Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I cannot complete Installation of a Program - Error 1632


  • Please log in to reply

#136
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,438 posts
  • MVP

That looks pretty good. 

 

You might try unchecking MsMpEng.exe  or Windows Defender (may be under Tasks) in Autoruns.  Then reboot and see if it causes any problems.  Normally when you install Avast it turns off Windows Defender.

 

As for UAService7.exe this is only necessary if you play a Sony game:

 

https://www.neuber.c...rvice7.exe.html

 

If you no longer use the game then you can uncheck it in Autoruns too or if you use it the recommendation above is to go into services.msc and change its Startup Type to Manual.  I don't see any games in the install list so unchecking is probably the way to go. 

 

Let's try clearing the restricted zones again:

 

Copy the text between the lines of stars:

 

**************

; DelDomains.inf
; Created by: Mike Burgess  Microsoft MVP
; http://mvps.org/winhelp2002/
;
; Warning: Deletes all entries in the Restricted & Trusted Zone list
;
; To execute this file: in Explorer - right-click (this file)
; Select Install from the Menu.

[version]
signature="$CHICAGO$"

[DefaultInstall]
DelReg=DelTemps
AddReg=AddTemps

[DelTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"

; Recreate the keys to avoid a restart

[AddTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"

************************************************

 

Open Notepad and Edit Paste and the copied lines should appear.  File Save As to your desktop "fix.inf" Save.  Make sure you include the "'s in the name or it will save it with .txt added on.  Close notepad and then right click on fix.inf and Install.

 

Let's see a final FRST scan.


  • 0

Advertisements


#137
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

Windows Defender and UAService7 unchecked, machine rebooted apparently without any problems.

 

Text copied and "fix.inf" installed.

 

FRST run, but I have not seen it run so slowly before, it seems to stop and linger on some object, often beginning with asw, and finally stopprd on Scanning (0) Shortcuts. Task manger reported that FRST was not responding. So I rebooted and tried again, with similar results and hanging on the shortcuts scan.

 

So, I don't have a FRST log for you; however I ran VEW and theApplication run has a lot of comment.

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 15/04/2018 12:35:20

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 15/04/2018 12:36:14

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 15/04/2018 12:13:28
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:13:28
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:13:06
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:13:06
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:12:43
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:12:43
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:12:20
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:12:20
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:11:57
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:11:57
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:11:35
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:11:35
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:11:12
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:11:12
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:10:49
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:10:49
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:10:26
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:10:26
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:10:03
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 12:10:03
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 15/04/2018 12:30:37
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 15/04/2018 12:13:40
Type: warning Category: 0
Event: 6 Source: crypt32
Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes

Log: 'Application' Date/Time: 15/04/2018 12:04:24
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 15/04/2018 11:51:26
Type: warning Category: 0
Event: 6 Source: crypt32
Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes

Log: 'Application' Date/Time: 15/04/2018 11:32:33
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 14/04/2018 21:37:45
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 14/04/2018 18:10:48
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 14/04/2018 17:54:51
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

 

I have to go out to a birthday lunch now, but will pick up again this evening.

 

Philip


  • 0

#138
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,438 posts
  • MVP

Go into Service.msc and verify that Automatic Updates is disabled.  It appears it may have turned on again.


  • 0

#139
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

OK, yes it had restarted. So I disabled it and ran FRST, which behaved in the manner described previously and hung at Shortcuts. So I checked Automatic Updates and it was still disabled. ...again in the absence of a FRST report here is a VEW report::

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 15/04/2018 20:59:00

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/04/2018 20:29:02
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 192.168.0.106 for the Network Card with network address 0013028835CC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 15/04/2018 21:00:14

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 15/04/2018 19:40:33
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:40:32
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:40:10
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:40:09
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:39:46
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:39:46
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:39:23
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:39:22
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:38:59
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:38:59
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:38:36
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:38:36
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:38:13
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:38:12
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:37:47
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:37:47
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:37:24
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:37:24
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:37:00
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

Log: 'Application' Date/Time: 15/04/2018 19:37:00
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Access is denied.  

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 15/04/2018 19:40:44
Type: warning Category: 0
Event: 6 Source: crypt32
Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes

Log: 'Application' Date/Time: 15/04/2018 12:30:37
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 15/04/2018 12:13:40
Type: warning Category: 0
Event: 6 Source: crypt32
Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes

Log: 'Application' Date/Time: 15/04/2018 12:04:24
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 15/04/2018 11:51:26
Type: warning Category: 0
Event: 6 Source: crypt32
Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes

Log: 'Application' Date/Time: 15/04/2018 11:32:33
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 14/04/2018 21:37:45
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 14/04/2018 18:10:48
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 14/04/2018 17:54:51
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Back to you,


  • 0

#140
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,438 posts
  • MVP

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs.  Please copy and paste both of them.
 


  • 0

#141
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

OK, here we go:

 

OTL logfile created on: 16/04/2018 16:10:06 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Philip\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1014.37 Mb Total Physical Memory | 198.17 Mb Available Physical Memory | 19.54% Memory free
2.38 Gb Paging File | 1.60 Gb Available in Paging File | 66.94% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.39 Gb Total Space | 27.34 Gb Free Space | 53.20% Space Free | Partition Type: NTFS
 
Computer Name: ENILLION | User Name: Philip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2018/04/16 16:07:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philip\My Documents\Downloads\OTL.exe
PRC - [2018/04/12 19:08:06 | 011,791,064 | ---- | M] (AVAST Software) -- C:\Program Files\avast software\avast\AvastUI.exe
PRC - [2018/04/09 15:58:15 | 002,437,336 | ---- | M] (AVAST Software) -- C:\Program Files\avast software\avast\AvEmUpdate.exe
PRC - [2018/04/09 15:58:12 | 000,313,640 | ---- | M] (AVAST Software) -- C:\Program Files\avast software\avast\AvastSvc.exe
PRC - [2018/04/09 15:57:52 | 005,947,256 | ---- | M] (AVAST Software) -- C:\Program Files\avast software\avast\aswidsagent.exe
PRC - [2018/03/30 15:00:24 | 000,517,072 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/24 21:58:18 | 001,407,248 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2012/04/24 21:58:08 | 000,919,824 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2012/04/24 20:55:46 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2012/04/24 20:35:58 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2012/04/24 20:32:50 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/09/13 20:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2018/04/16 16:05:18 | 005,816,976 | ---- | M] () -- C:\Program Files\avast software\avast\defs\18041600\algo.dll
MOD - [2018/04/15 19:31:36 | 005,816,976 | ---- | M] () -- C:\Program Files\avast software\avast\defs\18041500\algo.dll
MOD - [2018/04/09 15:58:35 | 000,888,536 | ---- | M] () -- C:\Program Files\avast software\avast\anen.dll
MOD - [2018/04/09 15:58:26 | 000,295,640 | ---- | M] () -- C:\Program Files\avast software\avast\streamback.dll
MOD - [2018/04/09 15:58:26 | 000,282,840 | ---- | M] () -- C:\Program Files\avast software\avast\tasks_core.dll
MOD - [2018/04/09 15:58:24 | 000,763,608 | ---- | M] () -- C:\Program Files\avast software\avast\ffl2.dll
MOD - [2018/04/09 15:58:13 | 000,969,944 | ---- | M] () -- C:\Program Files\avast software\avast\shepherdsync.dll
MOD - [2018/04/09 15:58:13 | 000,349,912 | ---- | M] () -- C:\Program Files\avast software\avast\streamback_avast.dll
MOD - [2018/04/09 15:58:12 | 000,501,464 | ---- | M] () -- C:\Program Files\avast software\avast\gui_cache.dll
MOD - [2018/04/09 15:57:54 | 000,624,856 | ---- | M] () -- c:\Program Files\avast software\avast\vaarclient.dll
MOD - [2018/04/09 15:57:49 | 000,172,760 | ---- | M] () -- C:\Program Files\avast software\avast\hns_tools.dll
MOD - [2018/03/07 13:45:38 | 048,936,448 | ---- | M] () -- C:\Program Files\avast software\avast\libcef.dll
MOD - [2013/01/02 08:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2018/04/09 15:58:12 | 000,313,640 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\avast software\avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2018/04/09 15:57:52 | 005,947,256 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\avast software\avast\aswidsagent.exe -- (aswbIDSAgent)
SRV - [2018/03/30 15:00:18 | 000,174,032 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017/11/01 10:07:10 | 004,563,920 | ---- | M] (Malwarebytes) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV - [2012/04/24 21:58:08 | 000,919,824 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2012/04/24 20:55:46 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012/04/24 20:32:50 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/09/13 20:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2008/12/15 17:17:08 | 000,126,976 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-inc&channel=uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-inc&channel=uk
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6BC07B3F-B55D-4BE8-B670-DBE820058251}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...-inc&channel=uk
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...-inc&channel=uk
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC CD E8 24 91 9F D3 01  [binary data]
IE - HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\..\SearchScopes,DefaultScope = {48399D34-7F69-4E7D-8105-54944A23F520}
IE - HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\..\SearchScopes\{48399D34-7F69-4E7D-8105-54944A23F520}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "ES"
FF - prefs.js..browser.search.region: "ES"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.7.3
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.7.3 ESR\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2018/03/30 14:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.7.3 ESR\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2018/03/30 14:55:50 | 000,000,000 | ---D | M]
 
[2008/10/24 17:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Extensions
[2018/04/14 20:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\browser-extension-data
[2018/04/14 20:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\browser-extension-data\[email protected]
[2018/04/09 17:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\browser-extension-data\[email protected]
[2018/04/14 20:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\extensions
[2008/08/30 15:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Sunbird\Profiles\oy1oewzm.default\extensions
[2018/04/14 20:51:50 | 000,840,110 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\extensions\[email protected]
[2018/04/09 15:57:56 | 000,485,159 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\extensions\[email protected]
[2018/03/07 13:44:58 | 000,707,252 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\extensions\[email protected]
[2018/03/30 14:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2012/01/18 18:01:46 | 001,826,704 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2007/12/19 14:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2008/06/30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2013/01/18 23:56:20 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2006/03/22 04:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
 
O1 HOSTS File: ([2018/04/11 20:45:52 | 000,000,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\avast software\avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1342170782031(WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1342170319390(MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E6EE061-C7E0-45E8-A1C8-4121A2A500B7}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2018/04/12 20:27:44 | 001,764,352 | ---- | C] (Farbar) -- C:\Documents and Settings\Philip\Desktop\FRST.exe
[2018/04/12 18:36:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2018/04/11 20:51:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2018/04/11 20:47:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2018/04/11 20:36:33 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2018/04/11 20:33:05 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2018/04/11 20:05:26 | 000,000,000 | ---D | C] -- C:\RegBackup
[2018/04/11 16:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2018/04/11 16:08:42 | 000,320,728 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2018/04/11 15:53:09 | 000,000,000 | ---D | C] -- C:\a0a38d90b200f7819d
[2018/04/09 07:47:18 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2018/04/04 12:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Application Data\CrystalIdea Software
[2018/04/03 19:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\UPHClean
[2018/03/30 14:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2006/07/22 05:46:51 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\SETUP1.EXE
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2018/04/16 16:10:18 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\Avast Emergency Update.job
[2018/04/16 15:58:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2018/04/16 15:58:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2018/04/16 15:58:04 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2018/04/15 12:00:15 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2018/04/15 11:44:12 | 000,001,091 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\fix.inf
[2018/04/15 11:36:48 | 000,000,550 | ---- | M] () -- C:\WINDOWS\tasks\Tweaking.com - Windows Repair Tray Icon.job
[2018/04/13 23:19:01 | 000,031,270 | ---- | M] () -- C:\Documents and Settings\Philip\My Documents\HKEY export.reg
[2018/04/13 23:05:26 | 000,454,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2018/04/13 23:05:25 | 000,076,816 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2018/04/13 23:00:21 | 000,221,112 | ---- | M] (Malwarebytes) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2018/04/12 20:27:44 | 001,764,352 | ---- | M] (Farbar) -- C:\Documents and Settings\Philip\Desktop\FRST.exe
[2018/04/12 19:08:07 | 000,124,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2018/04/11 20:51:23 | 000,326,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2018/04/11 20:45:52 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2018/04/11 20:45:19 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2018/04/11 20:45:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2018/04/11 20:05:11 | 000,000,195 | RHS- | M] () -- C:\boot.ini
[2018/04/11 16:12:00 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
[2018/04/10 16:17:40 | 000,010,140 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\video.reg
[2018/04/09 15:58:42 | 000,205,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswStmXP.sys
[2018/04/09 15:58:41 | 000,391,856 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2018/04/09 15:58:41 | 000,310,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2018/04/09 15:58:41 | 000,070,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2018/04/09 15:58:41 | 000,042,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2018/04/09 15:58:40 | 000,167,040 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswArPot.sys
[2018/04/09 15:58:40 | 000,070,576 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2018/04/09 15:58:27 | 000,320,728 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2018/04/09 15:57:57 | 000,783,600 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2018/04/09 15:57:49 | 000,180,984 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswHdsKe.sys
[2018/04/07 22:32:23 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat
[2018/04/04 12:52:30 | 001,682,344 | ---- | M] (SpeedyFox) -- C:\Documents and Settings\Philip\Desktop\speedyfox.exe
[2018/04/02 22:38:45 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Philip\Desktop\VEW(1).exe
[2018/03/30 20:34:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_257
[2018/03/30 15:07:52 | 005,659,794 | R--- | M] (Swearware) -- C:\Documents and Settings\Philip\Desktop\ComboFix.exe
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2018/04/15 11:44:12 | 000,001,091 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\fix.inf
[2018/04/13 23:19:01 | 000,031,270 | ---- | C] () -- C:\Documents and Settings\Philip\My Documents\HKEY export.reg
[2018/04/11 20:51:23 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2018/04/11 16:10:22 | 000,000,550 | ---- | C] () -- C:\WINDOWS\tasks\Tweaking.com - Windows Repair Tray Icon.job
[2018/04/10 16:17:40 | 000,010,140 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\video.reg
[2018/04/03 20:50:17 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2018/04/02 22:38:37 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Philip\Desktop\VEW(1).exe
[2018/03/13 11:29:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2018/03/13 11:29:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2018/03/13 11:29:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2018/03/13 11:29:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2018/03/13 11:29:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2018/03/10 21:52:21 | 000,326,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2018/03/10 21:22:09 | 000,396,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2018/03/04 20:26:04 | 000,359,286 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1184402194-1185109317-1466214600-1005-0.dat
[2018/03/04 20:25:59 | 000,359,286 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2017/11/27 16:03:31 | 000,059,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbae.sys
[2012/07/12 21:16:55 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/01/14 00:36:16 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Philip\.recently-used.xbel
[2010/12/08 17:18:38 | 000,028,790 | ---- | C] () -- C:\Documents and Settings\Philip\Application Data\Comma Separated Values (Windows).ADR
[2008/11/25 17:42:28 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Philip\Application Data\AVSDVDPlayer.m3u
[2008/10/27 20:20:24 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Philip\Application Data\$_hpcst$.hpc
[2007/11/29 10:18:06 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2006/11/14 17:52:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2006/07/25 19:38:42 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/24 21:30:39 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\fusioncache.dat
[2006/06/29 15:21:38 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
 
========== ZeroAccess Check ==========
 
[2004/08/11 18:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 02:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = c:\windows\system32\wbem\wbemess.dll -- [2008/04/14 02:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\services.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\ctfmon.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\csrss.exe:SummaryInformation

< End of report >

 

 

OTL Extras logfile created on: 16/04/2018 16:10:06 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Philip\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1014.37 Mb Total Physical Memory | 198.17 Mb Available Physical Memory | 19.54% Memory free
2.38 Gb Paging File | 1.60 Gb Available in Paging File | 66.94% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.39 Gb Total Space | 27.34 Gb Free Space | 53.20% Space Free | Partition Type: NTFS
 
Computer Name: ENILLION | User Name: Philip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1184402194-1185109317-1466214600-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe" = C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe:*:Enabled:True Vector
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox) -- (Mozilla Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes version 3.3.1.2183
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{66D475AE-F18B-43A0-8BAF-61AF4403E339}" = Webcam 1200
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69BCE4AC-9572-3271-A2FB-9423BDA36A43}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7D15B945-2725-4443-AB3F-D900556612FE}" = User Profile Hive Cleanup Service
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-1148-0409-0000-0000000FF1CE}" = Microsoft Office Web Apps Browser Plugin
"{954B463D-FC19-4855-B9FA-92A136AE7BB7}" = Intel® PROSet/Wireless WiFi Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1" = PDF-XChange Lite 4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBF2AC74-720C-3CB3-8291-5E34039232FA}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D652ACB5-5443-43FA-B25C-259AFF394D8D}" = PDF-XChange Viewer
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{e2803110-78b3-4664-a479-3611a381656a}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"07A14B7D240AEA7F81B3C2FE99BFE33F46642538" = Windows Driver Package - Ricoh Company MMC Host Controller (03/07/2011 6.00.03.05)
"0BFE5FCDE57FA0AF01CA8E6EA54F614A15083EBF" = Windows Driver Package - Ricoh Company MS Host Controller (03/07/2011 6.00.01.11)
"0C327E80B04D91ACEF343253C80A5CAEDF25AF73" = Windows Driver Package - SigmaTel MEDIA  (02/15/2008 6.10.0.5866)
"0FC89EF25B8E7EB4E6DEC68AAB6FC08D970018E8" = Windows Driver Package - Intel hdc  (07/25/2013 9.1.9.1005)
"37F6DB1FE70CA0A966E15DBD0B314B56D7A92A5B" = Windows Driver Package - Ricoh Company (risdptsk) hdc  (09/02/2008 6.03.02.22)
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04)
"5904AD65D5DEFFD8294BF5DB998020688E567249" = Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device  (12/22/2017 6.2.84.276)
"737C68EDD1AFCD5D42AE3A1B12CD1455500F0EA2" = Windows Driver Package - Intel System  (07/09/2013 9.1.9.1004)
"7624569EEDBF62171F717E0F02EAF2547B81FFAF" = Windows Driver Package - Ricoh Company xD Host Controller (03/07/2011 6.00.01.13)
"7FE3091A683E1D79B336ED7A5D69467CDFFB7A5E" = Windows Driver Package - Intel USB  (07/09/2013 9.1.9.1004)
"Avast Antivirus" = Avast Free Antivirus
"B2A4CCA33ED18F8364EBC488FB0B7A4B87B9F00D" = Windows Driver Package - Dell Inc (omci) system  (05/26/2009 7.7.0.830)
"BC9093B69A2F23E789D7F05A3770E314C8D0F44E" = Windows Driver Package - Conexant (winachsf) Modem  (03/22/2007 7.63.00.50)
"CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1" = DownloadX ActiveX Download Control 1.6.8
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"E2CB89A0476213170E58E955F4C2024F6879C877" = Windows Driver Package - Unibrain (ubohci) UB1394  (10/05/2012 6.0)
"FFD5BD6AF8B693FED8D50E12A23F30056D22A864" = Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005)
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20081113 code)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstaCodecs_is1" = InstaCodecs
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 52.7.3 ESR (x86 en-GB)" = Mozilla Firefox 52.7.3 ESR (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oxford Spanish Dictionary" = Oxford Spanish Dictionary
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva (remove only)
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15/04/2018 13:38:59 | Computer Name = ENILLION | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: Access is denied.  
 
Error - 15/04/2018 13:38:59 | Computer Name = ENILLION | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: Access is denied.  
 
Error - 15/04/2018 13:39:22 | Computer Name = ENILLION | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: Access is denied.  
 
Error - 15/04/2018 13:39:23 | Computer Name = ENILLION | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: Access is denied.  
 
Error - 15/04/2018 13:39:46 | Computer Name = ENILLION | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: Access is denied.  
 
Error - 15/04/2018 13:39:46 | Computer Name = ENILLION | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: Access is denied.  
 
Error - 15/04/2018 13:40:09 | Computer Name = ENILLION | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: Access is denied.  
 
Error - 15/04/2018 13:40:10 | Computer Name = ENILLION | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: Access is denied.  
 
Error - 15/04/2018 13:40:32 | Computer Name = ENILLION | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: Access is denied.  
 
Error - 15/04/2018 13:40:33 | Computer Name = ENILLION | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: Access is denied.  
 
[ OSession Events ]
Error - 17/11/2009 08:24:10 | Computer Name = ENILLION | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 218
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 15/04/2018 14:29:02 | Computer Name = ENILLION | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.106 for the Network Card with network
 address 0013028835CC has been  denied by the DHCP server 192.168.0.1 (The DHCP Server
 sent a DHCPNACK message).
 
 
< End of report >

Let's hope that there is something useful in the reports.

 

Philip
 


  • 0

#142
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,438 posts
  • MVP

Everything looks OK in OTL.  No idea why FRST isn't running.  I suppose an upgrade could have killed it.  They may not test it for XP any more.  Does Process Explore still show System Idle at 90+%?  How long does it take to reboot?

 

You could try another disk check.  FRST is sensitive to bad spots on the disk:

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.



2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)


  • 0

#143
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

Once stabilised the System Idle processes were at 97% with about a 1% short term variation.

 

A reboot took 2min 41 sec

 

VEW logs after chkdsk:

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 17/04/2018 00:41:03

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 17/04/2018 00:43:26

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/04/2018 23:35:04
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

The above seems to keep coming up and I assume that as you haven't mentioned it that it isn't important but it might be good to fix it if you tell me how :-)

 

Philip


  • 0

#144
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

After sending the previous I thought to run FRST again and it took an update to version 15.4.2018 and then ripped through the scan with no hesitations. So here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15.04.2018
Ran by Biggles (administrator) on ENILLION (17-04-2018 00:55:40)
Running from C:\Documents and Settings\Philip\Desktop
Loaded Profiles: Philip & Biggles (Available Profiles: Philip & Biggles & Administrator 2 & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastUI.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\avast software\avast\aswidsagent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-09] (AVAST Software)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1407248 2012-04-24] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2012-04-24] (Intel® Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2009-11-03] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2005-12-13] (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1184402194-1185109317-1466214600-1009\...\Run: [ModemOnHold] => C:\Program Files\NetWaiting\netWaiting.exe
SecurityProviders: digest.dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{4E6EE061-C7E0-45E8-A1C8-4121A2A500B7}: [DhcpNameServer] 192.168.8.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1184402194-1185109317-1466214600-1009\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
HKU\S-1-5-21-1184402194-1185109317-1466214600-1009\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk
HKU\S-1-5-21-1184402194-1185109317-1466214600-1009\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-03-07] (AVAST Software)
Toolbar: HKU\S-1-5-21-1184402194-1185109317-1466214600-1009 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-14] [Legacy] [not signed]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2006-03-22] (Zylom)
FF Plugin HKU\S-1-5-21-1184402194-1185109317-1466214600-1005: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fooihgffjknjfdidhkpgeibbipkjlhpn] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5947256 2018-04-09] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-09] (AVAST Software)
S2 gupdate1c996655bba3304; C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2016-08-04] (Google Inc.)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [919824 2012-04-24] (Intel® Corporation)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider) [File not signed]
S4 UserAccess7; C:\WINDOWS\system32\UAService7.exe [126976 2008-12-15] () [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 ARCSOFTVIRTUALCAPTURE; C:\WINDOWS\System32\DRIVERS\ArcSoftVirtualCapture.sys [15104 2006-12-07] (ArcSoft, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167040 2018-04-09] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [185432 2018-03-07] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157368 2018-03-07] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276688 2018-03-07] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50336 2018-03-07] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [180984 2018-04-09] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-04-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124392 2018-04-12] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70576 2018-04-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70816 2018-04-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783600 2018-04-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [391856 2018-04-09] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205352 2018-04-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-04-09] (AVAST Software)
R0 bdisk; C:\WINDOWS\System32\drivers\bdisk.sys [69216 2010-01-07] ()
S4 CBUfs; C:\WINDOWS\System32\DRIVERS\CBUFS.sys [120960 2010-01-07] (COMODO Security Solutions Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2014-12-25] (Windows ® Win 7 DDK provider)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209536 2009-07-29] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2009-07-29] (Conexant Systems, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2018-04-13] (Malwarebytes)
S3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [33816 2016-08-01] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1711104 2006-10-17] (Intel® Corporation)
S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-08] (Intel Corporation)
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
R3 ubohci; C:\WINDOWS\System32\DRIVERS\ubohci.sys [116736 2012-10-05] (Unibrain)
R2 ubsbm; C:\WINDOWS\System32\DRIVERS\ubsbm.sys [17408 2016-12-24] (Unibrain)
R2 ubumapi; C:\WINDOWS\System32\DRIVERS\ubumapi.sys [46592 2016-12-24] (Unibrain)
S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1429632 2006-04-27] (Intel® Corporation)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-17 00:55 - 2018-04-17 00:55 - 000000000 ____D C:\Documents and Settings\Philip\Desktop\FRST-OlderVersion
2018-04-15 20:35 - 2018-04-17 00:56 - 000000000 ____D C:\Documents and Settings\Biggles\Local Settings\Temp
2018-04-15 20:35 - 2018-04-17 00:55 - 000000000 ____D C:\Documents and Settings\Biggles
2018-04-15 20:35 - 2018-04-16 23:18 - 000000178 ___SH C:\Documents and Settings\Biggles\ntuser.ini
2018-04-15 20:35 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\Biggles\Application Data\Intel
2018-04-15 20:35 - 2011-10-28 22:35 - 000000000 ____D C:\Documents and Settings\Biggles\Local Settings\Application Data\Apple Computer
2018-04-15 20:35 - 2011-08-24 16:45 - 000001642 _____ C:\Documents and Settings\Biggles\Start Menu\Programs\Remote Assistance.lnk
2018-04-15 20:35 - 2010-09-16 17:32 - 000000000 ____D C:\Documents and Settings\Biggles\Local Settings\Application Data\Microsoft Help
2018-04-15 20:35 - 2009-06-15 13:43 - 000000000 __SHD C:\Documents and Settings\Biggles\IETldCache
2018-04-15 20:35 - 2009-05-28 10:41 - 000000000 ____D C:\Documents and Settings\Biggles\Application Data\Macromedia
2018-04-15 20:35 - 2007-04-29 18:37 - 000000000 ____D C:\Documents and Settings\Biggles\Application Data\AOL
2018-04-15 20:35 - 2006-06-29 15:34 - 000000000 ____D C:\Documents and Settings\Biggles\Local Settings\Application Data\Google
2018-04-15 20:35 - 2006-06-29 15:34 - 000000000 ____D C:\Documents and Settings\Biggles\Application Data\Google
2018-04-15 20:35 - 2006-06-29 15:31 - 000000000 ____D C:\Documents and Settings\Biggles\Application Data\You've Got Pictures Screensaver
2018-04-15 20:35 - 2006-06-29 15:30 - 000000000 ____D C:\Documents and Settings\Biggles\Application Data\Corel
2018-04-15 20:35 - 2006-06-29 15:25 - 000000000 ____D C:\Documents and Settings\Biggles\Local Settings\Application Data\ApplicationHistory
2018-04-15 20:35 - 2006-06-29 15:16 - 000000000 ____D C:\Documents and Settings\Biggles\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2018-04-15 20:35 - 2006-06-29 15:16 - 000000000 ____D C:\Documents and Settings\Biggles\Application Data\Sun
2018-04-15 20:35 - 2006-06-29 15:07 - 000000000 ____D C:\Documents and Settings\Biggles\Start Menu\Programs\Dell
2018-04-15 20:35 - 2004-08-11 18:20 - 000000671 _____ C:\Documents and Settings\Biggles\Start Menu\Programs\Internet Explorer.lnk
2018-04-15 20:35 - 2004-08-11 18:20 - 000000642 _____ C:\Documents and Settings\Biggles\Start Menu\Programs\Outlook Express.lnk
2018-04-14 21:22 - 2018-04-14 21:36 - 000000178 ___SH C:\Documents and Settings\Administrator 2\ntuser.ini
2018-04-14 21:22 - 2018-04-14 21:22 - 000000000 ____D C:\Documents and Settings\Administrator 2
2018-04-14 21:22 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\Administrator 2\Application Data\Intel
2018-04-14 21:22 - 2011-10-28 22:35 - 000000000 ____D C:\Documents and Settings\Administrator 2\Local Settings\Application Data\Apple Computer
2018-04-14 21:22 - 2011-08-24 16:45 - 000001642 _____ C:\Documents and Settings\Administrator 2\Start Menu\Programs\Remote Assistance.lnk
2018-04-14 21:22 - 2010-09-16 17:32 - 000000000 ____D C:\Documents and Settings\Administrator 2\Local Settings\Application Data\Microsoft Help
2018-04-14 21:22 - 2009-06-15 13:43 - 000000000 __SHD C:\Documents and Settings\Administrator 2\IETldCache
2018-04-14 21:22 - 2009-05-28 10:41 - 000000000 ____D C:\Documents and Settings\Administrator 2\Application Data\Macromedia
2018-04-14 21:22 - 2007-08-23 19:48 - 000000000 ____D C:\Documents and Settings\Administrator 2\Local Settings\Temp
2018-04-14 21:22 - 2007-04-29 18:37 - 000000000 ____D C:\Documents and Settings\Administrator 2\Application Data\AOL
2018-04-14 21:22 - 2006-06-29 15:34 - 000000000 ____D C:\Documents and Settings\Administrator 2\Local Settings\Application Data\Google
2018-04-14 21:22 - 2006-06-29 15:34 - 000000000 ____D C:\Documents and Settings\Administrator 2\Application Data\Google
2018-04-14 21:22 - 2006-06-29 15:31 - 000000000 ____D C:\Documents and Settings\Administrator 2\Application Data\You've Got Pictures Screensaver
2018-04-14 21:22 - 2006-06-29 15:30 - 000000000 ____D C:\Documents and Settings\Administrator 2\Application Data\Corel
2018-04-14 21:22 - 2006-06-29 15:25 - 000000000 ____D C:\Documents and Settings\Administrator 2\Local Settings\Application Data\ApplicationHistory
2018-04-14 21:22 - 2006-06-29 15:16 - 000000000 ____D C:\Documents and Settings\Administrator 2\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2018-04-14 21:22 - 2006-06-29 15:16 - 000000000 ____D C:\Documents and Settings\Administrator 2\Application Data\Sun
2018-04-14 21:22 - 2006-06-29 15:07 - 000000000 ____D C:\Documents and Settings\Administrator 2\Start Menu\Programs\Dell
2018-04-14 21:22 - 2004-08-11 18:20 - 000000671 _____ C:\Documents and Settings\Administrator 2\Start Menu\Programs\Internet Explorer.lnk
2018-04-14 21:22 - 2004-08-11 18:20 - 000000642 _____ C:\Documents and Settings\Administrator 2\Start Menu\Programs\Outlook Express.lnk
2018-04-13 23:19 - 2018-04-13 23:19 - 000031270 _____ C:\Documents and Settings\Philip\My Documents\HKEY export.reg
2018-04-12 20:27 - 2018-04-17 00:55 - 001763840 _____ (Farbar) C:\Documents and Settings\Philip\Desktop\FRST.exe
2018-04-12 19:54 - 2018-04-12 19:56 - 000010382 _____ C:\Documents and Settings\Philip\Desktop\Fixlog.txt
2018-04-11 21:28 - 2018-04-12 20:33 - 000037247 _____ C:\Documents and Settings\Philip\Desktop\Addition.txt
2018-04-11 21:26 - 2018-04-17 00:56 - 000015299 _____ C:\Documents and Settings\Philip\Desktop\FRST.txt
2018-04-11 20:36 - 2018-04-11 20:36 - 000000000 __HDC C:\Program Files\WindowsUpdate
2018-04-11 20:05 - 2018-04-11 20:05 - 000000000 ____D C:\RegBackup
2018-04-11 16:10 - 2018-04-15 11:36 - 000000550 ____C C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2018-04-11 16:09 - 2018-04-11 16:09 - 000000000 ___DC C:\Program Files\Tweaking.com
2018-04-11 16:08 - 2018-04-09 15:58 - 000320728 ____C (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-04-11 16:07 - 2018-04-12 20:18 - 000190329 ____C C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2018-04-11 15:53 - 2018-04-11 15:53 - 000000000 ____D C:\a0a38d90b200f7819d
2018-04-11 15:16 - 2018-04-11 15:45 - 000271586 ____C C:\WINDOWS\ntbtlog.txt
2018-04-10 16:17 - 2018-04-10 16:17 - 000010140 _____ C:\Documents and Settings\Philip\Desktop\video.reg
2018-04-09 14:12 - 2018-04-09 22:03 - 000005505 _____ C:\Documents and Settings\Philip\Desktop\SearchReg.txt
2018-04-09 07:47 - 2005-12-13 17:40 - 000135168 ____C (Intel Corporation) C:\WINDOWS\system32\igfxres.dll
2018-04-04 12:53 - 2018-04-04 12:53 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\CrystalIdea Software
2018-04-03 20:50 - 2018-04-07 22:32 - 000262144 _____ C:\WINDOWS\system32\default_user_class.dat
2018-04-03 19:57 - 2018-04-03 19:57 - 000000000 ___DC C:\Program Files\UPHClean
2018-04-03 00:08 - 2018-04-17 00:43 - 000000859 _____ C:\VEW.txt
2018-04-02 22:38 - 2018-04-02 22:38 - 000061440 _____ ( ) C:\Documents and Settings\Philip\Desktop\VEW(1).exe
2018-03-30 22:01 - 2018-04-17 00:53 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\temp
2018-03-30 22:01 - 2018-04-15 12:00 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2018-03-30 22:01 - 2018-03-30 22:01 - 000012303 _____ C:\ComboFix.txt
2018-03-30 22:01 - 2018-03-30 22:01 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2018-03-30 22:01 - 2018-03-30 22:01 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2018-03-30 14:54 - 2018-03-30 21:20 - 000000000 ___DC C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-17 00:31 - 2018-03-07 13:47 - 000000358 ___HC C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-04-17 00:30 - 2004-08-11 18:20 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2018-04-17 00:30 - 2004-08-11 18:00 - 000002206 ____C C:\WINDOWS\system32\wpa.dbl
2018-04-16 23:35 - 2013-01-27 18:01 - 000032548 ____C C:\WINDOWS\SchedLgU.Txt
2018-04-16 23:35 - 2006-07-22 00:50 - 000000278 ___SH C:\Documents and Settings\Philip\ntuser.ini
2018-04-16 23:35 - 2006-07-22 00:50 - 000000000 ____D C:\Documents and Settings\Philip
2018-04-15 20:35 - 2004-08-11 18:06 - 000000000 ____D C:\Documents and Settings
2018-04-15 19:27 - 2006-07-22 22:54 - 000000000 __SHD C:\WINDOWS\CSC
2018-04-15 12:00 - 2018-03-12 07:58 - 000000330 ___HC C:\WINDOWS\Tasks\MP Scheduled Scan.job
2018-04-15 11:46 - 2018-02-05 00:00 - 000000000 ____D C:\FRST
2018-04-14 21:26 - 2018-03-10 20:06 - 000003872 _____ C:\Documents and Settings\Philip\Desktop\System Idle Process.txt
2018-04-14 20:50 - 2018-01-31 19:12 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\AVAST Software
2018-04-13 23:22 - 2004-08-11 18:11 - 000000000 ___DC C:\WINDOWS\Registration
2018-04-13 23:05 - 2004-08-11 18:07 - 000539720 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-13 23:00 - 2017-11-27 16:04 - 000221112 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-04-12 19:08 - 2018-03-07 13:46 - 000124392 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-04-12 18:25 - 2018-03-10 21:53 - 000085752 _____ C:\Documents and Settings\Philip\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2018-04-11 20:51 - 2018-03-10 21:52 - 000326704 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-11 20:51 - 2004-08-11 18:20 - 000000000 __SHD C:\Documents and Settings\LocalService
2018-04-11 20:45 - 2018-03-12 07:37 - 000023392 ____C C:\WINDOWS\system32\nscompat.tlb
2018-04-11 20:45 - 2018-03-12 07:37 - 000016832 ____C C:\WINDOWS\system32\amcompat.tlb
2018-04-11 20:05 - 2004-08-11 18:00 - 000000195 __RSH C:\boot.ini
2018-04-11 16:12 - 2018-03-07 13:49 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2018-04-11 16:03 - 2004-08-11 18:02 - 000000000 __HDC C:\WINDOWS\inf
2018-04-11 15:56 - 2004-08-11 18:20 - 000000000 __SHD C:\Documents and Settings\NetworkService
2018-04-11 15:56 - 2004-08-11 18:20 - 000000000 ____D C:\Documents and Settings\Administrator
2018-04-09 15:58 - 2018-03-07 13:46 - 000391856 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000310784 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000205352 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000167040 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000070816 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000070576 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000042808 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-04-09 15:57 - 2018-03-07 13:46 - 000783600 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-04-09 15:57 - 2018-03-07 13:46 - 000180984 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-04-09 07:48 - 2006-06-29 15:05 - 000000000 ___DC C:\WINDOWS\system32\ReinstallBackups
2018-04-04 12:52 - 2018-01-08 21:09 - 001682344 _____ (SpeedyFox) C:\Documents and Settings\Philip\Desktop\speedyfox.exe
2018-03-30 22:01 - 2018-03-13 11:28 - 000000000 ____D C:\Qoobox
2018-03-30 21:57 - 2004-08-11 18:00 - 000000227 _____ C:\WINDOWS\system.ini
2018-03-30 21:20 - 2013-02-09 17:50 - 000000000 ___DC C:\Program Files\Mozilla Maintenance Service
2018-03-30 20:34 - 2004-08-11 18:00 - 000000027 ____C C:\WINDOWS\system32\Drivers\etc\hosts_bak_257
2018-03-30 15:37 - 2009-02-03 11:46 - 000000000 ___DC C:\WINDOWS\ERDNT
2018-03-30 15:07 - 2018-03-13 11:22 - 005659794 ____R (Swearware) C:\Documents and Settings\Philip\Desktop\ComboFix.exe

==================== Files in the root of some directories =======

2006-07-22 05:46 - 2000-03-14 01:00 - 000249856 ____C (Microsoft Corporation) C:\Program Files\SETUP1.EXE
2007-11-29 10:18 - 2007-11-29 10:18 - 000000032 ____C () C:\Documents and Settings\All Users\Application Data\ezsid.dat
2009-05-24 18:19 - 2017-01-02 22:56 - 000004136 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-07-12 21:16 - 2012-08-28 21:32 - 000000193 ____C () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2006-11-14 17:52 - 2009-04-20 18:07 - 000000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2006-06-29 15:21 - 2006-06-29 15:21 - 000000004 ___HC () C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15.04.2018
Ran by Biggles (17-04-2018 00:57:27)
Running from C:\Documents and Settings\Philip\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-07-21 22:50:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1184402194-1185109317-1466214600-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Administrator 2 (S-1-5-21-1184402194-1185109317-1466214600-1044 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator 2
Biggles (S-1-5-21-1184402194-1185109317-1466214600-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Biggles
Guest (S-1-5-21-1184402194-1185109317-1466214600-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1184402194-1185109317-1466214600-1004 - Limited - Disabled)
Philip (S-1-5-21-1184402194-1185109317-1466214600-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Philip
SUPPORT_388945a0 (S-1-5-21-1184402194-1185109317-1466214600-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{47ECCB1F-2811-49C0-B6A7-26778639ABA0}) (Version: 3.1.1 - Hewlett-Packard) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
C4580 (HKLM\...\{403E07CF-040C-4653-85C6-1053B992CA53}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: 7.63.00.50 - Conexant)
Copy (HKLM\...\{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Destination Component (HKLM\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DownloadX ActiveX Download Control 1.6.8 (HKLM\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version:  - Genesis Mobile)
GNU Backgammon (MAIN branch, 20081113 code) (HKLM\...\GNU Backgammon_is1) (Version:  - Free Software Foundation)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
InstaCodecs (HKLM\...\InstaCodecs_is1) (Version: 1.0 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4446 - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{954B463D-FC19-4855-B9FA-92A136AE7BB7}) (Version: 15.03.0000 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MCU (HKLM\...\{D2988E9B-C73F-422C-AD4B-A66EBE257120}) (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Web Apps Browser Plugin (HKLM\...\{95140000-1148-0409-0000-0000000FF1CE}) (Version: 14.0.5568.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.7.3 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.7.3 ESR (x86 en-GB)) (Version: 52.7.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.7.3.6655 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Network (HKLM\...\{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Oxford Spanish Dictionary (HKLM\...\Oxford Spanish Dictionary) (Version:  - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.208.0 - Tracker Software Products Ltd)
PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.199.0 - Tracker Software Products Ltd)
PDF-XChange Viewer (HKLM\...\{D652ACB5-5443-43FA-B25C-259AFF394D8D}) (Version: 2.0.44.0 - Tracker Software Products Ltd.)
PS_AIO_04_C4580_Software_Min (HKLM\...\{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Recuva (remove only) (HKLM\...\Recuva) (Version:  - )
Scan (HKLM\...\{9CCCFD9C-248F-47FE-9496-1680E3E5C163}) (Version: 12.0.0.0 - Hewlett-Packard) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SmartWebPrinting (HKLM\...\{800E784D-53E3-4948-B491-9E7FA5EACBDC}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Sonic Audio module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.98 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sound Blaster ADVANCED MB Drivers (HKLM\...\SAMB_ADVMB_FILTER_DRV) (Version:  - )
Status (HKLM\...\{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Toolbox (HKLM\...\{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{4D304678-738E-42a0-931A-2B022F49DEB8}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Webcam 1200 (HKLM\...\{66D475AE-F18B-43A0-8BAF-61AF4403E339}) (Version: 1.0.0.0 - Logitech)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.14 - Microsoft Corporation)
Windows Driver Package - Conexant (winachsf) Modem  (03/22/2007 7.63.00.50) (HKLM\...\BC9093B69A2F23E789D7F05A3770E314C8D0F44E) (Version: 03/22/2007 7.63.00.50 - Conexant)
Windows Driver Package - Dell Inc (omci) system  (05/26/2009 7.7.0.830) (HKLM\...\B2A4CCA33ED18F8364EBC488FB0B7A4B87B9F00D) (Version: 05/26/2009 7.7.0.830 - Dell Inc)
Windows Driver Package - Intel hdc  (07/25/2013 9.1.9.1005) (HKLM\...\0FC89EF25B8E7EB4E6DEC68AAB6FC08D970018E8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/09/2013 9.1.9.1004) (HKLM\...\737C68EDD1AFCD5D42AE3A1B12CD1455500F0EA2) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\FFD5BD6AF8B693FED8D50E12A23F30056D22A864) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB  (07/09/2013 9.1.9.1004) (HKLM\...\7FE3091A683E1D79B336ED7A5D69467CDFFB7A5E) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device  (12/22/2017 6.2.84.276) (HKLM\...\5904AD65D5DEFFD8294BF5DB998020688E567249) (Version: 12/22/2017 6.2.84.276 - IVT Corporation)
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Driver Package - Ricoh Company (risdptsk) hdc  (09/02/2008 6.03.02.22) (HKLM\...\37F6DB1FE70CA0A966E15DBD0B314B56D7A92A5B) (Version: 09/02/2008 6.03.02.22 - Ricoh Company)
Windows Driver Package - Ricoh Company MMC Host Controller (03/07/2011 6.00.03.05) (HKLM\...\07A14B7D240AEA7F81B3C2FE99BFE33F46642538) (Version: 03/07/2011 6.00.03.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (03/07/2011 6.00.01.11) (HKLM\...\0BFE5FCDE57FA0AF01CA8E6EA54F614A15083EBF) (Version: 03/07/2011 6.00.01.11 - Ricoh Company)
Windows Driver Package - Ricoh Company xD Host Controller (03/07/2011 6.00.01.13) (HKLM\...\7624569EEDBF62171F717E0F02EAF2547B81FFAF) (Version: 03/07/2011 6.00.01.13 - Ricoh Company)
Windows Driver Package - SigmaTel MEDIA  (02/15/2008 6.10.0.5866) (HKLM\...\0C327E80B04D91ACEF343253C80A5CAEDF25AF73) (Version: 02/15/2008 6.10.0.5866 - SigmaTel)
Windows Driver Package - Unibrain (ubohci) UB1394  (10/05/2012 6.0) (HKLM\...\E2CB89A0476213170E58E955F4C2024F6879C877) (Version: 10/05/2012 6.0 - Unibrain)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Connect (HKLM\...\WMCSetup) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2005-12-13] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2008-12-15 17:17 - 2008-12-15 17:17 - 000090112 ____C () C:\WINDOWS\system32\CmdLineExt.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000349912 ____C () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000295640 ____C () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000282840 ____C () C:\Program Files\avast software\avast\tasks_core.dll
2018-04-16 23:27 - 2018-04-16 23:27 - 005816976 ____C () C:\Program Files\AVAST Software\Avast\defs\18041604\algo.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000763608 ____C () C:\Program Files\avast software\avast\ffl2.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000888536 ____C () C:\Program Files\avast software\avast\anen.dll
2018-04-09 15:57 - 2018-04-09 15:57 - 000172760 ____C () C:\Program Files\avast software\avast\hns_tools.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000969944 ____C () C:\Program Files\avast software\avast\shepherdsync.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000501464 ____C () C:\Program Files\avast software\avast\gui_cache.dll
2018-03-07 13:45 - 2018-03-07 13:45 - 048936448 ____C () C:\Program Files\avast software\avast\libcef.dll
2018-04-09 15:57 - 2018-04-09 15:57 - 000624856 ____C () c:\Program Files\avast software\avast\vaarclient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:SummaryInformation [43]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com

There are 5486 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 18:00 - 2018-04-11 20:45 - 000000855 ____C C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-1184402194-1185109317-1466214600-1009\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\dell.bmp
DNS Servers: 192.168.8.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\msiexec.exe] => Generic Host Process
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
DomainProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
DomainProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
DomainProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
DomainProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017
DomainProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Windows Media Connect
DomainProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Windows Media Connect
DomainProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Windows Media Connect
DomainProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Windows Media Connect
DomainProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Windows Media Connect
DomainProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
StandardProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
StandardProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
StandardProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017
StandardProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Windows Media Connect

==================== Restore Points =========================

13-04-2018 23:22:53 Software Distribution Service 3.0

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 350 Bluetooth Internal Card
Description: Dell Wireless 350 Bluetooth Internal Card
Class Guid: {9B21FD3A-B1AB-4EB9-956F-E56ACFE78BCE}
Manufacturer: Toshiba
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2018 12:55:50 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2018 12:55:50 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2018 12:55:49 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2018 12:55:49 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2018 12:55:49 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2018 12:55:49 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2018 12:55:48 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2018 12:55:48 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============

==================== Memory info ===========================

Processor: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of memory in use: 55%
Total physical RAM: 1014.37 MB
Available physical RAM: 454.27 MB
Total Virtual: 2440.74 MB
Available Virtual: 1934.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:51.39 GB) (Free:27.35 GB) NTFS ==>[drive with boot components (Windows XP)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 54.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=51.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End of Addition.txt ============================

 

I'm off to my bed now!

 

Philip


  • 0

#145
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,438 posts
  • MVP

From the Start button menu, choose All Programs→Accessories→System Tools→Scheduled Tasks.

 

See if you can find these two tasks:

 

Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

 

Right click on each and DISABLE.

 

That may help on the reboot time.

 

Doesn't look like fix.inf worked.  It should have removed these:

 

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com

There are 5486 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

 

Control Panel, Internet Options, Security, Restricted Sites, Sites.  See if you are able to delete any of them.


  • 0

Advertisements


#146
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

The MP scan task was enabled, so I unchecked the enabled box. The Tweaking task was not enabled so as I couldn't disable it i poked around in properties and found a box that let me delete the task, so it is deleted rather than disabled.

 

I then followed the trail from Control Panel to Restricted sites and opened sites to find it empty; so no opportunity to even try deleting anything.

 

Sorry, not a lot of progress here.

 

Philip


  • 0

#147
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,438 posts
  • MVP

I guess the fix worked for your login just not for all.  Good enough then. 

 

How long does it take to reboot now?  Is it running OK?


  • 0

#148
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

Reboot is 3min 7sec and it seems to be running OK. I have just checked that the programs that I need function and they all seem to be OK, that raised a couple of questions:

 

Can I safely delete Windows Defender and SQL Server 2005? If so how to get rid of SQL Server as it doesn't seem to have an easy delete process?

 

How can I delete parts of Office without deleting the whole suite?

 

These are not essential actions ,just trying to clean up a bit on things that I don't foresee ever using on this machine.

 

Philip


  • 0

#149
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,438 posts
  • MVP

You can just uninstall SQL Server 2005 if you don't use it.  Windows Defender is not running so can't hurt anything but you can delete its folder if you want: C:\Program Files\Windows Defender

I wouldn't try to remove parts of Office.  They don't really hurt anything.

You might try disabling the Avast task to see if it has an effect on boot time.


  • 0

#150
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

OK, I have again tried to remove SQL 2005 using Add/Remove Programs, but nothing happens, Should I just get rid of its folder in the Program Files?

 

I tried to disable Avast in Autorun, running it as an administrator, but was denied access to some tasks. So I timed a reboot with what I could disable and it came in at 1min 49sec, so it would seem that Avast is causing an extended boot time.

 

Once we have finished I could disable WiFi as I won't need it and then I presume I could remove Avast as the only input to the machine would be from a USB stick loaded from my PC which will have Avast running.

 

While I was in autorun I noticed some yellow and pink highlighted tasks. The yellow ones were files not found so should I just delete these? What is the significane of the pink highlight, does it require any action?

 

Philip


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP