Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop not performing well

slow

  • Please log in to reply

#1
BAMBAM3

BAMBAM3

    Member

  • Member
  • PipPip
  • 39 posts

Recently my laptop has been acting up,  here's a rundown of what I've experienced...

 

can't remove programs either with cc cleaner or remove/add programs

laptop seems to work fine for about 30 min then everything runs slow.

programs take long to load

web browser is slow to load, once running it's slow to load pages and/or stop working

when I run in safe mode w/networking everything is fast

no sound

I can't download, if I am able to download I have to do it within 5-10min otherwise laptop won't do anything.

 

I need help figuring out what can be wrong.

 

Thank you in advance


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Normally working OK for 30 minutes and then slowing down would indicate overheating caused by dust buildup.  Since it does work OK in safe mode  w/ networking you may have a program running in regular mode which is overdriving the CPU and causing the overheating.

 

Try downloading:

 

Process Explorer in Safe Mode w/ networking

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.

Shutdown.

Then boot into regular mode (let it cool down a bit before you restart it)

and repeat the creating a log process.

 

You may want to try to download speedfan to monitor your temps:

 

http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray

 

Also tell me which version of Windows this is.

 

If you can:

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

Safe Mode will work but regular mode would be best.

 

As an option, in safe mode, search for:

 

msconfig

 

hit Enter

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains.  Go to Startup tab and uncheck everything.  OK and
reboot into regular mode.  Do you still have the problem?  If not one of the items you unchecked is the culprit..  You can go back into msconfig and recheck about half of the items then reboot and see if it comes back.  If not recheck half of the remaining items and reboot.  Takes a while but you may be able to find and leave unchecked the culprit.

 

 


  • 0

#3
BAMBAM3

BAMBAM3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
AdAwareService.exe        307,928 K    185,112 K    1640    Ad-Aware service    Lavasoft    (Verified) Lavasoft Limited
AdAwareTray.exe        12,280 K    17,864 K    316    Ad-Aware tray    Lavasoft    (Verified) Lavasoft Limited
csrss.exe        1,564 K    13,492 K    1216    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
explorer.exe        12,296 K    18,888 K    896    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
firefox.exe        239,500 K    242,780 K    2480    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
lsass.exe        2,692 K    1,548 K    1296    LSA Shell (Export Version)    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
MBAMService.exe        137,036 K    144,664 K    1700    Malwarebytes Service    Malwarebytes    (Verified) Malwarebytes Corporation
mbamtray.exe        21,780 K    26,848 K    2672    Malwarebytes Tray Application    Malwarebytes    (Verified) Malwarebytes Corporation
procexp.exe        20,780 K    26,376 K    2956    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
services.exe        1,740 K    3,448 K    1284    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
smss.exe        172 K    432 K    1164    Windows NT Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,792 K    4,292 K    1532    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,528 K    3,840 K    1928    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,124 K    3,024 K    232    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        9,820 K    16,876 K    1752    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        3,032 K    4,952 K    1468    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
System        0 K    232 K    4            
winlogon.exe        3,660 K    3,044 K    1240    Windows NT Logon Application    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
wmiprvse.exe        1,848 K    5,036 K    3828    WMI    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
Interrupts    < 0.01    0 K    0 K    n/a    Hardware Interrupts and DPCs        
System Idle Process    100.00    0 K    28 K    0            

 


  • 0

#4
BAMBAM3

BAMBAM3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2017
Ran by Owner (administrator) on DC37XBG1 (16-10-2017 13:52:33)
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Broadcom Corporation) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
() C:\Program Files\MightyText\MightyText.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [hpbdfawep] => C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [954368 2007-04-25] ()
HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-26] ( )
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-04-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe [8063200 2016-07-18] ()
Winlogon\Notify\gemsafe: C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [2006-11-16] (Gemplus)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7658200 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\RunOnce: [Adobe Speed Launcher] => 1508178899
HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\Policies\Explorer: [NoInstrumentation] 0
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\StartUp\MightyText.lnk [2017-08-30]
ShortcutTarget: MightyText.lnk -> C:\Program Files\MightyText\MightyText.exe ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2353950098-3329062116-105310447-1009\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CA132009-7BFD-4A88-A9CA-4A96555A3DEC}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080520
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2353950098-3329062116-105310447-1009\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-2353950098-3329062116-105310447-1009\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2353950098-3329062116-105310447-1009 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2353950098-3329062116-105310447-1009 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-2353950098-3329062116-105310447-1009 -> {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =
SearchScopes: HKU\S-1-5-21-2353950098-3329062116-105310447-1009 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2353950098-3329062116-105310447-1009 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-2353950098-3329062116-105310447-1009 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.9.1.12&locale=en_US&guid=F695C1C5-CDCE-4F65-A085-1A5D1AC22B78&doi=2016-09-01&gct=sb&qsrc=2869
SearchScopes: HKU\S-1-5-21-2353950098-3329062116-105310447-1009 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-14] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-2353950098-3329062116-105310447-1009 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2353950098-3329062116-105310447-1009 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-2353950098-3329062116-105310447-1009 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-2353950098-3329062116-105310447-1009 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pmqrwhgo.default [2017-10-16]
FF user.js: detected! => C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pmqrwhgo.default\user.js [2014-01-08]
FF DefaultSearchEngine: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pmqrwhgo.default -> Bing
FF DefaultSearchEngine.US: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pmqrwhgo.default -> Bing
FF SearchEngineOrder.1: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pmqrwhgo.default -> Search By ZoneAlarm
FF Homepage: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pmqrwhgo.default -> google.com/
FF Keyword.URL: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pmqrwhgo.default -> hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&gu=e03a708a44834b8cbc46f0ce08229f28&tu=10GXz008x2B0CO0&sku=&tstsId=&ver=&&q=
FF NetworkProxy: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pmqrwhgo.default -> type", 4
FF Extension: (Autofill Forms) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pmqrwhgo.default\Extensions\[email protected] [2017-05-07]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pmqrwhgo.default\Extensions\[email protected] [2017-04-14]
FF Extension: (Ghostery) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pmqrwhgo.default\Extensions\[email protected] [2017-09-02]
FF Extension: (AutoFill Forms) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pmqrwhgo.default\Extensions\[email protected] [2017-05-19]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pmqrwhgo.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-12-16] [not signed]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pmqrwhgo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-24] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2353950098-3329062116-105310447-1009: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Owner\Local Settings\Application Data\Citrix\Plugins\92\npappdetector.dll [2013-02-12] (Citrix Online)

Chrome:
=======
CHR NewTab: Default ->  Not-active:"chrome-extension://gfoabcdjalmeenbjjngidappmppchblc/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-10-11]
CHR Extension: (Google Slides) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-18]
CHR Extension: (Google Docs) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-18]
CHR Extension: (Google Drive) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-18]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-10-09]
CHR Extension: (Google Search) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-18]
CHR Extension: (Norton Home Page for Chrome) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2017-04-27]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Screenwise Meter) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmieefkpoaagiboijfjhidningfpomge [2017-06-01]
CHR Extension: (Screenwise Meter) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbmclfdibpffglligfnnppjocdlhgjbb [2017-06-01]
CHR Extension: (Norton Safe) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2017-04-27]
CHR Extension: (Office Online) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2017-09-14]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-13] (Adobe Systems Incorporated) [File not signed]
R2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2015-03-12] (Oracle Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [664040 2016-07-18] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [486400 2007-08-31] (Wave Systems Corp.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1552384 2007-11-08] () [File not signed]
S3 WaveEnrollmentService; C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe [192512 2007-09-13] (Wave Systems Corp.) [File not signed]
S2 cmdAgent; no ImagePath
S3 Fax; no ImagePath
S3 MozillaMaintenance; no ImagePath
S2 ST2012_Svc; no ImagePath
S2 TdmService; no ImagePath
R2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe /Processid:{BDFEFE06-0F3F-44F4-984D-3BF2A1CA8D75}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1254920 2016-01-05] (BitDefender)
R3 avchv; C:\WINDOWS\System32\DRIVERS\avchv.sys [261400 2016-01-05] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [638976 2016-01-05] (BitDefender)
R2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation) [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2007-10-09] (Broadcom Corp.)
R3 Bdfndisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.1.0\Drivers\bdfndisf.sys [113616 2016-02-16] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.1.0\Drivers\bdftdif.sys [131432 2016-02-16] (BitDefender LLC)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [18096 2012-11-07] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [497952 2012-11-07] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [32640 2012-11-07] (COMODO)
S3 dg_ssudbus; C:\WINDOWS\System32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 DXEC01; C:\WINDOWS\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics) [File not signed]
S3 eapihdrv; C:\Documents and Settings\Owner\Local Settings\Temp\ehdrv.sys [135760 2017-10-10] (ESET)
S3 EnumProcessesDriver; C:\WINDOWS\System32\drivers\EnumProcessesDriver.sys [17800 2011-07-14] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59904 2017-10-04] ()
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [62208 2007-11-28] (O2Micro)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\gzflt.sys [175008 2016-04-28] (BitDefender LLC)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [150816 2017-10-11] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40384 2017-10-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2017-10-16] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NielGfx; C:\WINDOWS\System32\drivers\nielgfx.sys [9088 2009-12-29] (The Nielsen Company)
R0 nielprt; C:\WINDOWS\System32\DRIVERS\nielprt.sys [24192 2009-12-29] (The Nielsen Company)
R0 PBADRV; C:\WINDOWS\System32\DRIVERS\PBADRV.sys [26608 2007-09-07] (Dell Inc)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 ssudmdm; C:\WINDOWS\System32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-12-05] (SigmaTel, Inc.)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [428832 2016-04-28] (BitDefender S.R.L.)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]
R2 WavxDMgr; C:\WINDOWS\System32\DRIVERS\WavxDMgr.sys [161280 2007-09-10] (Wave Systems Corp.) [File not signed]
S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
S0 Inspect; System32\DRIVERS\inspect.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
S3 WaveFDE; system32\DRIVERS\WaveFDE.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-16 13:52 - 2017-10-16 13:53 - 000022293 _____ C:\Documents and Settings\Owner\Desktop\FRST.txt
2017-10-16 13:51 - 2017-10-16 13:52 - 000000000 ____D C:\FRST
2017-10-16 13:47 - 2017-10-16 13:48 - 001798144 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2017-10-16 13:42 - 2017-10-16 13:42 - 000000316 _____ C:\WINDOWS\Tasks\HP WEP.job
2017-10-16 13:01 - 2017-10-16 13:06 - 000000000 ____D C:\Documents and Settings\Administrator\Desktop\SpeedFan
2017-10-16 13:01 - 2017-10-16 13:01 - 000000598 _____ C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
2017-10-16 13:01 - 2017-10-16 13:01 - 000000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\SpeedFan
2017-10-16 12:58 - 2017-10-16 12:58 - 003086696 _____ C:\Documents and Settings\Administrator\Desktop\instspeedfan452 (1).exe
2017-10-16 12:56 - 2017-10-16 12:56 - 000002501 _____ C:\Documents and Settings\Administrator\Desktop\System Idle Process.txt
2017-10-16 12:47 - 2017-10-16 12:47 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Administrator\Desktop\procexp.exe
2017-10-12 22:23 - 2017-10-12 22:23 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2017-10-12 22:15 - 2017-10-12 22:15 - 000000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2017-10-12 17:12 - 2017-10-12 17:13 - 000041008 _____ C:\Documents and Settings\Owner\My Documents\cc_20171012_171251.reg
2017-10-12 11:37 - 2017-10-12 11:37 - 000000000 ____D C:\Program Files\DSP-worx
2017-10-12 11:32 - 2008-02-15 22:23 - 000027648 _____ (IDT, Inc.) C:\Documents and Settings\Owner\Desktop\suhlp.exe
2017-10-12 11:31 - 2008-02-15 22:25 - 000102400 _____ (IDT, Inc.) C:\Documents and Settings\Owner\Desktop\stacsv.exe
2017-10-12 11:29 - 2006-12-18 20:37 - 000181467 _____ C:\Documents and Settings\Owner\Desktop\DolbyTabActivate.exe
2017-10-12 10:05 - 2017-10-12 10:05 - 000000000 ____D C:\RegBackup
2017-10-11 16:47 - 2017-10-11 16:47 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2017-10-11 16:47 - 2017-10-11 16:47 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2017-10-11 14:09 - 2017-10-11 14:10 - 000003156 _____ C:\DelFix.txt
2017-10-11 14:05 - 2017-10-11 14:07 - 000000000 ____D C:\EEK
2017-10-11 10:32 - 2017-10-11 12:22 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-10-11 10:08 - 2017-10-16 12:50 - 000629954 _____ C:\WINDOWS\ntbtlog.txt
2017-10-10 10:58 - 2017-10-10 10:58 - 000000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2017-10-10 08:18 - 2017-10-11 14:17 - 000150816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-10-10 08:17 - 2017-10-16 13:35 - 000040384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-10 08:17 - 2017-10-16 13:34 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-10 08:16 - 2017-10-10 08:16 - 000001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-10-10 08:16 - 2017-10-10 08:16 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-10-10 08:16 - 2017-10-04 13:15 - 000059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-10-09 22:46 - 2017-10-09 22:46 - 000000000 ____D C:\Documents and Settings\Owner\Application Data\Lavasoft
2017-10-09 22:12 - 2017-10-09 22:12 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\BitDefender
2017-10-09 21:52 - 2017-10-09 21:52 - 000000000 ____D C:\Documents and Settings\Owner\Application Data\LavasoftStatistics
2017-10-09 21:51 - 2016-02-16 16:52 - 000842368 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdsmtpp.dll
2017-10-09 21:51 - 2016-02-16 16:52 - 000179560 _____ (BitDefender) C:\WINDOWS\system32\BdFirewallSDK.dll
2017-10-09 21:51 - 2016-02-16 16:52 - 000161544 _____ (BitDefender) C:\WINDOWS\system32\httproxy.dll
2017-10-09 21:51 - 2016-02-16 16:52 - 000136824 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdpop3p.dll
2017-10-09 21:51 - 2016-02-16 16:52 - 000135288 _____ C:\WINDOWS\system32\bdfwcore.dll
2017-10-09 21:51 - 2016-02-16 16:52 - 000110568 _____ (BitDefender) C:\WINDOWS\system32\OEMbdpredir.dll
2017-10-09 21:51 - 2016-02-16 16:52 - 000086896 _____ (BitDefender) C:\WINDOWS\system32\bdpredir.dll
2017-10-09 21:47 - 2017-10-16 13:36 - 000002051 _____ C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2017-10-09 21:46 - 2017-10-09 21:46 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
2017-10-09 21:42 - 2017-10-09 21:42 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2017-10-09 21:37 - 2017-10-09 21:37 - 000000000 ____D C:\Program Files\Lavasoft
2017-10-09 21:33 - 2017-10-09 21:33 - 000000000 ____D C:\Program Files\Common Files\Lavasoft
2017-10-09 21:33 - 2017-10-09 21:33 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft
2017-10-09 10:47 - 2017-10-11 16:41 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-09 09:54 - 2017-10-09 20:40 - 000000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\SlimWare Utilities Inc
2017-10-09 09:54 - 2017-10-09 09:54 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\SlimWare Utilities Inc
2017-09-27 12:09 - 2017-09-27 12:09 - 000000670 _____ C:\Documents and Settings\Owner\Desktop\Shortcut to tdsskiller.lnk
2017-09-19 00:59 - 2017-09-19 00:59 - 000000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2017-09-19 00:57 - 2017-09-19 00:57 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\adaware

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-16 13:53 - 2017-08-08 23:05 - 000000000 ____D C:\Documents and Settings\Owner\Local Settings\Temp
2017-10-16 13:35 - 2014-06-05 23:27 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-10-16 13:34 - 2004-08-11 17:11 - 000000000 ____D C:\WINDOWS\Registration
2017-10-16 13:34 - 2004-08-11 17:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-10-16 13:33 - 2010-11-30 13:53 - 000000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
2017-10-16 13:32 - 2014-03-22 21:43 - 000000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-10-16 13:32 - 2004-08-11 17:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-16 13:07 - 2004-08-11 17:20 - 000000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2017-10-16 13:04 - 2012-11-28 22:47 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-10-16 13:01 - 2012-12-26 00:23 - 000000045 ____C C:\WINDOWS\system32\initdebug.nfo
2017-10-16 12:40 - 2010-11-30 13:53 - 000000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2017-10-16 12:40 - 2004-08-11 17:20 - 000032510 _____ C:\WINDOWS\SchedLgU.Txt
2017-10-12 22:24 - 2008-05-20 12:15 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2017-10-12 22:15 - 2008-05-20 12:15 - 000000000 ____D C:\Program Files\Google
2017-10-12 22:15 - 2004-08-11 17:20 - 000000000 ____D C:\Documents and Settings\Administrator
2017-10-12 12:53 - 2012-12-07 14:31 - 000000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
2017-10-12 12:52 - 2012-12-07 14:31 - 000000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Dell
2017-10-12 12:51 - 2016-07-29 02:50 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2017-10-12 12:51 - 2008-05-20 11:49 - 000000000 ____D C:\Program Files\Dell
2017-10-12 11:55 - 2008-06-26 13:32 - 000000000 ____D C:\MDT
2017-10-12 11:43 - 2010-12-07 01:22 - 000000210 ____C C:\WINDOWS\hpbafd.ini
2017-10-12 11:32 - 2004-08-11 17:02 - 000000000 ____D C:\WINDOWS\inf
2017-10-12 11:08 - 2004-08-11 17:02 - 000000000 _RSHD C:\WINDOWS\system32\dllcache
2017-10-12 11:07 - 2016-02-27 21:37 - 000000000 ____D C:\WINDOWS\LastGood
2017-10-12 10:17 - 2004-08-11 17:07 - 000708096 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-12 10:05 - 2004-08-11 17:02 - 000000000 ____D C:\WINDOWS\repair
2017-10-11 16:41 - 2017-02-21 18:19 - 000000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2017-10-11 16:41 - 2017-02-21 18:19 - 000000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2017-10-11 12:25 - 2014-05-03 21:34 - 000000000 ___HD C:\a
2017-10-11 10:12 - 2008-05-20 12:25 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2017-10-10 16:06 - 2010-11-30 13:53 - 000000000 ____D C:\Documents and Settings\Owner
2017-10-09 16:27 - 2011-05-15 00:05 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-10-09 11:22 - 2015-05-28 17:22 - 000000000 ____D C:\Program Files\ESET
2017-10-09 10:50 - 2004-08-11 17:20 - 000000000 ___SD C:\Documents and Settings\NetworkService
2017-10-09 10:50 - 2004-08-11 17:20 - 000000000 ___SD C:\Documents and Settings\LocalService
2017-10-09 10:49 - 2017-02-21 18:19 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-10-09 09:04 - 2012-12-06 01:51 - 000000000 ____D C:\Program Files\SpywareBlaster
2017-09-19 00:59 - 2004-08-11 17:02 - 000000000 ____D C:\WINDOWS\system32\mui
2017-09-17 14:41 - 2012-12-06 01:51 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2017-09-17 14:40 - 2015-07-27 21:30 - 000040924 __RSH C:\Documents and Settings\All Users\ntuser.pol
2017-09-17 14:40 - 2004-08-11 17:06 - 000000000 ____D C:\Documents and Settings\All Users

==================== Files in the root of some directories =======

2011-04-14 13:55 - 2011-04-14 13:55 - 000009627 ____C () C:\Documents and Settings\Owner\Application Data\Carbonviewdata_04142011_125545.zip
2011-04-15 13:43 - 2011-04-15 13:43 - 000009552 ____C () C:\Documents and Settings\Owner\Application Data\Carbonviewdata_04152011_124425.zip
2011-04-19 16:26 - 2011-04-19 16:26 - 000009035 ____C () C:\Documents and Settings\Owner\Application Data\Carbonviewdata_04192011_152634.zip
2011-04-19 17:33 - 2011-04-19 17:33 - 000009516 ____C () C:\Documents and Settings\Owner\Application Data\Carbonviewdata_04192011_163418.zip
2011-04-23 14:43 - 2011-04-23 14:43 - 000009101 ____C () C:\Documents and Settings\Owner\Application Data\Carbonviewdata_04232011_134429.zip
2011-01-26 15:20 - 2011-12-05 20:22 - 000000770 ____C () C:\Documents and Settings\Owner\Application Data\Rim.Desktop.Exception.log
2011-01-26 15:18 - 2012-05-29 22:43 - 000004037 ____C () C:\Documents and Settings\Owner\Application Data\Rim.Desktop.HttpServerSetup.log
2011-07-30 14:57 - 2011-12-05 20:22 - 000000385 ____C () C:\Documents and Settings\Owner\Application Data\Rim.DesktopHelper.Exception.log
2016-05-03 18:39 - 2016-05-03 18:39 - 000322989 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2016-05-03 18:39 - 2016-05-03 18:39 - 000205092 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2010-12-15 20:45 - 2012-07-12 17:18 - 000019456 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-03 13:52 - 2016-05-03 13:52 - 000000036 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2010-11-30 13:53 - 2010-11-30 13:54 - 000000000 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\WavXMapDrive.bat

Files to move or delete:
====================
C:\Documents and Settings\Owner\BTImages.dat


Some files in TEMP:
====================
2015-02-10 12:56 - 2015-02-10 12:56 - 000105984 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\sfextra.dll
2017-09-19 00:57 - 2017-09-19 00:57 - 003327000 _____ () C:\Documents and Settings\Owner\Local Settings\Temp\2b6b5898-3736-4665-8a28-addfecb56ccf.exe
2017-09-14 16:14 - 2017-09-14 16:14 - 000740416 _____ (Oracle Corporation) C:\Documents and Settings\Owner\Local Settings\Temp\jre-8u144-windows-au.exe
2017-09-27 11:49 - 2014-08-25 23:07 - 004181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Owner\Local Settings\Temp\{89E27F04-BA9C-473E-9519-0E2D2F51EBD2}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================


  • 0

#5
BAMBAM3

BAMBAM3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2017
Ran by Owner (16-10-2017 13:54:04)
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2008-05-27 19:09:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2353950098-3329062116-105310447-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2353950098-3329062116-105310447-1010 - Limited - Enabled)
Guest (S-1-5-21-2353950098-3329062116-105310447-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2353950098-3329062116-105310447-1007 - Limited - Disabled)
Owner (S-1-5-21-2353950098-3329062116-105310447-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-2353950098-3329062116-105310447-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Enabled - Up to date) {22CB8761-914A-11CF-B705-00AA0062CBB7}
AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: ESET Smart Security 8.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Ad-Aware Firewall (Disabled) {9211320F-6C40-4035-BBDE-3C96ED504F33}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{D36B4583-E804-406B-9D56-F97931286C5B}) (Version: 8.1.2 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM\...\{3F5DFA1C-DAD9-49F7-B40D-DE40559C439F}_AdAwareUpdater) (Version: 11.12.945.9202 - Lavasoft)
AdAwareInstaller (HKLM\...\{5EE5C200-BA6E-487C-AEB3-00D6030BE9BA}) (Version: 11.12.945.9202 - Lavasoft) Hidden
AdAwareUpdater (HKLM\...\{3F5DFA1C-DAD9-49F7-B40D-DE40559C439F}) (Version: 11.12.945.9202 - Lavasoft) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.5920 - Adobe Systems Incorporated)
Adobe Connect Add-in (HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
AntimalwareEngine (HKLM\...\{20334FA5-6CD5-48FC-B5F9-D34D75E07845}) (Version: 3.0.129.0 - Lavasoft) Hidden
AntispamEngine (HKLM\...\{0DC5FA19-8E63-4777-AEB7-FEFDA6C3C057}) (Version: 2.4.4263.0 - Lavasoft) Hidden
AuthenTec Fingerprint Sensor Minimum Install (HKLM\...\{EB4DF30B-102B-4F0C-927A-D50E037A325D}) (Version: 7.8.1.0 - AuthenTec, Inc.) Hidden
AvcEngine (HKLM\...\{28349A67-1D99-45A6-A1C1-C5B6D1DF937A}) (Version: 3.11.12293.0 - Lavasoft) Hidden
biolsp patch (HKLM\...\{9593C6E5-205E-45C3-B785-05CF146CA76A}) (Version: 01.00.02.0005 - Wave Systems Corp) Hidden
Broadcom ASF Management Applications (HKLM\...\{27E25625-DB51-42E6-BEB7-0C8DC878770C}) (Version: 10.13.02 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.01 - Broadcom Corporation)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Capture Screenshot lite version 15 (HKLM\...\{BE2B6229-7D74-414B-8636-7B8F60C4525C}_is1) (Version: 15 - GutmannSoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.2.0 - Business Objects)
DC-Bass Source Mod 1.5.2.1 (HKLM\...\DC-Bass Source Mod) (Version:  - )
Dell Drivers MSI (HKLM\...\{5EC5F187-9D2B-4051-8906-88656819A869}) (Version: 01.00.00.0010 - Wave Systems Corp) Hidden
Dell Embassy Trust Suite by Wave Systems (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 02.01.00.026 - Wave Systems Corp)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.1.101.6 - )
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DisplayLink Core Software (HKLM\...\{D21BDA13-5E4C-401D-8353-2543251B40E2}) (Version: 7.4.51572.0 - DisplayLink Corp.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
FirewallEngine (HKLM\...\{115C1C6A-15A2-48B1-A599-79F1AA1A03F6}) (Version: 1.6.1.0 - Lavasoft) Hidden
Gemalto (HKLM\...\{EF05BA0F-AC15-4D12-AC5C-276225F5E751}) (Version: 01.00.00.0010 - Wave Systems Corp) Hidden
GemSafe Standard Edition 5.1 (HKLM\...\{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}) (Version: 5.10.000.007 - GEMPLUS) Hidden
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HP LaserJet P1000 series (HKLM\...\HP LaserJet P1000 series) (Version:  - )
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HPCarePackCore (HKLM\...\{7B02BF60-796D-4616-908B-B31A63CFDEFB}) (Version: 10.0.0.1 - Hewlett-Packard)
HPCarePackProducts (HKLM\...\{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}) (Version: 1.0.0.1 - HP) Hidden
hppMSRedist (HKLM\...\{58ECE031-9AAD-4011-B34A-BC78E77527E2}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
hppusgP1000 (HKLM\...\{F1AC923B-2A52-4C5D-8011-5FC83CD58CF4}) (Version: 1.1.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
IntelliSonic Speech Enhancement (HKLM\...\{D9FCA292-1186-421F-8D93-9A5D272AD5D0}) (Version: 2.1.37 - Knowles Acoustics)
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
K-Lite Codec Pack 5.9.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 5.9.0 - )
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MarketResearch (HKLM\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
MFCLOC (HKLM\...\{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}) (Version: 1.00.0000 - Dell Inc.) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Small Business 2007 (HKLM\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (HKLM\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MightyText (HKLM\...\{87B9BBD8-C449-4885-AD4F-97957734F734}_is1) (Version: 1.0 - MightyText)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
Mozilla Firefox 52.4.1 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.4.1 ESR (x86 en-US)) (Version: 52.4.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.4.1 - Mozilla)
MrvlUsgTracking (HKLM\...\{A82D052A-0806-42DF-80CD-1730A1AC0ED3}) (Version: 1.0.7 - Marvell)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (HKLM\...\{32343DB6-9A52-40C9-87E4-5E7C79791C87}) (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
NTRU TCG Software Stack (HKLM\...\{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}) (Version: 2.1.25 - NTRU Cryptosystems) Hidden
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OnlineThreatsEngine (HKLM\...\{26F31E12-3722-45FD-903B-49012286BB4C}) (Version: 3.0.1.23 - Lavasoft) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0 - Dell)
Samsung Kies3 (HKLM\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
tsp patch (HKLM\...\{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}) (Version: 01.00.00.0000 - Wave Systems Corp) Hidden
Ultra Defragmenter (HKLM\...\UltraDefrag) (Version: 6.1.0 - UltraDefrag Development Team)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
upekmsi (HKLM\...\{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}) (Version: 02.00.03.0000 - Wave Systems Corp) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Wave Infrastructure Installer (HKLM\...\{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}) (Version: 05.00.01.0050 - Wave Systems Corp) Hidden
Wave Support Software (HKLM\...\{07D618CD-B016-438A-ADC9-A75BD23F85CE}) (Version: 05.07.00.026 - Wave Systems Corp) Hidden
Wave Support Software (HKLM\...\InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}) (Version: 05.07.00.026 - Wave Systems Corp) Hidden
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} =>  -> No File
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareShellExtension.dll [2016-07-18] ()
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareShellExtension.dll [2016-07-18] ()
ContextMenuHandlers3: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2007-05-18] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HP WEP.job => C:\Program Files\HP\Dfawep\bin\hpbdfawep.exeOwner$Task for execution of hpbdfawep.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Owner\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2001-11-17 14:25 - 2001-11-17 14:25 - 000094274 _____ () C:\WINDOWS\system32\HPBHealr.dll
2016-07-18 20:22 - 2016-07-18 20:22 - 000664040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
2016-07-18 20:25 - 2016-07-18 20:25 - 000026880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_system-vc140-mt-1_61.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000055560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_date_time-vc140-mt-1_61.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000122632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_filesystem-vc140-mt-1_61.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 008996600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareServiceKernel.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 002454224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\RCF.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000670976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_regex-vc140-mt-1_61.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000099072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_thread-vc140-mt-1_61.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000035584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_chrono-vc140-mt-1_61.dll
2016-07-18 20:24 - 2016-07-18 20:24 - 000772336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareActivation.dll
2016-07-18 20:24 - 2016-07-18 20:24 - 000490752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareApplicationUpdater.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000668912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareGamingMode.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000090856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareReset.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000109280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTime.dll
2016-07-18 20:24 - 2016-07-18 20:24 - 000829184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdater.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000721168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdaterScheduler.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000862960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareIgnoreList.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000210672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareQuarantine.dll
2016-07-18 20:24 - 2016-07-18 20:24 - 001295104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiMalwareEngine.dll
2016-07-18 20:24 - 2016-07-18 20:24 - 000179968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiRootkitEngine.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000903416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerHistory.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 001074408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScanner.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000035584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_timer-vc140-mt-1_61.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000806648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerScheduler.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000948992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtection.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 002242808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareIncompatibles.dll
2016-07-18 20:24 - 2016-07-18 20:24 - 001205480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiSpam.dll
2016-07-18 20:24 - 2016-07-18 20:24 - 001157360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiPhishing.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 002655480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareParentalControl.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 002807544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareWebProtection.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 001044728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareEmailProtection.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000055048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_iostreams-vc140-mt-1_61.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 001513728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareNetworkProtection.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000829672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwarePromo.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000373480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareFeedback.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 002424576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareThreatWorkAlliance.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 001044200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwarePinCode.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000831208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareNotice.dll
2016-07-18 20:24 - 2016-07-18 20:24 - 001270000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAvcEngine.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000915728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtectionHistory.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000424176 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareStatistics.dll
2017-10-09 21:51 - 2016-02-16 16:52 - 000135288 _____ () C:\WINDOWS\system32\bdfwcore.dll
2017-10-11 10:30 - 2017-10-11 10:30 - 000859344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc1\ashttpbr.mdl
2017-10-11 10:30 - 2017-10-11 10:30 - 000466568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc1\ashttpdsp.mdl
2017-10-11 10:30 - 2017-10-11 10:30 - 002660936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc1\ashttpph.mdl
2017-10-11 10:30 - 2017-10-11 10:30 - 001303008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc1\ashttprbl.mdl
2017-10-10 08:16 - 2017-10-04 13:15 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 008063200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
2016-07-18 20:25 - 2016-07-18 20:25 - 000403712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_locale-vc140-mt-1_61.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 001888488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\HtmlFramework.dll
2016-07-18 20:25 - 2016-07-18 20:25 - 000869624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTrayDefaultSkin.dll
2017-08-30 20:24 - 2016-07-13 15:23 - 001959600 _____ () C:\Program Files\MightyText\MightyText.exe
2017-08-30 20:24 - 2014-03-07 11:56 - 000117262 _____ () C:\Program Files\MightyText\libgcc_s_dw2-1.dll
2017-08-30 20:24 - 2014-03-07 11:56 - 000970766 _____ () C:\Program Files\MightyText\libstdc++-6.dll
2017-08-30 20:24 - 2014-01-15 01:36 - 003347428 _____ () C:\Program Files\MightyText\icuin52.dll
2017-08-30 20:24 - 2014-01-15 01:36 - 001992280 _____ () C:\Program Files\MightyText\icuuc52.dll
2017-08-30 20:24 - 2014-01-15 01:36 - 023544786 _____ () C:\Program Files\MightyText\icudt52.dll
2017-08-30 20:24 - 2014-09-11 07:00 - 001276928 _____ () C:\Program Files\MightyText\platforms\qwindows.dll
2017-08-30 20:24 - 2014-09-11 07:14 - 000051200 _____ () C:\Program Files\MightyText\imageformats\qdds.dll
2017-08-30 20:24 - 2014-09-11 06:58 - 000031232 _____ () C:\Program Files\MightyText\imageformats\qgif.dll
2017-08-30 20:24 - 2014-09-11 07:14 - 000042496 _____ () C:\Program Files\MightyText\imageformats\qicns.dll
2017-08-30 20:24 - 2014-09-11 06:58 - 000033280 _____ () C:\Program Files\MightyText\imageformats\qico.dll
2017-08-30 20:24 - 2014-09-11 07:15 - 000509440 _____ () C:\Program Files\MightyText\imageformats\qjp2.dll
2017-08-30 20:24 - 2014-09-11 06:59 - 000242176 _____ () C:\Program Files\MightyText\imageformats\qjpeg.dll
2017-08-30 20:24 - 2014-09-11 07:15 - 000363008 _____ () C:\Program Files\MightyText\imageformats\qmng.dll
2017-08-30 20:24 - 2014-09-11 07:02 - 000027136 _____ () C:\Program Files\MightyText\imageformats\qsvg.dll
2017-08-30 20:24 - 2014-09-11 07:15 - 000027136 _____ () C:\Program Files\MightyText\imageformats\qtga.dll
2017-08-30 20:24 - 2014-09-11 07:15 - 000423936 _____ () C:\Program Files\MightyText\imageformats\qtiff.dll
2017-08-30 20:24 - 2014-09-11 07:15 - 000026112 _____ () C:\Program Files\MightyText\imageformats\qwbmp.dll
2017-08-30 20:24 - 2014-09-11 07:16 - 000341504 _____ () C:\Program Files\MightyText\imageformats\qwebp.dll
2017-08-30 20:24 - 2014-09-11 06:58 - 000053760 _____ () C:\Program Files\MightyText\bearer\qgenericbearer.dll
2017-08-30 20:24 - 2014-09-11 06:59 - 000058368 _____ () C:\Program Files\MightyText\bearer\qnativewifibearer.dll
2004-08-11 17:00 - 2013-01-02 01:49 - 001292288 _____ () C:\WINDOWS\system32\quartz.dll
2017-09-13 17:35 - 2017-09-13 17:35 - 020107264 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_130.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [125]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 [144]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2353950098-3329062116-105310447-1009\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 17:00 - 2012-12-06 01:29 - 000000098 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.1.254
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk =>
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk =>
MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^StartUp^ZooskMessenger.lnk =>
MSCONFIG\startupreg: ATT_McciTrayApp =>
MSCONFIG\startupreg: HPUsageTracking => C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
MSCONFIG\startupreg: KADxMain => C:\WINDOWS\system32\KADxMain.exe
MSCONFIG\startupreg: KiesPDLR =>
MSCONFIG\startupreg: KiesPreload =>
MSCONFIG\startupreg: KiesTrayAgent =>
MSCONFIG\startupreg: Malwarebytes' Anti-Malware =>
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: SecureUpgrade =>
MSCONFIG\startupreg: SpywareTerminatorUpdate =>
MSCONFIG\startupreg: WavXMgr =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe] => Enabled:CyberLink PowerDVD DX
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe] => Enabled:CyberLink PowerDVD DX Resident Program
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe] => Enabled:CyberLink PowerDVD DX
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe] => Enabled:CyberLink PowerDVD DX Resident Program
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\java.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Restore Points =========================

11-10-2017 14:10:12 System Checkpoint
11-10-2017 14:10:12 System Checkpoint
11-10-2017 14:10:12 System Checkpoint
11-10-2017 14:10:12 System Checkpoint
11-10-2017 14:10:13 System Checkpoint
11-10-2017 14:10:13 Software Distribution Service 3.0
11-10-2017 14:10:13 System Checkpoint
11-10-2017 14:10:13 System Checkpoint
11-10-2017 14:10:13 System Checkpoint
11-10-2017 14:10:14 System Checkpoint
11-10-2017 14:10:14 System Checkpoint
11-10-2017 14:10:14 Software Distribution Service 3.0
11-10-2017 14:10:14 Removed ESET Smart Security
11-10-2017 14:10:14 Removed Java 7 Update 25
11-10-2017 14:10:14 System Checkpoint
11-10-2017 14:10:15 Installed Windows Defender
11-10-2017 14:10:15 Windows Defender Checkpoint
11-10-2017 14:10:15 Installed Samsung Kies3
11-10-2017 14:10:16 Removed Windows Defender
11-10-2017 14:10:16 Installed Windows Defender
11-10-2017 14:10:16 Installed Windows XP KB942288-v3.
11-10-2017 14:10:16 AA11
11-10-2017 14:10:17 Restore Operation
11-10-2017 14:10:17 SlimDrivers Installing Drivers
11-10-2017 14:10:17 Restore Operation
11-10-2017 14:10:18 AA11
11-10-2017 14:10:18 Removed Windows Defender
11-10-2017 14:10:18 AA11
11-10-2017 16:56:16 Removed MrvlUsgTracking

==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Audio Codecs
Description: Audio Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub
Problem: : Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)
Resolution: A driver was loaded but Windows cannot find the device. This happens when Windows does not detect a non-Plug and Play device.
If the device was removed, uninstall the driver, install the device, and then click "Scan for hardware changes" to reinstall the driver. If the hardware was not removed, obtain a new or updated driver for the device.
If the device is a non-Plug and Play device, a newer version of the driver might be needed. To install non-Plug and Play devices, use the Add Hardware wizard.
Click "Performance and Maintenance" on "Control Panel", click "System", and on the "Hardware" tab, click "Add Hardware Wizard".

Name: Legacy Audio Drivers
Description: Legacy Audio Drivers
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub
Problem: : Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)
Resolution: A driver was loaded but Windows cannot find the device. This happens when Windows does not detect a non-Plug and Play device.
If the device was removed, uninstall the driver, install the device, and then click "Scan for hardware changes" to reinstall the driver. If the hardware was not removed, obtain a new or updated driver for the device.
If the device is a non-Plug and Play device, a newer version of the driver might be needed. To install non-Plug and Play devices, use the Add Hardware wizard.
Click "Performance and Maintenance" on "Control Panel", click "System", and on the "Hardware" tab, click "Add Hardware Wizard".

Name: Media Control Devices
Description: Media Control Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub
Problem: : Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)
Resolution: A driver was loaded but Windows cannot find the device. This happens when Windows does not detect a non-Plug and Play device.
If the device was removed, uninstall the driver, install the device, and then click "Scan for hardware changes" to reinstall the driver. If the hardware was not removed, obtain a new or updated driver for the device.
If the device is a non-Plug and Play device, a newer version of the driver might be needed. To install non-Plug and Play devices, use the Add Hardware wizard.
Click "Performance and Maintenance" on "Control Panel", click "System", and on the "Hardware" tab, click "Add Hardware Wizard".

Name: Legacy Video Capture Devices
Description: Legacy Video Capture Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub
Problem: : Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)
Resolution: A driver was loaded but Windows cannot find the device. This happens when Windows does not detect a non-Plug and Play device.
If the device was removed, uninstall the driver, install the device, and then click "Scan for hardware changes" to reinstall the driver. If the hardware was not removed, obtain a new or updated driver for the device.
If the device is a non-Plug and Play device, a newer version of the driver might be needed. To install non-Plug and Play devices, use the Add Hardware wizard.
Click "Performance and Maintenance" on "Control Panel", click "System", and on the "Hardware" tab, click "Add Hardware Wizard".

Name: Video Codecs
Description: Video Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub
Problem: : Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)
Resolution: A driver was loaded but Windows cannot find the device. This happens when Windows does not detect a non-Plug and Play device.
If the device was removed, uninstall the driver, install the device, and then click "Scan for hardware changes" to reinstall the driver. If the hardware was not removed, obtain a new or updated driver for the device.
If the device is a non-Plug and Play device, a newer version of the driver might be needed. To install non-Plug and Play devices, use the Add Hardware wizard.
Click "Performance and Maintenance" on "Control Panel", click "System", and on the "Hardware" tab, click "Add Hardware Wizard".

Name: Microsoft Kernel System Audio Device
Description: Microsoft Kernel System Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: sysaudio
Problem: : Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)
Resolution: A driver was loaded but Windows cannot find the device. This happens when Windows does not detect a non-Plug and Play device.
If the device was removed, uninstall the driver, install the device, and then click "Scan for hardware changes" to reinstall the driver. If the hardware was not removed, obtain a new or updated driver for the device.
If the device is a non-Plug and Play device, a newer version of the driver might be needed. To install non-Plug and Play devices, use the Add Hardware wizard.
Click "Performance and Maintenance" on "Control Panel", click "System", and on the "Hardware" tab, click "Add Hardware Wizard".

Name: Wave System Power Monitor
Description: Wave System Power Monitor
Class Guid: {C85B7C61-6A01-11D2-B841-00C04FAD5173}
Manufacturer: (Standard system devices)
Service: WaveFDE
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2017 01:34:44 PM) (Source: Broadcom ASF IP and SMBIOS Mailbox Monitor) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/12/2017 11:31:45 AM) (Source: STacSV) (EventID: 32767) (User: DC37XBG1)
Description: Event-ID 32767

Error: (10/12/2017 11:16:03 AM) (Source: STacSV) (EventID: 32767) (User: DC37XBG1)
Description: Event-ID 32767

Error: (10/12/2017 11:06:56 AM) (Source: STacSV) (EventID: 32767) (User: DC37XBG1)
Description: Event-ID 32767

Error: (10/11/2017 05:00:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application MightyText.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/11/2017 09:38:10 AM) (Source: Broadcom ASF IP and SMBIOS Mailbox Monitor) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/10/2017 05:35:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mightytext.exe, version 0.0.0.0, faulting module qt5core.dll, version 5.3.2.0, fault address 0x001fe8fa.
Processing media-specific event for [mightytext.exe!ws!]

Error: (10/09/2017 10:40:09 PM) (Source: Broadcom ASF IP and SMBIOS Mailbox Monitor) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/09/2017 08:45:09 PM) (Source: Broadcom ASF IP and SMBIOS Mailbox Monitor) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/09/2017 04:30:17 PM) (Source: MsiInstaller) (EventID: 11706) (User: DC37XBG1)
Description: Product: Windows Defender -- Error 1706. An installation package for the product Windows Defender cannot be found. Try the installation again using a valid copy of the installation package 'WindowsDefender(1).msi'.


System errors:
=============
Error: (10/16/2017 01:34:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NTRU TSS v1.2.1.25 TCS service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/16/2017 01:34:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NTRU TSS v1.2.1.25 TCS service hung on starting.

Error: (10/16/2017 01:32:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The system cannot find the file specified.

Error: (10/16/2017 01:32:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/16/2017 01:32:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/16/2017 01:32:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TdmService service failed to start due to the following error:
The system cannot find the path specified.

Error: (10/16/2017 01:32:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spyware Terminator 2012 Realtime Shield Service service failed to start due to the following error:
The system cannot find the path specified.

Error: (10/16/2017 01:32:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error:
The system cannot find the file specified.

Error: (10/16/2017 01:32:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.

Error: (10/16/2017 01:32:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The COMODO Internet Security Helper Service service failed to start due to the following error:
The system cannot find the path specified.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of memory in use: 50%
Total physical RAM: 3573.9 MB
Available physical RAM: 1786.28 MB
Total Virtual: 5455.3 MB
Available Virtual: 3833.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.44 GB) (Free:31.86 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=94 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Do you have a second Process Explorer log made in regular mode?


  • 0

#7
BAMBAM3

BAMBAM3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Process in regular mode below.

 

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
svchost.exe    46.92    170,452 K    182,828 K    1812    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
System Idle Process    34.62    0 K    28 K    0            
ApMsgFwd.exe    4.62    496 K    2,020 K    2360    ApMsgFwd    Alps Electric Co., Ltd.    (Verified) Alps Electric Co.
System    3.08    0 K    252 K    4            
services.exe    3.08    3,000 K    4,344 K    1360    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
MightyText.exe    3.08    168,392 K    141,660 K    2728            (Verified) Openphone Inc.
Interrupts    1.54    0 K    0 K    n/a    Hardware Interrupts and DPCs        
firefox.exe    1.54    312,048 K    314,288 K    3260    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
svchost.exe    0.77    2,524 K    4,384 K    3264    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
procexp.exe    0.77    25,240 K    32,160 K    3496    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
wuauclt.exe        13,104 K    161,396 K    1664    Windows Update    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
wmiprvse.exe        2,044 K    5,324 K    3616    WMI    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
winlogon.exe        7,996 K    2,096 K    1316    Windows NT Logon Application    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        3,100 K    5,220 K    1548    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,936 K    4,696 K    1616    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,840 K    4,184 K    2040    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,124 K    3,020 K    336    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        10,652 K    12,124 K    2036    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,612 K    3,540 K    432    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
spoolsv.exe        4,876 K    5,980 K    700    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
smss.exe        172 K    432 K    1192    Windows NT Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
scardsvr.exe        912 K    2,700 K    748    Smart Card Resource Management Server    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
rundll32.exe        2,508 K    5,336 K    1952    Run a DLL as an App    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
msdtc.exe        1,912 K    5,116 K    2124    MS DTC console program    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
mbamtray.exe        21,888 K    27,480 K    1516    Malwarebytes Tray Application    Malwarebytes    (Verified) Malwarebytes Corporation
MBAMService.exe        162,396 K    170,288 K    1216    Malwarebytes Service    Malwarebytes    (Verified) Malwarebytes Corporation
lsass.exe        4,340 K    1,728 K    1372    LSA Shell (Export Version)    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
jusched.exe        4,288 K    8,988 K    2088    Java Update Scheduler    Oracle Corporation    (Verified) Oracle America
jqs.exe        2,436 K    1,860 K    496    Java Quick Starter Service    Oracle Corporation    (Verified) Oracle America
hidfind.exe        1,616 K    2,468 K    2408    Alps Pointing-device Driver    Alps Electric Co., Ltd.    (Verified) Microsoft Windows Hardware Compatibility Publisher
explorer.exe        18,036 K    25,632 K    680    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
dllhost.exe        1,548 K    5,020 K    1116    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
dllhost.exe        3,016 K    8,352 K    3732    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
ctfmon.exe        972 K    3,812 K    2280    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
csrss.exe        2,020 K    14,912 K    1288    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
CCleaner.exe        13,816 K    14,596 K    2288    CCleaner    Piriform Ltd    (Verified) Piriform Ltd
AsfIpMon.exe        2,084 K    3,124 K    1932    Broadcom ASF IP and SMBIOS Mailbox Monitor    Broadcom Corporation    (Verified) Broadcom Corporation
Apoint.exe        2,468 K    6,576 K    1980    Alps Pointing-device Driver    Alps Electric Co., Ltd.    (Verified) Microsoft Windows Hardware Compatibility Publisher
ApntEx.exe        912 K    2,920 K    2548    Alps Pointing-device Driver for Windows NT/2000/XP/Vista    Alps Electric Co., Ltd.    (Verified) Microsoft Windows Hardware Compatibility Publisher
alg.exe        1,196 K    3,660 K    2476    Application Layer Gateway Service    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
AdAwareTray.exe        12,292 K    18,168 K    1660    Ad-Aware tray    Lavasoft    (Verified) Lavasoft Limited
AdAwareService.exe        331,108 K    274,760 K    636    Ad-Aware service    Lavasoft    (Verified) Lavasoft Limited

 


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

svchost.exe    46.92    170,452 K    182,828 K    1812    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher

 

is the problem.  Hard to see from this what it does.  Windows uses these to run collections of services.

 

Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt


Open an Elevated Command Prompt:

XP: Start, All Programs, Accessories then  Command Prompt
Win 7:Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.
 


  • 0

#9
BAMBAM3

BAMBAM3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Image Name                   PID Services                                     
========================= ====== =============================================
System Idle Process            0 N/A                                          
System                         4 N/A                                          
smss.exe                    1188 N/A                                          
csrss.exe                   1284 N/A                                          
winlogon.exe                1312 N/A                                          
services.exe                1356 Eventlog, PlugPlay                           
lsass.exe                   1368 PolicyAgent, ProtectedStorage, SamSs         
svchost.exe                 1548 DcomLaunch, TermService                      
svchost.exe                 1612 RpcSs                                        
svchost.exe                 1840 AudioSrv, CryptSvc, Dhcp, dmserver,          
                                 EventSystem, FastUserSwitchingCompatibility,
                                 lanmanworkstation, Netman, Nla, RasMan,      
                                 Schedule, seclogon, SENS, SharedAccess,      
                                 ShellHWDetection, srservice, TapiSrv,        
                                 Themes, TrkWks, w32time, winmgmt, wscsvc,    
                                 wuauserv, WZCSVC                             
svchost.exe                 1984 Dnscache                                     
svchost.exe                  336 LmHosts                                      
spoolsv.exe                  700 Spooler                                      
scardsvr.exe                 744 SCardSvr                                     
AsfIpMon.exe                 112 ASFIPmon                                     
svchost.exe                 1416 BITS                                         
svchost.exe                 1708 HTTPFilter                                   
jqs.exe                     1724 JavaQuickStarterService                      
AdAwareService.exe          1768 LavasoftAdAwareService11                     
dllhost.exe                  412 Wave UCSPlus                                 
MBAMService.exe              452 MBAMService                                  
wuauclt.exe                  488 N/A                                          
explorer.exe                 556 N/A                                          
Apoint.exe                  3404 N/A                                          
jusched.exe                 3416 N/A                                          
AdAwareTray.exe             3464 N/A                                          
ApMsgFwd.exe                3472 N/A                                          
ctfmon.exe                  3572 N/A                                          
CCleaner.exe                3580 N/A                                          
hidfind.exe                 3676 N/A                                          
ApntEx.exe                  3688 N/A                                          
MightyText.exe              4028 N/A                                          
dllhost.exe                 1024 COMSysApp                                    
msdtc.exe                   2432 MSDTC                                        
alg.exe                      636 ALG                                          
mbamtray.exe                2536 N/A                                          
firefox.exe                 3552 N/A                                          
cmd.exe                     1832 N/A                                          
wordpad.exe                 3960 N/A                                          
tasklist.exe                3736 N/A                                          
wmiprvse.exe                1120 N/A                                          
 


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Looks like you must have rebooted between the process explorer log and the tasklist.  I need both done during the same boot in order to see what is going on.  I have to use the PID from Process Explorer to see which svchost is causing the trouble.  When you reboot the PIDs change.


  • 0

#11
BAMBAM3

BAMBAM3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
svchost.exe    50.00    169,604 K    181,344 K    1840    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
System Idle Process    48.44    0 K    28 K    0            
procexp.exe    0.78    18,596 K    25,136 K    196    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
ApMsgFwd.exe    0.78    496 K    2,028 K    3472    ApMsgFwd    Alps Electric Co., Ltd.    (Verified) Alps Electric Co.
Interrupts    < 0.01    0 K    0 K    n/a    Hardware Interrupts and DPCs        
wuauclt.exe        13,612 K    160,672 K    488    Windows Update    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
wmiprvse.exe        1,888 K    5,044 K    3360    WMI    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
winlogon.exe        7,984 K    2,024 K    1312    Windows NT Logon Application    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
System        0 K    252 K    4            
svchost.exe        3,136 K    5,264 K    1548    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,872 K    4,620 K    1612    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,980 K    4,340 K    1984    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,124 K    3,020 K    336    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        5,432 K    7,296 K    1416    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,612 K    3,536 K    1708    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
spoolsv.exe        4,916 K    6,004 K    700    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
smss.exe        172 K    432 K    1188    Windows NT Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
services.exe        3,000 K    5,004 K    1356    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
scardsvr.exe        912 K    2,700 K    744    Smart Card Resource Management Server    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
msdtc.exe        1,912 K    5,116 K    2432    MS DTC console program    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
MightyText.exe        157,384 K    130,572 K    4028            (Verified) Openphone Inc.
mbamtray.exe        20,184 K    24,272 K    2536    Malwarebytes Tray Application    Malwarebytes    (Verified) Malwarebytes Corporation
MBAMService.exe        145,520 K    153,340 K    452    Malwarebytes Service    Malwarebytes    (Verified) Malwarebytes Corporation
lsass.exe        4,216 K    1,160 K    1368    LSA Shell (Export Version)    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
jusched.exe        964 K    3,508 K    3416    Java Update Scheduler    Oracle Corporation    (Verified) Oracle America
jqs.exe        2,424 K    4,196 K    1724    Java Quick Starter Service    Oracle Corporation    (Verified) Oracle America
hidfind.exe        1,616 K    2,452 K    3676    Alps Pointing-device Driver    Alps Electric Co., Ltd.    (Verified) Microsoft Windows Hardware Compatibility Publisher
firefox.exe        335,008 K    330,980 K    2608    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
explorer.exe        18,004 K    25,012 K    556    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
dllhost.exe        1,548 K    5,028 K    412    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
dllhost.exe        3,020 K    8,328 K    1024    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
ctfmon.exe        968 K    3,792 K    3572    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
csrss.exe        2,024 K    15,080 K    1284    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
CCleaner.exe        13,900 K    14,784 K    3580    CCleaner    Piriform Ltd    (Verified) Piriform Ltd
AsfIpMon.exe        2,044 K    3,128 K    112    Broadcom ASF IP and SMBIOS Mailbox Monitor    Broadcom Corporation    (Verified) Broadcom Corporation
Apoint.exe        2,468 K    6,552 K    3404    Alps Pointing-device Driver    Alps Electric Co., Ltd.    (Verified) Microsoft Windows Hardware Compatibility Publisher
ApntEx.exe        912 K    2,920 K    3688    Alps Pointing-device Driver for Windows NT/2000/XP/Vista    Alps Electric Co., Ltd.    (Verified) Microsoft Windows Hardware Compatibility Publisher
alg.exe        1,096 K    3,260 K    636    Application Layer Gateway Service    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
AdAwareTray.exe        12,300 K    18,220 K    3464    Ad-Aware tray    Lavasoft    (Verified) Lavasoft Limited
AdAwareService.exe        333,108 K    237,608 K    1768    Ad-Aware service    Lavasoft    (Verified) Lavasoft Limited

 


  • 0

#12
BAMBAM3

BAMBAM3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Image Name                   PID Services                                     
========================= ====== =============================================
System Idle Process            0 N/A                                          
System                         4 N/A                                          
smss.exe                    1188 N/A                                          
csrss.exe                   1284 N/A                                          
winlogon.exe                1312 N/A                                          
services.exe                1356 Eventlog, PlugPlay                           
lsass.exe                   1368 PolicyAgent, ProtectedStorage, SamSs         
svchost.exe                 1548 DcomLaunch, TermService                      
svchost.exe                 1612 RpcSs                                        
svchost.exe                 1840 AudioSrv, CryptSvc, Dhcp, dmserver,          
                                 EventSystem, FastUserSwitchingCompatibility,
                                 lanmanworkstation, Netman, Nla, RasMan,      
                                 Schedule, seclogon, SENS, SharedAccess,      
                                 ShellHWDetection, srservice, TapiSrv,        
                                 Themes, TrkWks, w32time, winmgmt, wscsvc,    
                                 wuauserv, WZCSVC                             
svchost.exe                 1984 Dnscache                                     
svchost.exe                  336 LmHosts                                      
spoolsv.exe                  700 Spooler                                      
scardsvr.exe                 744 SCardSvr                                     
AsfIpMon.exe                 112 ASFIPmon                                     
svchost.exe                 1416 BITS                                         
svchost.exe                 1708 HTTPFilter                                   
jqs.exe                     1724 JavaQuickStarterService                      
AdAwareService.exe          1768 LavasoftAdAwareService11                     
dllhost.exe                  412 Wave UCSPlus                                 
MBAMService.exe              452 MBAMService                                  
wuauclt.exe                  488 N/A                                          
explorer.exe                 556 N/A                                          
Apoint.exe                  3404 N/A                                          
jusched.exe                 3416 N/A                                          
AdAwareTray.exe             3464 N/A                                          
ApMsgFwd.exe                3472 N/A                                          
ctfmon.exe                  3572 N/A                                          
CCleaner.exe                3580 N/A                                          
hidfind.exe                 3676 N/A                                          
ApntEx.exe                  3688 N/A                                          
MightyText.exe              4028 N/A                                          
dllhost.exe                 1024 COMSysApp                                    
msdtc.exe                   2432 MSDTC                                        
alg.exe                      636 ALG                                          
mbamtray.exe                2536 N/A                                          
firefox.exe                 2608 N/A                                          
procexp.exe                  196 N/A                                          
wmiprvse.exe                3360 N/A                                          
notepad.exe                 3620 N/A                                          
wordpad.exe                  584 N/A                                          
cmd.exe                      292 N/A                                          
tasklist.exe                3736 N/A                                          
wmiprvse.exe                2404 N/A                                          
 


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

svchost.exe                 1840 AudioSrv, CryptSvc, Dhcp, dmserver,          
                                 EventSystem, FastUserSwitchingCompatibility,
                                 lanmanworkstation, Netman, Nla, RasMan,      
                                 Schedule, seclogon, SENS, SharedAccess,      
                                 ShellHWDetection, srservice, TapiSrv,        
                                 Themes, TrkWks, w32time, winmgmt, wscsvc,    
                                 wuauserv, WZCSVC         

 

It would be this one.  It has the most services running on it.  Usually tho it's wuauserv which is windows update.  This one is not important in XP because there are no more updates so best to turn it off.  Right click on My Computer and select Manage then select Services and Applications then Services.  Scroll down to Automatic Updates (I think that's what it is called in XP).  Right click and select Properties then Stop the service.  Change the Startup Type: to Disabled.  Apply.

 

Now look at process explorer again.  Did the svchost.exe CPU usage drop to a smaller value?  If not then it wasn't the culprit but leave it off.  Try stopping the Windows Management Instrumentation if windows update wasn't the problem.


  • 0






Similar Topics


Also tagged with one or more of these keywords: slow

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP