   2868   Windows Messenger   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
notepad.exe       980 K   736 K   2504   Notepad   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
QuickDCF2.exe       1,064 K   3,984 K   3004   Exif Launcher 2   FUJIFILM Corporation   (No signature was present in the subject) FUJIFILM Corporation
rundll32.exe       1,952 K   2,864 K   2572   Run a DLL as an App   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
scardsvr.exe       864 K   2,592 K   1860   Smart Card Resource Management Server   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
services.exe       1,704 K   3,468 K   900   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
smss.exe       172 K   408 K   784   Windows NT Session Manager   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
spoolsv.exe       4,016 K   6,176 K   1792   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
svchost.exe       3,116 K   5,016 K   1088   Generic Host Process for Win32 Services   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
svchost.exe       1,916 K   4,468 K   1156   Generic Host Process for Win32 Services   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
svchost.exe       2,336 K   3,260 K   1236   Generic Host Process for Win32 Services   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
svchost.exe       1,336 K   3,528 K   1284   Generic Host Process for Win32 Services   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
svchost.exe       1,772 K   4,688 K   1380   Generic Host Process for Win32 Services   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
svchost.exe       2,396 K   4,280 K   344   Generic Host Process for Win32 Services   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
svchost.exe       14,592 K   24,976 K   1196   Generic Host Process for Win32 Services   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
UpdateChecker.exe       34,128 K   32,524 K   2916   FileHippo.com Update Checker   FileHippo.com   (No signature was present in the subject) FileHippo.com
winlogon.exe       6,664 K   2,360 K   856   Windows NT Logon Application   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
WLTRAY.EXE       2,364 K   7,184 K   2668   DW WLAN Card Wireless Network Tray Applet   Dell Inc.   (No signature was present in the subject) Dell Inc.
WLTRYSVC.EXE       400 K   1,576 K   1508           (No signature was present in the subject)
wmiprvse.exe       1,820 K   4,780 K   3912   WMI   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
wscntfy.exe       548 K   2,240 K   1712   Windows Security Center Notification App   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
Interrupts   < 0.01   0 K   0 K   n/a   Hardware Interrupts and DPCs
explorer.exe   0.77   15,352 K   23,232 K   2316   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
System   0.77   0 K   252 K   4
procexp.exe   2.31   26,540 K   23,396 K   2644   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
firefox.exe   3.08   372,088 K   373,004 K   3572   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
System Idle Process   93.08   0 K   28 K   0

#6
RKinner

Posted 02 August 2016 - 11:41 AM

Malware Expert

Expert
24,625 posts

Log: 'System' Date/Time: 02/08/2016 12:34:47 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The XAudioService service failed to start due to the following error: %1 is not a valid Win32 application.

The XAudioService is sometimes associated with a Zero Access infection so I think I will have this moved to our Malware forum.

Get FRST from

http://www.bleepingc...very-scan-tool/

You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. (Expect you have a 32 bit system) Only one will work and that's the right one.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Check the Addition.txt box

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#7
monkeyboyblues

Posted 02 August 2016 - 11:50 AM

Member

Topic Starter
Member
146 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2016
Ran by Administrator (administrator) on LATITUDED620 (02-08-2016 13:47:19)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(FileHippo.com) C:\Program Files\FileHippo.com\UpdateChecker.exe
(FUJIFILM Corporation) C:\Program Files\FinePixViewer\QuickDCF2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [REGSHAVE] => C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NVHotkey] => rundll32.exe nvHotkey.dll,Start
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-05-11] (Hewlett-Packard Co.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2498560 2010-10-29] (Dell Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-11] (AVAST Software)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-07-14] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-07-14] (Intel Corporation)
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\zalmaninstaller_52330\otshotcomponent39.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\zalmaninstaller_52330\otshotcomponent39.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\zalmaninstaller_52330\otshotcomponent39.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\zalmaninstaller_52330\otshotcomponent39.exe <====== ATTENTION
HKU\S-1-5-21-515967899-1604221776-1417001333-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-515967899-1604221776-1417001333-500\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-515967899-1604221776-1417001333-500\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-515967899-1604221776-1417001333-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-01-28] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk [2011-09-29]
ShortcutTarget: ExifLauncher2.lnk -> C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-10-04]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 4.2.2.2
Tcpip\..\Interfaces\{3D27322F-F708-4BD9-BFB0-B4DBBD8B4353}: [DhcpNameServer] 192.168.1.1 192.168.0.1
Tcpip\..\Interfaces\{9C365071-9F7B-41CF-AA92-AF6A97F3D08C}: [DhcpNameServer] 8.8.8.8 4.2.2.2

Internet Explorer:
==================
HKU\S-1-5-21-515967899-1604221776-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-28] (AVAST Software)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-28] (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default
FF Homepage: hxxps://www.ixquick.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_111.dll [2016-07-27] ()
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll [2011-06-07] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2003-07-14] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: Video DownloadHelper - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-07-05]
FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-07-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-07-06] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-07-06] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-28] [not signed]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-28]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-28]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-28]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-28]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-28]
CHR HKLM\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-28]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-28] (AVAST Software)
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2232320 2010-10-29] (Dell Inc.) [File not signed]
S2 XAudioService; C:\WINDOWS\system32\DRIVERS\xaudio.exe [386560 2006-08-04] (Conexant Systems, Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-02-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-28] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-19] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-28] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-28] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-28] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-19] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2649216 2010-10-29] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys [986624 2006-10-18] (Conexant Systems, Inc.) [File not signed]
R3 HSXHWAZL; C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys [206848 2006-10-18] (Conexant Systems, Inc.) [File not signed]
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-19] (Conexant) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 PCX500; C:\WINDOWS\System32\DRIVERS\pcx500.sys [169984 2008-04-13] (Cisco Systems)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [659968 2006-10-18] (Conexant Systems, Inc.) [File not signed]
R2 XAudio; C:\WINDOWS\System32\DRIVERS\xaudio.sys [8192 2006-08-04] (Conexant Systems, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-02 13:47 - 2016-08-02 13:48 - 00026535 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-08-02 13:47 - 2016-08-02 13:47 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion
2016-08-02 12:53 - 2016-08-02 12:53 - 00005299 _____ C:\Documents and Settings\Administrator\Desktop\System Idle Process.txt
2016-08-02 12:48 - 2016-08-02 12:49 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Administrator\Desktop\procexp.exe
2016-08-02 12:47 - 2016-08-02 12:47 - 00005111 _____ C:\VEW.txt
2016-08-02 12:46 - 2016-08-02 12:46 - 00061440 _____ ( ) C:\Documents and Settings\Administrator\Desktop\VEW.exe
2016-08-02 12:44 - 2016-08-02 12:44 - 00087510 _____ C:\Documents and Settings\Administrator\Desktop\3470_001.pdf
2016-08-01 13:05 - 2016-08-01 13:07 - 209185064 _____ C:\Documents and Settings\Administrator\Desktop\Tchaikovsky - Symphony No 5 in E minor, Op 64 - Mravinsky.mp4
2016-08-01 13:03 - 2016-08-01 13:06 - 158007980 _____ C:\Documents and Settings\Administrator\Desktop\P. I. Tchaikovsky - Violin Concerto in D major, Op. 35 - Itz.mp4
2016-08-01 13:00 - 2016-08-01 13:03 - 299619482 _____ C:\Documents and Settings\Administrator\Desktop\Russian Easter Overture, op. 36. Nikolai Rimsky-Korsakov (18.mp4
2016-07-20 17:21 - 2016-07-20 17:24 - 125133196 _____ C:\Documents and Settings\Administrator\Desktop\How to Set your Training for Muscle Growth.mp4
2016-07-18 10:30 - 2006-07-14 17:03 - 00139264 _____ (Intel Corporation) C:\WINDOWS\system32\igfxres.dll
2016-07-18 10:26 - 2006-07-14 17:49 - 00023232 _____ C:\WINDOWS\system32\igxpxs32.vp
2016-07-18 10:26 - 2006-07-14 17:30 - 01170140 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ialmnt5.sys
2016-07-18 10:26 - 2006-07-14 17:29 - 00956026 _____ (Intel Corporation) C:\WINDOWS\system32\ialmdd5.dll
2016-07-18 10:26 - 2006-07-14 17:22 - 00238650 _____ (Intel Corporation) C:\WINDOWS\system32\ialmdev5.dll
2016-07-18 10:26 - 2006-07-14 17:22 - 00121467 _____ (Intel Corporation) C:\WINDOWS\system32\ialmdnt5.dll
2016-07-18 10:26 - 2006-07-14 17:22 - 00061440 _____ (Intel Corporation) C:\WINDOWS\system32\iAlmCoIn_v4634.dll
2016-07-18 10:26 - 2006-07-14 17:22 - 00049152 _____ (Intel Corporation) C:\WINDOWS\system32\ialmrem.dll
2016-07-18 10:26 - 2006-07-14 17:22 - 00045694 _____ (Intel Corporation) C:\WINDOWS\system32\ialmrnt5.dll
2016-07-18 10:26 - 2006-07-14 17:15 - 00524288 _____ (Intel Corporation) C:\WINDOWS\system32\igldev32.dll
2016-07-18 10:26 - 2006-07-14 17:14 - 02318336 _____ (Intel Corporation) C:\WINDOWS\system32\iglicd32.dll
2016-07-18 10:26 - 2006-07-14 17:08 - 00155648 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
2016-07-18 10:26 - 2006-07-14 17:08 - 00155648 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
2016-07-18 10:26 - 2006-07-14 17:08 - 00151552 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
2016-07-18 10:26 - 2006-07-14 17:08 - 00151552 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresp.lrc
2016-07-18 10:26 - 2006-07-14 17:08 - 00143360 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
2016-07-18 10:26 - 2006-07-14 17:08 - 00131072 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
2016-07-18 10:26 - 2006-07-14 17:08 - 00118784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2016-07-18 10:26 - 2006-07-14 17:08 - 00098304 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
2016-07-18 10:26 - 2006-07-14 17:08 - 00098304 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
2016-07-18 10:26 - 2006-07-14 17:08 - 00081920 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
2016-07-18 10:26 - 2006-07-14 17:08 - 00081920 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
2016-07-18 10:26 - 2006-07-14 17:08 - 00040960 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2016-07-18 10:26 - 2006-07-14 17:07 - 01503232 _____ (Intel Corporation) C:\WINDOWS\system32\igfxress.dll
2016-07-18 10:26 - 2006-07-14 17:07 - 00143360 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
2016-07-18 10:26 - 2006-07-14 17:07 - 00114688 _____ (Intel Corporation) C:\WINDOWS\system32\igfxzoom.exe
2016-07-18 10:26 - 2006-07-14 17:07 - 00094208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
2016-07-18 10:26 - 2006-07-14 17:07 - 00094208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2016-07-18 10:26 - 2006-07-14 17:06 - 00450560 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcfg.exe
2016-07-18 10:26 - 2006-07-14 17:06 - 00081920 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
2016-07-18 10:26 - 2006-07-14 17:04 - 00163840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
2016-07-18 10:26 - 2006-07-14 17:04 - 00086016 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll
2016-07-18 10:26 - 2006-07-14 17:04 - 00061440 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll
2016-07-18 10:26 - 2006-07-14 17:03 - 00139264 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
2016-07-18 10:26 - 2006-07-14 17:03 - 00139264 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
2016-07-18 10:26 - 2006-07-14 16:58 - 00524850 _____ C:\WINDOWS\system32\igxpxa32.cpa
2016-07-18 10:26 - 2006-07-14 16:58 - 00058704 _____ C:\WINDOWS\system32\igxpxk32.vp
2016-07-18 10:26 - 2006-07-14 16:58 - 00000929 _____ C:\WINDOWS\system32\igxpxa32.vp
2016-07-18 10:25 - 2016-07-18 10:25 - 04682616 _____ C:\Documents and Settings\Administrator\Desktop\R135765.EXE
2016-07-18 10:25 - 2006-07-14 17:04 - 00077824 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2016-07-18 10:25 - 2006-07-14 17:03 - 00073728 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.dll
2016-07-14 11:21 - 2016-07-14 11:22 - 00025280 _____ C:\Documents and Settings\Administrator\Desktop\MTB.txt
2016-07-14 11:19 - 2016-07-14 11:19 - 00892416 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\MiniToolBox.exe
2016-07-14 11:19 - 2016-07-14 11:19 - 00002401 _____ C:\Documents and Settings\Administrator\Desktop\FSS.txt
2016-07-14 11:18 - 2016-07-14 11:18 - 00899584 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FSS.exe
2016-07-14 11:11 - 2016-07-14 11:11 - 00248961 _____ C:\Documents and Settings\Administrator\Desktop\STATUS-COURSE-CONTRACT.pdf
2016-07-14 11:06 - 2016-07-14 11:06 - 00101104 _____ C:\Documents and Settings\Administrator\Desktop\f9465.pdf
2016-07-13 15:38 - 2016-07-13 15:39 - 00175459 _____ C:\Documents and Settings\Administrator\Desktop\i9465.pdf
2016-07-13 15:37 - 2016-07-13 15:37 - 00439526 _____ C:\Documents and Settings\Administrator\Desktop\i1040sc--2014.pdf
2016-07-12 10:00 - 2016-07-20 17:10 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-12 09:29 - 2016-07-12 09:29 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-12 09:29 - 2016-07-12 09:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-12 09:29 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-12 09:29 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-07-12 09:24 - 2016-07-12 09:29 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-11 16:08 - 2016-07-12 22:03 - 00000000 ____D C:\AdwCleaner
2016-07-11 16:07 - 2016-07-11 16:07 - 03712064 _____ C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
2016-07-10 16:49 - 2016-07-10 16:49 - 02485096 _____ C:\Documents and Settings\Administrator\Desktop\i1040a--2014.pdf
2016-07-09 12:38 - 2016-07-09 12:39 - 01610560 _____ (Malwarebytes) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2016-07-07 13:25 - 2016-08-02 13:47 - 00000000 ____D C:\FRST
2016-07-07 13:24 - 2016-08-02 13:47 - 01744384 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2016-07-06 10:00 - 2016-07-09 12:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-04 10:38 - 2016-07-04 10:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\iolo
2016-07-04 10:38 - 2016-07-04 10:45 - 00065536 _____ C:\WINDOWS\system32\config\iolo App.evt
2016-07-04 10:38 - 2016-07-04 10:38 - 00074703 _____ C:\WINDOWS\system32\mfc45.dat
2016-07-04 10:38 - 2016-07-04 10:38 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\iolo

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-02 13:48 - 2011-04-15 15:06 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-08-02 13:41 - 2013-09-07 01:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-02 13:20 - 2014-04-20 17:45 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-02 13:00 - 2014-01-19 13:46 - 00000378 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-08-02 12:34 - 2014-04-20 17:45 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-02 12:34 - 2011-04-15 15:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-01 23:15 - 2011-04-15 15:06 - 00032620 _____ C:\WINDOWS\SchedLgU.Txt
2016-08-01 23:13 - 2011-04-15 15:06 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-08-01 23:10 - 2011-10-05 18:30 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
2016-08-01 13:03 - 2011-11-17 00:27 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2016-08-01 12:03 - 2014-01-28 17:13 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2016-08-01 12:02 - 2013-04-08 14:20 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\SCORES
2016-08-01 11:39 - 2008-04-14 08:00 - 00001374 _____ C:\WINDOWS\system32\wpa.dbl
2016-07-27 11:42 - 2012-07-10 15:25 - 00800448 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-07-27 11:42 - 2011-11-18 11:32 - 00143040 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-07-21 09:23 - 2011-04-15 15:06 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-07-20 17:49 - 2011-04-15 15:06 - 00000000 ____D C:\Documents and Settings\Administrator
2016-07-18 12:49 - 2012-05-16 11:18 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2016-07-18 12:48 - 2012-07-27 20:14 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Finale Files
2016-07-18 12:48 - 2011-09-29 15:12 - 00000000 ____D C:\Program Files\FinePixViewer
2016-07-18 10:26 - 2011-04-15 09:41 - 00000000 ___HD C:\WINDOWS\inf
2016-07-14 10:53 - 2012-08-30 18:32 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-07-12 11:45 - 2012-06-07 23:21 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\FinePrint files
2016-07-12 10:25 - 2011-04-15 15:06 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2016-07-12 09:29 - 2012-06-30 16:14 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2016-07-12 09:24 - 2012-06-30 16:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2016-07-12 09:24 - 2012-06-30 16:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2016-07-10 16:52 - 2012-05-16 19:13 - 00000000 ____D C:\Documents and Settings\Administrator\dwhelper
2016-07-09 12:28 - 2011-04-15 15:03 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2016-07-06 19:15 - 2012-05-23 10:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-06 10:55 - 2013-10-20 18:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330
2016-07-06 09:37 - 2012-06-30 16:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-07-05 09:44 - 2011-04-15 14:59 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-04 13:59 - 2011-11-14 22:23 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-04 13:59 - 2011-04-15 16:14 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2016-07-04 10:44 - 2011-04-15 15:26 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2016-07-04 10:44 - 2011-04-15 09:41 - 00000000 ____D C:\WINDOWS\Help
2016-07-03 10:15 - 2015-08-15 14:21 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Solutions for Creditors

==================== Files in the root of some directories =======

2012-05-16 19:21 - 2014-04-01 17:11 - 0019968 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-13 21:12 - 2012-08-13 21:12 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2013-07-10 23:15 - 2013-11-16 15:15 - 0019472 __RSH () C:\Documents and Settings\All Users\Application Data\3002.abs
2013-07-10 23:15 - 2014-03-18 17:12 - 0000100 __RSH () C:\Documents and Settings\All Users\Application Data\3002.xml
2011-10-04 11:17 - 2012-08-13 21:22 - 0002399 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-07-2016
Ran by Administrator (2016-08-02 13:48:56)
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-04-15 19:02:58)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-515967899-1604221776-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-515967899-1604221776-1417001333-1003 - Limited - Enabled)
Guest (S-1-5-21-515967899-1604221776-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-515967899-1604221776-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-515967899-1604221776-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Out of date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5600 (Version: 50.0.206.000 - Hewlett-Packard) Hidden
5600_Help (Version: 50.0.206.000 - Hewlett-Packard) Hidden
5600Trb (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.61 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.111 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AiO_Scan (Version: 50.0.206.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Audacity 2.0 (HKLM\...\Audacity_is1) (Version: - Audacity Team)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
Avery DesignPro (HKLM\...\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}) (Version: - )
Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.22.11 - Broadcom Corporation)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
ConverterLite 1.4.0 (HKLM\...\ConverterLite) (Version: 1.4.0 - ConverterLite)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DeviceFunctionQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 5.2.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DocumentViewerQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.18.47 - Dell Inc.)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
EZdrummer (HKLM\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.3.0 - Toontrack)
EZXCocktail (HKLM\...\{147567F0-8575-4BE0-B5B3-62706C67FA5A}) (Version: 1.2.4 - Toontrack)
Fax (Version: 50.0.206.000 - Hewlett-Packard) Hidden
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - )
Finale NotePad 2012 (HKLM\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
FinePix Studio (HKLM\...\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}) (Version: - )
FinePixViewer Resource (HKLM\...\{B44529FF-501E-47CD-A06D-223C161BE058}) (Version: 1.2 - FUJIFILM Corporation)
FinePixViewer Ver.5.4 (HKLM\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.4 - FUJIFILM Corporation)
FinePrint (HKLM\...\FinePrint) (Version: 7.04 - FinePrint Software, LLC)
FUJIFILM USB Driver (HKLM\...\{5490882C-6961-11D5-BAE5-00E0188E010B}) (Version: - )
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HP Document Viewer 5.3 (HKLM\...\HP Document Viewer) (Version: 5.3 - HP)
HP Extended Capabilities 5.3 (HKLM\...\HPExtendedCapabilities) (Version: 5.3 - HP)
HP Image Zone Express (HKLM\...\{FE64AE29-0883-4C70-8388-DC026019C900}) (Version: 1.5.1.29 - Hewlett-Packard)
HP Imaging Device Functions 5.3 (HKLM\...\HP Imaging Device Functions) (Version: 5.3 - HP)
HP PSC & OfficeJet 5.3.B (HKLM\...\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}) (Version: - HP)
HP Solution Center & Imaging Support Tools 5.3 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 5.3 - HP)
HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden
I-Doser Free (HKLM\...\I-Doser) (Version: 5.0 - I-Doser.com)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4634 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Midisport 1x1 1.0.1.0 (HKLM\...\MidiSport1x1) (Version: - )
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version: - )
NewCopy (Version: 50.0.206.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
OZ776 SCR Driver V1.1.4.202 (HKLM\...\InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}) (Version: 1.1.4.202 - O2Micro)
OZ776 SCR Driver V1.1.4.202 (Version: 1.1.4.202 - O2Micro) Hidden
PanoStandAlone (Version: 53.0.13.000 - Hewlett-Packard) Hidden
ProductContext (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Readme (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 5.2.0.0 - Hewlett-Packard) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden
Status (Version: 53.0.13.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toontrack solo (HKLM\...\{5866520C-8857-4986-833A-039F4584C3F7}) (Version: 1.3.1 - Toontrack)
TrayApp (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Unload (Version: 5.0.0 - Hewlett-Packard) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
ZSMC USB PC Camera (ZS211) (HKLM\...\{44D02D8B-FFB3-4245-8D26-68D10B4C4023}) (Version: 2007.07.05 - ZSMC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-04-15 16:18 - 2010-10-29 10:14 - 00025088 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2011-04-15 16:18 - 2010-10-29 10:14 - 00761856 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2014-07-03 16:00 - 2014-07-03 15:03 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070301\algo.dll
2011-04-15 16:18 - 2010-10-29 10:14 - 00143360 _____ () C:\WINDOWS\system32\preflib.dll
2014-01-19 13:42 - 2014-01-19 13:42 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-09-29 15:12 - 2007-02-16 20:01 - 00081920 _____ () C:\Program Files\FinePixViewer\wia_register_event.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 01288192 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 08:00 - 2014-01-19 12:27 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515967899-1604221776-1417001333-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 8.8.8.8 - 4.2.2.2
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe] => Enabled:hpqcopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe] => Enabled:hpfccopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe] => Enabled:hpqphunl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe] => Enabled:hpqdia.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dmwu.exe] => Enabled:dmwu
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

==================== Restore Points =========================

23-04-2016 19:30:00 System Checkpoint
26-04-2016 13:51:22 System Checkpoint
27-04-2016 19:15:05 System Checkpoint
29-04-2016 21:13:56 System Checkpoint
11-05-2016 13:18:03 System Checkpoint
20-05-2016 10:11:20 System Checkpoint
26-05-2016 12:11:47 System Checkpoint
28-05-2016 19:42:45 System Checkpoint
31-05-2016 11:37:39 System Checkpoint
04-06-2016 14:07:04 System Checkpoint
06-06-2016 16:31:12 System Checkpoint
08-06-2016 19:54:37 System Checkpoint
15-06-2016 09:57:58 System Checkpoint
16-06-2016 11:16:47 System Checkpoint
17-06-2016 11:42:27 System Checkpoint
26-06-2016 15:16:39 System Checkpoint
28-06-2016 10:22:15 System Checkpoint
29-06-2016 21:56:28 System Checkpoint
02-07-2016 21:44:04 System Checkpoint
03-07-2016 21:57:17 System Checkpoint
06-07-2016 19:54:51 System Checkpoint
08-07-2016 09:54:31 Removed NetAssistant
09-07-2016 12:24:19 Restore Point Created by FRST
09-07-2016 12:41:41 JRT Pre-Junkware Removal
10-07-2016 19:06:49 System Checkpoint
11-07-2016 19:35:41 System Checkpoint
12-07-2016 21:16:08 System Checkpoint
15-07-2016 14:01:00 System Checkpoint
16-07-2016 19:20:19 System Checkpoint
17-07-2016 19:53:43 System Checkpoint
22-07-2016 14:39:53 System Checkpoint
29-07-2016 12:48:01 Installed User Profile Hive Cleanup Service
01-08-2016 13:13:42 Removed User Profile Hive Cleanup Service

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (08/02/2016 01:25:15 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll.
Reference error message: The operation completed successfully.
.

Error: (08/02/2016 01:25:15 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Avast.VC140.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (08/02/2016 01:25:15 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (08/02/2016 01:14:38 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll.
Reference error message: The operation completed successfully.
.

Error: (08/02/2016 01:14:38 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Avast.VC140.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (08/02/2016 01:14:38 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (08/02/2016 12:58:46 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll.
Reference error message: The operation completed successfully.
.

Error: (08/02/2016 12:58:46 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Avast.VC140.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (08/02/2016 12:58:46 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (08/02/2016 12:58:42 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll.
Reference error message: The operation completed successfully.
.

==================== Memory info ===========================

Processor: Genuine Intel® CPU T2400 @ 1.83GHz
Percentage of memory in use: 73%
Total physical RAM: 1014.11 MB
Available physical RAM: 266.05 MB
Total Virtual: 2963.14 MB
Available Virtual: 2137.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:41.81 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: BFFFBFFF)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================