Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer infected?

Started by scoobysnack , Oct 20 2017 10:27 PM

  • Please log in to reply

#1
scoobysnack
Posted 20 October 2017 - 10:27 PM

scoobysnack

    New Member

  • Member
  • Pip
  • 7 posts

I got an older laptop from my brother and I think it may be infected with something. The main things that are weird with it is Mozilla Firefox will not open, as soon as it tries it gives a crash error. The laptop also has an external dvd/burner drive that randomly lights up like it's doing something even when there's no media in it. The laptop also takes an extremely long time to boot up to the point where the HD light finally stops processing and is very sluggish after that. It will also not accept going back to a previous system checkpoint. So not exactly sure what is going on with it, if it's been infected by something or not but just want to make sure it's not compromised before I go any further with it doing anything else. The FRST and FRST Addition texts are below. Thanks in advance for any help checking this out.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2017
Ran by JOE (administrator)  (20-10-2017 23:04:10)
Running from C:\Documents and Settings\JOE\Desktop
Loaded Profiles: JOE (Available Profiles: JOE & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
() C:\WINDOWS\system32\ati2evxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\WINDOWS\system32\QCONSVC.EXE
() C:\WINDOWS\system32\TpKmpSvc.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(IBM Corp.) C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATINOE.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Broadcom Corporation.) C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPKMAPHELPER] => C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [897024 2003-08-08] (IBM Corp.)
HKLM\...\Run: [TP4EX] => C:\WINDOWS\system32\tp4ex.exe [53248 2002-09-04] (IBM Corporation)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe [204800 2002-12-24] (IBM Corp.)
HKLM\...\Run: [UC_SMB] => [X]
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [323976 2010-05-31] (BillP Studios)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [213824 2017-04-24] (AVAST Software)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1064512 2013-11-08] (SEIKO EPSON CORPORATION)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\Run: [Aim6] => [X]
HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATINOE.EXE [262208 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-512943482-2975781445-990895633-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\ssflwbox.scr [393216 2008-04-13] (Microsoft Corporation)
ShellExecuteHooks: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll [126976 2003-08-03] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk [2013-06-18]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Winsock: Catalog9 01 C:\WINDOWS\system32\LavasoftTcpService.dll [326288 2015-03-12] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\system32\LavasoftTcpService.dll [326288 2015-03-12] (Lavasoft Limited)
Winsock: Catalog9 21 C:\WINDOWS\system32\LavasoftTcpService.dll [326288 2015-03-12] (Lavasoft Limited)
Tcpip\..\Interfaces\{2BC8C01C-B69C-49A0-B5B7-F0DC940DE303}: [DhcpNameServer] 4.2.2.1
Tcpip\..\Interfaces\{816A37C5-F853-4B57-AE6F-227475EA9733}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc179
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-512943482-2975781445-990895633-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-512943482-2975781445-990895633-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-512943482-2975781445-990895633-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-512943482-2975781445-990895633-1004 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-512943482-2975781445-990895633-1004 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: No Name -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> No File
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: SpywareGuardDLBLOCK.CBrowserHelper -> {4A368E80-174F-4872-96B5-0B27DDD11DB2} -> C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-03] ()
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll [2003-01-10] (Sonic Solutions)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-28] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2017-04-24] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-28] (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-512943482-2975781445-990895633-1004 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\JOE\Application Data\Mozilla\Firefox\Profiles\md7pmb1b.default [2017-09-30]
FF DefaultSearchEngine: C:\Documents and Settings\JOE\Application Data\Mozilla\Firefox\Profiles\md7pmb1b.default -> Bing
FF DefaultSearchEngine.US: C:\Documents and Settings\JOE\Application Data\Mozilla\Firefox\Profiles\md7pmb1b.default -> Google encrypted
FF SelectedSearchEngine: C:\Documents and Settings\JOE\Application Data\Mozilla\Firefox\Profiles\md7pmb1b.default -> Bing
FF Homepage: C:\Documents and Settings\JOE\Application Data\Mozilla\Firefox\Profiles\md7pmb1b.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (Linkury Smartbar) - C:\Documents and Settings\JOE\Application Data\Mozilla\Firefox\Profiles\md7pmb1b.default\Extensions\helperbar@helperbar(2).com [2012-09-14] [not signed]
FF Extension: (No Name) - C:\Documents and Settings\JOE\Application Data\Mozilla\Firefox\Profiles\md7pmb1b.default\Extensions\nostmp [2012-10-09] [not signed]
FF Extension: (FlashGot) - C:\Documents and Settings\JOE\Application Data\Mozilla\Firefox\Profiles\md7pmb1b.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-12-01]
FF Extension: (NoScript) - C:\Documents and Settings\JOE\Application Data\Mozilla\Firefox\Profiles\md7pmb1b.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) [2012-09-14] [not signed]
FF Extension: (Adblock Plus) - C:\Documents and Settings\JOE\Application Data\Mozilla\Firefox\Profiles\md7pmb1b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-09]
FF SearchPlugin: C:\Documents and Settings\JOE\Application Data\Mozilla\Firefox\Profiles\md7pmb1b.default\searchplugins\google-default.xml [2015-04-24]
FF SearchPlugin: C:\Documents and Settings\JOE\Application Data\Mozilla\Firefox\Profiles\md7pmb1b.default\searchplugins\google-encrypted.xml [2015-04-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-30] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\Alwil Software\Avast5\WebRep\FF48 [2017-04-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\Alwil Software\Avast5\SafePrice\FF48 [2017-04-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-22] ()
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-11-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files\NOS\bin\np_gp.dll [2010-09-01] (NOS Microsystems Ltd.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2007-04-16] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-512943482-2975781445-990895633-1004: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-01-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-01-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-01-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-01-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-01-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-10-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-10-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2007-04-16] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll [2010-09-01] (NOS Microsystems Ltd.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [159744 2003-04-30] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [261712 2017-04-24] (AVAST Software)
S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 CLKMSVC10_B91CB6D3; C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-02] (CyberLink)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [595968 2016-08-02] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-06-25] (Macrovision Europe Ltd.) [File not signed]
R2 IBMPMSVC; C:\WINDOWS\system32\ibmpmsvc.exe [57344 2003-07-03] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2012-11-28] (Oracle Corporation)
S4 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-12] (Lavasoft Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [208896 2006-06-22] (Nero AG) [File not signed]
R2 QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [49152 2003-03-27] () [File not signed]
S4 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-12] ()
R2 TpKmpSVC; C:\WINDOWS\system32\TpKmpSVC.exe [32768 2003-07-11] () [File not signed]
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2010-01-21] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S2 NWDLS; C:\WINDOWS\system32\NWDLS.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17801 2008-02-08] (Meetinghouse Data Communications) [File not signed]
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34136 2017-04-24] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [31064 2017-04-24] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [107928 2017-04-28] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [60760 2017-04-24] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [62152 2017-04-24] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [764064 2017-04-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [472760 2017-04-28] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184208 2017-04-24] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [279800 2017-04-24] (AVAST Software)
S3 AWINDIS5; C:\WINDOWS\system32\AWINDIS5.SYS [16194 2006-02-25] (AMBIT Microsystems Corporation.) [File not signed]
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [556200 2009-11-18] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2010-01-14] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [911400 2010-03-30] (Broadcom Corporation.)
R3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [118440 2009-11-18] (Broadcom Corporation.)
R3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [59688 2009-11-18] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47656 2009-11-18] (Broadcom Corporation.)
S3 cpuz129; C:\Program Files\PC Wizard 2008\pcwiz32.sys [9600 2008-01-25] (Windows ® Codename Longhorn DDK provider) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [83104 2002-12-20] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40368 2002-12-24] (Sonic Solutions) [File not signed]
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [14944 2014-11-18] () [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59904 2017-08-24] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10208 2014-11-18] () [File not signed]
S3 gv3; C:\WINDOWS\System32\DRIVERS\gv3.sys [30976 2002-11-18] (Microsoft Corporation)
R3 IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [11344 2003-07-03] (IBM Corp.)
R1 IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2295 2003-03-27] () [File not signed]
S3 ltmodem5; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [606684 2004-08-04] (LT)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [150816 2017-09-30] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40352 2017-10-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221632 2017-10-20] (Malwarebytes)
S3 NETGEAR_WG511_SERVICE; C:\WINDOWS\System32\DRIVERS\wg511nd5.sys [488992 2006-03-23] (Atheros Communications, Inc.)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R2 PMEM; C:\WINDOWS\system32\drivers\PMEMNT.SYS [7012 2001-09-13] (Microsoft Corporation) [File not signed]
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 S3SSavage; C:\WINDOWS\System32\DRIVERS\s3ssavm.sys [95104 2001-11-01] (S3 Graphics, Inc.)
R1 Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [14848 2002-12-26] (Microsoft Corporation) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5589 2002-12-24] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [22995 2002-12-24] (Sonic Solutions) [File not signed]
R1 TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [8830 2002-12-26] () [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [23895 2003-01-10] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34775 2003-01-10] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4087 2003-01-10] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2171 2003-01-10] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [55254 2003-01-10] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14103 2003-01-10] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6295 2003-01-10] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [91318 2003-01-10] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [95447 2003-01-10] (Sonic Solutions) [File not signed]
R1 TPHKDRV; C:\WINDOWS\system32\Drivers\TPHKDRV.sys [16162 2003-06-23] (IBM Corporation) [File not signed]
R1 TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [15360 2003-01-17] (IBM Corp.) [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [7168 2002-12-26] () [File not signed]
S3 TwoTrack; C:\WINDOWS\System32\DRIVERS\TwoTrack.sys [11520 2001-08-17] (IBM Corporation)
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\3B.tmp [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-20 23:04 - 2017-10-20 23:05 - 000022588 _____ C:\Documents and Settings\JOE\Desktop\FRST.txt
2017-10-20 23:03 - 2017-10-20 23:04 - 000000000 ____D C:\FRST
2017-10-20 23:03 - 2017-10-20 22:19 - 001799168 _____ (Farbar) C:\Documents and Settings\JOE\Desktop\FRST.exe
2017-09-30 01:20 - 2017-09-30 01:20 - 000150816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-30 01:19 - 2017-10-20 22:42 - 000040352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-30 01:18 - 2017-10-20 22:40 - 000221632 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-30 01:17 - 2017-09-30 01:17 - 000001726 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-09-30 01:17 - 2017-09-30 01:17 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-09-30 01:17 - 2017-08-24 11:27 - 000059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-09-30 01:16 - 2017-09-30 01:16 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-30 01:15 - 2017-09-30 01:15 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MB2Migration

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-20 23:05 - 2008-01-14 18:57 - 000000000 ____D C:\Documents and Settings\JOE\Local Settings\Temp
2017-10-20 23:01 - 2017-01-30 21:01 - 000000917 _____ C:\WINDOWS\Tasks\EPSON XP-620 Series Update {FE4C1667-2BF4-4C35-A077-15FD7A0F2C0C}.job
2017-10-20 22:41 - 2017-04-24 23:17 - 000000360 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-10-20 22:39 - 2017-02-01 05:23 - 000000004 _____ C:\WINDOWS\Twain001.Mtx
2017-10-20 22:37 - 2017-02-01 05:23 - 000000156 _____ C:\WINDOWS\Twunk001.MTX
2017-10-20 22:37 - 1980-01-01 04:00 - 000002278 _____ C:\WINDOWS\system32\wpa.dbl
2017-10-20 22:36 - 2002-09-26 21:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-20 22:31 - 2002-09-26 21:24 - 000032572 _____ C:\WINDOWS\SchedLgU.Txt
2017-10-20 22:30 - 2008-01-14 18:57 - 000000178 ___SH C:\Documents and Settings\JOE\ntuser.ini
2017-10-20 22:30 - 2008-01-14 18:57 - 000000000 ____D C:\Documents and Settings\JOE
2017-09-30 23:33 - 2008-06-07 17:05 - 000000000 ____D C:\Documents and Settings\JOE\Application Data\MSN6
2017-09-30 23:12 - 2012-10-09 22:56 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-09-30 23:09 - 2016-11-18 03:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-30 05:45 - 2010-01-30 06:47 - 000000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2017-09-30 01:16 - 2014-12-11 23:10 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-09-30 01:16 - 2010-01-30 01:34 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-09-29 23:49 - 2017-08-12 23:07 - 000000000 ____D C:\Documents and Settings\JOE\My Documents\New Folder (2)

==================== Files in the root of some directories =======

2015-04-19 23:59 - 2017-06-24 17:14 - 000001071 _____ () C:\Documents and Settings\JOE\Application Data\burnaware.ini
2008-06-07 17:36 - 2017-08-13 17:39 - 000104448 _____ () C:\Documents and Settings\JOE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-07 04:39 - 2012-07-07 12:03 - 004503728 ____T () C:\Documents and Settings\All Users\Application Data\go_0molg.pad

Some files in TEMP:
====================
2015-04-20 00:01 - 2015-04-20 00:01 - 003327000 _____ () C:\Documents and Settings\JOE\Local Settings\Temp\3496ccf0-4f56-460a-92a8-a02f18d78866.exe
2015-04-19 23:57 - 2015-04-19 23:57 - 003327000 _____ () C:\Documents and Settings\JOE\Local Settings\Temp\68898edd-91f1-47a4-9a89-86d66410850a.exe
2015-04-20 00:03 - 2015-04-20 00:03 - 000008704 _____ (Microsoft Corporation) C:\Documents and Settings\JOE\Local Settings\Temp\SpOrder.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-10-2017
Ran by JOE (20-10-2017 23:06:21)
Running from C:\Documents and Settings\JOE\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2008-01-14 22:57:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-512943482-2975781445-990895633-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-512943482-2975781445-990895633-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-512943482-2975781445-990895633-1003 - Limited - Disabled)
JOE (S-1-5-21-512943482-2975781445-990895633-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\JOE
SUPPORT_388945a0 (S-1-5-21-512943482-2975781445-990895633-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Out of date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: Avast Antivirus (Enabled - Out of date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.0.2 - )
Access IBM (HKLM\...\{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}) (Version: 4.0 - IBM Corporation) Hidden
Access IBM Message Center (HKLM\...\{710C0BB2-FE39-484E-BB23-C9B96835A14A}) (Version: 1.054 - IBM) Hidden
Access IBM Tools (HKLM\...\Access IBM Tools) (Version: 4.0 - IBM Corporation)
Ad-Aware Web Companion (HKLM\...\{902C3D36-9254-437D-98AC-913B78E60864}) (Version: 1.1.922.1860 - Lavasoft) Hidden
Add or Remove Adobe Creative Suite 3 Master Collection (HKLM\...\Adobe_5ac697db6c6103f6f8b5198d25f73f7) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Agere Systems AC'97 Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AHV content for Acrobat and Flash (HKLM\...\{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}) (Version: 1 - Adobe Systems Incorporated) Hidden
AIM 6 (HKLM\...\AIM_6) (Version:  - )
alm (HKLM\...\{CF44C7A5-5705-41E4-BE84-A9A42977AB05}) (Version: 1.00.0000 - IBM) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version:  - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version:  - )
ATI HydraVision (HKLM\...\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}) (Version:  - )
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
BurnAware Free 7.7 (HKLM\...\BurnAware Free_is1) (Version:  - Burnaware)
Cool Edit Pro 2.0 (HKLM\...\Cool Edit Pro 2.0) (Version:  - )
CyberLink BD_3D Advisor 2.0 (HKLM\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.5913 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
EaseUS Partition Master 10.2 (HKLM\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Easy Photo Scan (HKLM\...\{2D76CB3C-AC17-4143-891E-F4C3BCDC78B6}) (Version: 1.00.0001 - Seiko Epson Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.81.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM\...\{86B4A6B9-07FD-48EC-8730-1EC82E80C3D7}) (Version: 3.10.0030 - Seiko Epson Corporation)
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.31.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-620 Series Printer Uninstall (HKLM\...\EPSON XP-620 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
FLV Player 2.0, build 24 (HKLM\...\FLV Player) (Version: 2.0, build 24 - Martijn de Visser)
IBM Access Connections (HKLM\...\{22B71A00-4DED-11D4-A5E5-0004AC564F43}) (Version: 2.62 - ) Hidden
IBM Access Support - Local Content Pack (HKLM\...\{1E34AB5C-B893-4EE9-82F3-F195978D009D}) (Version:  - ) Hidden
IBM Access Support (HKLM\...\IBM Access Support) (Version:  - ) Hidden
IBM DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 3.59.1 - IBM Corporation)
IBM Rapid Restore PC Setup (HKLM\...\{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}) (Version: 1.00.1100 - IBM Corporation) Hidden
IBM RecordNow (HKLM\...\{8214CC02-6271-4DC8-B8DD-779933450264}) (Version: 4.61 - IBM Corporation)
IBM RecordNow Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.71 - VERITAS Software)
IBM Themes (HKLM\...\{6CE96A14-61E2-48CC-837E-22710A953ADE}) (Version: 1.00.0000 - IBM)
IBM ThinkPad Battery MaxiMiser and Power Management Features (HKLM\...\Power Features) (Version:  - ) Hidden
IBM ThinkPad Configuration (HKLM\...\ThinkPad Configuration) (Version:  - ) Hidden
IBM ThinkPad EasyEject Utility  (HKLM\...\EasyEject Utility) (Version:  - ) Hidden
IBM ThinkPad Keyboard Customizer Utility (HKLM\...\{2111B23F-7FDA-4A41-8309-E5A1663CA296}) (Version: 1.2.62.0 - ) Hidden
IBM ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.25.01 - )
IBM ThinkPad Presentation Director (HKLM\...\Presentation Director) (Version:  - ) Hidden
IBM ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 7.5.17.5 - )
IBM ThinkPad UltraNav Wizard (HKLM\...\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}) (Version: 2.00.02 - ) Hidden
IBM TrackPoint Accessibility Features (HKLM\...\{EA664480-3844-11D5-8C25-444553540000}) (Version:  - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
InterVideo WinDVD (HKLM\...\{98E8A2EF-4EAE-43B8-A172-74842B764777}) (Version:  - InterVideo Inc.)
Java 7 Update 10 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.100 - Oracle)
Java™ 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216019FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
LavasoftTcpService (HKLM\...\{90CF05DE-735F-42AB-A52A-F447FDFBE207}) (Version: 2.3.3.0 - Lavasoft) Hidden
LeechFTP  (HKLM\...\LeechFTP) (Version:  - )
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 52.4.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.4.0 ESR (x86 en-US)) (Version: 52.4.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.4.0.6473 - Mozilla)
Nero 7 Essentials (HKLM\...\{3C814DE3-7174-4148-A3E2-43FFC4F21033}) (Version: 7.01.7763 - Nero AG)
NETGEAR 108 Mbps Wireless PC Card WG511T (HKLM\...\{C9D20484-D3CC-4CD2-B1ED-B72A9CEFD45D}) (Version:  - )
PC Wizard 2008.1.87 (HKLM\...\PC Wizard 2008_is1) (Version:  - Laurent KUTIL & Franck DELATTRE)
PC-Doctor for Windows (HKLM\...\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}) (Version:  - )
PDF Settings (HKLM\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
Sansa Media Converter (HKLM\...\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}) (Version:  - ArcSoft)
Sansa Updater (HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\Sansa Updater) (Version: 1.301 - SanDisk Corporation)
Software Updater (HKLM\...\{E07D7C7B-F424-4EEF-BA17-B2C32BD1C107}) (Version: 4.3.0 - SEIKO EPSON CORPORATION)
Sophos Anti-Rootkit 1.5.0 (HKLM\...\Sophos-AntiRootkit) (Version: 1.5.0 - Sophos Plc)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 4.2 (HKLM\...\SpywareBlaster_is1) (Version: 4.2.0 - Javacool Software LLC)
SpywareGuard v2.2 (HKLM\...\SpywareGuard_is1) (Version: 2.2 - Javacool Software LLC)
Support.com Software (HKLM\...\Support.com) (Version:  - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 1.10 - )
ThinkPad Software Installer (HKLM\...\ThinkPadSoftwareInstaller) (Version: 2.00.0375 - ) Hidden
TPNala Wallpaper (HKLM\...\{F1F721BF-040C-4096-988A-1DB01EB73B0C}) (Version: 2.0 - IBM) Hidden
Trader's Little Helper 2.1.0 (HKLM\...\TradersLittleHelper_is1) (Version: 2.1.0 - Robert Hoffmann)
VideoLAN VLC media player 0.8.6f (HKLM\...\VLC media player) (Version: 0.8.6f - VideoLAN Team)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WD SmartWare (HKLM\...\{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}) (Version: 1.2.0.20 - Western Digital)
Web Companion (HKLM\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.6513 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{F48BE301-EC78-4686-B580-EE4934558798}) (Version: 5.6.0.4400 -  )
Winamp (HKLM\...\Winamp) (Version: 5.51  - Nullsoft, Inc)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPatrol (HKLM\...\WinPatrol) (Version: 18.1.2010.0 - BillP Studios)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip (HKLM\...\WinZip) (Version:  9.0 SR-1 (6224) - WinZip Computing, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2017-04-24] (AVAST Software)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2007-05-10] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2017-04-24] (AVAST Software)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLSTB.DLL [2004-12-17] (WinZip Computing, Inc.)
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2003-01-10] (Sonic Solutions)
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2017-04-24] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLSTB.DLL [2004-12-17] (WinZip Computing, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2007-05-10] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2017-04-24] (AVAST Software)
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLSTB.DLL [2004-12-17] (WinZip Computing, Inc.)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\BMMTask.job => C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-620 Series Update {FE4C1667-2BF4-4C35-A077-15FD7A0F2C0C}.job => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TTSNOE.EXE:/EXE:{FE4C1667-2BF4-4C35-A077-15FD7A0F2C0C} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus 2003\Norton AntiVirus 2003.lnk -> C:\IBMTOOLS\APPS\NORTONAV\SETUP.BAT ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Cool Edit Pro 2.0\Cool Edit Pro 2.0 Loop Library.lnk -> hxxp://ex.syntrillium.com/redir.html?v=2.0&r=0&p=202&resID=84
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Cool Edit Pro 2.0\Cool Edit Pro 2.0 Online Resources.lnk -> hxxp://ex.syntrillium.com/redir.html?v=2.0&r=0&p=202&resID=84
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Cool Edit Pro 2.0\Download Cool Edit Pro 2.0 Manual.lnk -> hxxp://ex.syntrillium.com/redir.html?v=2.0&r=0&p=202&resID=44

==================== Loaded Modules (Whitelisted) ==============

1980-01-01 04:00 - 2003-07-03 01:25 - 000057344 _____ () C:\WINDOWS\system32\ibmpmsvc.exe
2017-04-24 23:15 - 2017-04-24 23:15 - 000170216 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2017-04-24 23:15 - 2017-04-24 23:15 - 000176480 _____ () C:\Program Files\Alwil Software\Avast5\event_routing_rpc.dll
2017-10-06 18:55 - 2017-10-06 18:55 - 005881016 _____ () C:\Program Files\Alwil Software\Avast5\defs\17100604\algo.dll
2017-04-24 23:15 - 2017-04-24 23:15 - 000653520 _____ () C:\Program Files\Alwil Software\Avast5\ffl2.dll
2017-04-24 23:15 - 2017-04-24 23:15 - 000230632 _____ () C:\Program Files\Alwil Software\Avast5\streamback.dll
1980-01-01 04:00 - 2003-04-30 01:55 - 000159744 _____ () C:\WINDOWS\System32\Ati2evxx.exe
2008-01-14 18:30 - 2003-03-27 06:06 - 000049152 _____ () C:\WINDOWS\System32\QCONSVC.EXE
2008-01-14 18:30 - 2003-07-11 22:19 - 000032768 _____ () C:\WINDOWS\system32\TpKmpSVC.exe
2010-08-26 00:56 - 2010-03-15 11:28 - 000141824 _____ () C:\Program Files\WinRAR\rarext.dll
2003-08-03 00:20 - 2003-08-03 00:20 - 000126976 ____R () C:\Program Files\SpywareGuard\spywareguard.dll
2010-06-26 12:54 - 2010-03-29 16:02 - 000520234 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2010-03-30 23:33 - 2010-03-30 23:33 - 002860384 _____ () C:\WINDOWS\system32\btwicons.dll
2010-03-30 23:33 - 2010-03-30 23:33 - 000075112 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2016-10-26 01:27 - 2016-10-26 01:27 - 048936448 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [252]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-512943482-2975781445-990895633-1004\...\100sexlinks.com -> 100sexlinks.com

There are 4802 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

1980-01-01 04:00 - 2015-10-03 12:16 - 000000211 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-512943482-2975781445-990895633-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\JOE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: Media is not connected to internet.
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Support.com\Bin\tgcmd.exe] => Disabled:Support.com Scheduler and Command Dispatcher
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\LeechFTP\Leechftp.exe] => Enabled:LeechFTP
StandardProfile\AuthorizedApplications: [C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe] => Enabled:Nero Home
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG8\avgemc.exe] => Enabled:avgemc.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG8\avgupd.exe] => Enabled:avgupd.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG8\avgnsx.exe] => Enabled:avgnsx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitnet.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program Files\EPSON Software\Event Manager\EEventManager.exe] => Enabled:EEventManager.exe
StandardProfile\AuthorizedApplications: [F:\Common\EpsonNet Setup\ENEasyApp.exe] => Enabled:EpsonNet Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Restore Points =========================

18-09-2017 01:42:47 System Checkpoint
18-09-2017 03:00:25 Software Distribution Service 3.0
20-09-2017 01:13:13 System Checkpoint
21-09-2017 01:59:31 System Checkpoint
23-09-2017 08:43:23 System Checkpoint
24-09-2017 23:57:44 System Checkpoint
28-09-2017 00:58:28 System Checkpoint
29-09-2017 21:57:45 System Checkpoint
30-09-2017 23:40:35 Restore Operation
01-10-2017 00:00:24 Restore Operation
12-10-2017 01:41:10 System Checkpoint
15-10-2017 08:52:54 System Checkpoint
18-10-2017 00:11:34 System Checkpoint
20-10-2017 22:29:11 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2017 01:20:25 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/30/2017 01:20:23 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/17/2017 02:29:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.3.0.6423, faulting module mozglue.dll, version 52.3.0.6423, fault address 0x0000f7ca.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (08/13/2017 05:37:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application vlc.exe, version 0.8.6.0, faulting module libffmpeg_plugin.dll, version 0.0.0.0, fault address 0x00211115.
Processing media-specific event for [vlc.exe!ws!]

Error: (08/05/2017 04:16:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.2.1.6387, faulting module mozglue.dll, version 52.2.1.6387, fault address 0x0000f3ba.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (07/09/2017 03:55:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.2.1.6387, faulting module mozglue.dll, version 52.2.1.6387, fault address 0x0000f3ba.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/09/2017 01:35:27 AM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (512) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (05/09/2017 01:35:27 AM) (Source: ESENT) (EventID: 489) (User: )
Description: wuauclt (512) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (05/09/2017 01:35:17 AM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (512) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (05/09/2017 01:35:17 AM) (Source: ESENT) (EventID: 489) (User: )
Description: wuauclt (512) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (10/20/2017 10:37:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (10/20/2017 10:37:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Netgear Wireless Domain Login Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/20/2017 10:24:57 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (10/18/2017 12:07:28 AM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (10/15/2017 10:52:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (10/15/2017 10:51:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Netgear Wireless Domain Login Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/15/2017 08:15:42 AM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (10/15/2017 08:13:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (10/15/2017 08:12:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Netgear Wireless Domain Login Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/12/2017 12:26:02 AM) (Source: DCOM) (EventID: 10010) (User: KINGLERXST)
Description: The server {51FA2736-5DEE-11D4-98E8-006008BF430C} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor:  Intel® Pentium® M processor 1500MHz
Percentage of memory in use: 38%
Total physical RAM: 2046.92 MB
Available physical RAM: 1256.66 MB
Total Virtual: 2665.1 MB
Available Virtual: 1966.94 MB

==================== Drives ================================

Drive c: (IBM_PRELOAD) (Fixed) (Total:37.26 GB) (Free:0.41 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 37.3 GB) (Disk ID: CCCDCCCD)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

 


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP