Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I cannot complete Installation of a Program - Error 1632


  • Please log in to reply

#76
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Good morning,

 

Well, that was interesting... :geek:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 11.03.2018 01
Ran by Philip (12-03-2018 06:46:40) Run:1
Running from C:\Documents and Settings\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Philip & Biggles & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2009-01-30] (Microsoft Corporation)
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [8003664 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2017-01-03]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Philip\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-19]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Philip\Application Data\Dropbox\bin\Dropbox.exe (No File)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF Extension: (No Name) - C:\Program Files\Mozilla Sunbird\extensions\[email protected] [not found]
S4 HidServ; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S4 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S2 gupdate1c996655bba3304; C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2016-08-04] (Google Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
R0 bdisk; C:\WINDOWS\System32\drivers\bdisk.sys [69216 2010-01-07] ()
R0 CBUfs; C:\WINDOWS\System32\DRIVERS\CBUFS.sys [120960 2010-01-07] (COMODO Security Solutions Inc.)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2017-11-21] () [File not signed]
S3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [79880 2009-03-25] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [35272 2009-03-25] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [214024 2009-03-25] (McAfee, Inc.)
S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34216 2009-03-25] (McAfee, Inc.)
S3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-03-25] (McAfee, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-01-18] (Lavasoft AB)
S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]
S3 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
S0 degkgkf; no ImagePath
S3 PCDSRVC{AEEF1793-83875E70-06020200}_0; c:\program files\dell\supportassist\pcdsrvc.pkms [22640 2016-08-01] (PC-Doctor, Inc.)
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{2D611968-B0FB-4B81-8AFA-D7486879D141}\InprocServer32 -> Rnvrcs.dll => No File
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {4653F04E-9468-D082-1860-22B785889A47} => No File
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {462A5438-9468-D082-6EC4-5BB785889A47} => No File
Task: C:\WINDOWS\Tasks\Auslogics BoostSpeed Scan and Repair.job => rundll32 exe TaskSchedulerHelper dll RunTask Main exe
Task: C:\WINDOWS\Tasks\Auslogics BoostSpeed Start BoostSpeed оn Philip logon.job => C:\Program Files\Auslogics\BoostSpeed\Main.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 UIUSys; no ImagePath
S3 wanatw; no ImagePath
C:\Program Files\Skype
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\btinstall.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rixdicon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\WINDOWS\system32\snymsico.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\omci.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rimmptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rimsptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\risdptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rixdptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UB1394.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UBSBM.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UBUMAPI.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbehci.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdf01000.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdfldr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\kbdiultn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\kbdpash.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\logui.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc40u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfcsubs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mssip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\msvcrt40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ndiswan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\nwapi16.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\nwapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\nwc.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ocmanage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\odtext32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\riched20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\s3legacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\usbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [119]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 [104]
AlternateDataStreams: C:\Documents and Settings\Philip\Desktop\MM061A17.exe:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\Philip\Desktop\MM061A17.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
MSCONFIG\startupreg: Advanced SystemCare 6 =>
MSCONFIG\startupreg: SigmatelSysTrayApp =>
MSCONFIG\startupreg: TkBellExe =>
CMD: sc delete MatSvc
Hosts:
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"













*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully.
"HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG" => removed successfully.
"HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring" => not found
"HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Skype" => removed successfully.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\DWQueuedReporting" => removed successfully.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\RunNarrator" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" => removed successfully.
"HKLM\Software\Classes\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" => removed successfully.
"HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Skype" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{56F9679E-7826-4C84-81F3-532071A8BCC5}" => not found
HKLM\Software\Classes\CLSID\{56F9679E-7826-4C84-81F3-532071A8BCC5} => not found
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk" => not found
"C:\Program Files\Windows Desktop Search\WindowsSearch.exe" => not found
C:\Documents and Settings\Philip\Start Menu\Programs\Startup\Dropbox.lnk => moved successfully
"C:\Documents and Settings\Philip\Application Data\Dropbox\bin\Dropbox.exe" => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\skype4com" => removed successfully.
HKLM\Software\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => not found
C:\Program Files\Mozilla Sunbird\extensions\[email protected] => path removed successfully.
"HKLM\System\CurrentControlSet\Services\HidServ" => removed successfully.
HidServ => service removed successfully.
"HKLM\System\CurrentControlSet\Services\hpqcxs08" => removed successfully.
hpqcxs08 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\gupdate1c996655bba3304" => removed successfully.
gupdate1c996655bba3304 => service removed successfully.
WinDefend => Service stopped successfully.
"HKLM\System\CurrentControlSet\Services\WinDefend" => removed successfully.
WinDefend => service removed successfully.
bdisk => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\bdisk" => removed successfully.
bdisk => service removed successfully.
CBUfs => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\CBUfs" => removed successfully.
CBUfs => service removed successfully.
BANTExt => service not found.
"HKLM\System\CurrentControlSet\Services\mfeavfk" => removed successfully.
mfeavfk => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mfebopk" => removed successfully.
mfebopk => service removed successfully.
mfehidk => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\mfehidk" => removed successfully.
mfehidk => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mferkdk" => removed successfully.
mferkdk => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mfesmfk" => removed successfully.
mfesmfk => service removed successfully.
Lbd => Service stopped successfully.
"HKLM\System\CurrentControlSet\Services\Lbd" => removed successfully.
Lbd => service removed successfully.
"HKLM\System\CurrentControlSet\Services\hpqddsvc" => removed successfully.
hpqddsvc => service removed successfully.
"HKLM\System\CurrentControlSet\Services\HPSLPSVC" => removed successfully.
HPSLPSVC => service removed successfully.
"HKLM\System\CurrentControlSet\Services\cpuz135" => removed successfully.
cpuz135 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\cpuz136" => removed successfully.
cpuz136 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\degkgkf" => removed successfully.
degkgkf => service removed successfully.
"HKLM\System\CurrentControlSet\Services\PCDSRVC{AEEF1793-83875E70-06020200}_0" => removed successfully.
PCDSRVC{AEEF1793-83875E70-06020200}_0 => service removed successfully.
"FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}" => removed successfully.
"HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{2D611968-B0FB-4B81-8AFA-D7486879D141}" => removed successfully.
"HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}" => removed successfully.
"HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}" => removed successfully.
"C:\WINDOWS\Tasks\Auslogics BoostSpeed Scan and Repair.job" => not found
"C:\WINDOWS\Tasks\Auslogics BoostSpeed Start BoostSpeed оn Philip logon.job" => not found
"C:\WINDOWS\Tasks\CCleaner Update.job" => not found
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\MP Scheduled Scan.job => moved successfully
"HKLM\System\CurrentControlSet\Services\ScsiPort" => removed successfully.
ScsiPort => service removed successfully.
"HKLM\System\CurrentControlSet\Services\Tcpip6" => removed successfully.
Tcpip6 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\UIUSys" => removed successfully.
UIUSys => service removed successfully.
"HKLM\System\CurrentControlSet\Services\wanatw" => removed successfully.
wanatw => service removed successfully.
"C:\Program Files\Skype" => not found
C:\WINDOWS\avastSS.scr => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\ucrtbase.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\btinstall.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\csrss.exe => ":SummaryInformation" ADS could not remove.
C:\WINDOWS\system32\csrss.exe => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\WINDOWS\system32\ctfmon.exe => ":SummaryInformation" ADS could not remove.
C:\WINDOWS\system32\ctfmon.exe => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\WINDOWS\system32\d3dx9_31.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\D3DX9_42.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\MRT.exe => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\rixdicon.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\services.exe => ":SummaryInformation" ADS could not remove.
C:\WINDOWS\system32\services.exe => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\WINDOWS\system32\snymsico.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\Drivers\omci.sys => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\Drivers\rimmptsk.sys => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\Drivers\rimsptsk.sys => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\Drivers\risdptsk.sys => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\Drivers\rixdptsk.sys => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\Drivers\UB1394.sys => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\Drivers\UBSBM.sys => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\Drivers\UBUMAPI.sys => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\Drivers\usbehci.sys => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\Drivers\wdf01000.sys => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\Drivers\wdfldr.sys => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\kbdiultn.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\kbdpash.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\kernel32.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\logui.ocx => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\lsasrv.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\mfc40.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\mfc40u.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\mfc42.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\mfc42u.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\mfcsubs.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\mssip32.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\msvcrt.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\msvcrt40.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\ndiswan.sys => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\netapi32.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\ntdll.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\ntfs.sys => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\ntoskrnl.exe => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\nwapi16.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\nwapi32.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\nwc.cpl => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\ocmanage.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\odbccp32.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\odtext32.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\ole32.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\oleaut32.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\olepro32.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\riched20.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\riched32.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\rsaenh.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\s3legacy.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\dllcache\usbui.dll => ":$CmdTcID" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":DFC5A2B2" ADS removed successfully.
C:\Documents and Settings\Philip\Desktop\MM061A17.exe => ":SummaryInformation" ADS could not remove.
C:\Documents and Settings\Philip\Desktop\MM061A17.exe => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: Advanced SystemCare 6 =>" => not found
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: SigmatelSysTrayApp =>" => not found
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: TkBellExe =>" => not found

========= sc delete MatSvc =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.



========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 06:48:30 ====

 

So, I let it reboot and got the blue screen with this Stop Code:

0x0000007B (0xF7A60524, 0xC00000034, 0x00000000, 0x00000000)

I rebooted, got the black screen and followed the instruction to use the last known good settings.

 

Since then i have uninstalled the Dell assist, run the Intel Mobile Chipset Driver and installed the new Sigmatel driver and disabled the Bluetooth.

 

The unknown device is still showing, but the SigmaTel is working correctly.

 

I have uninstalled all of the SQL programs except the SQL Server 2005, which won't uninstall, although the size has come down from over 500mb to 198mb

 

The last boot was 4,24

 

Here are the FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11.03.2018 01
Ran by Philip (administrator) on ENILLION (12-03-2018 08:37:09)
Running from C:\Documents and Settings\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Philip & Biggles & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\WINDOWS\system32\UAService7.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\avast software\avast\aswidsagent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastUI.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2012-04-24] (Intel® Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-07] (AVAST Software)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [138008 2007-03-30] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [162584 2007-03-30] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4E6EE061-C7E0-45E8-A1C8-4121A2A500B7}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {7a085852-6757-4e38-8874-40baece5c3ae} URL =
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {31D37273-C478-446F-B06A-59B0A6C73E72} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-03-07] (AVAST Software)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Sunbird\Profiles\oy1oewzm.default [2008-09-01]
FF Extension: (No Name) - C:\Program Files\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2008-10-24] [not signed]
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078 [2018-03-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-14] [Legacy] [not signed]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2006-03-22] (Zylom)
FF Plugin HKU\S-1-5-21-1184402194-1185109317-1466214600-1005: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fooihgffjknjfdidhkpgeibbipkjlhpn] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888 2018-03-07] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-07] (AVAST Software)
S2 gupdate1c996655bba3304; C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2016-08-04] (Google Inc.)
S4 HidServ; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [919824 2012-04-24] (Intel® Corporation)
R2 UserAccess7; C:\WINDOWS\system32\UAService7.exe [126976 2008-12-15] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S4 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 ARCSOFTVIRTUALCAPTURE; C:\WINDOWS\System32\DRIVERS\ArcSoftVirtualCapture.sys [15104 2006-12-07] (ArcSoft, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167040 2018-03-07] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [185432 2018-03-07] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157368 2018-03-07] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276688 2018-03-07] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50336 2018-03-07] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [169536 2018-03-07] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-03-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124392 2018-03-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70576 2018-03-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70816 2018-03-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783608 2018-03-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [391856 2018-03-07] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205344 2018-03-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-03-07] (AVAST Software)
R0 bdisk; C:\WINDOWS\System32\drivers\bdisk.sys [69216 2010-01-07] ()
R0 CBUfs; C:\WINDOWS\System32\DRIVERS\CBUFS.sys [120960 2010-01-07] (COMODO Security Solutions Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2014-12-25] (Windows ® Win 7 DDK provider)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209536 2009-07-29] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2009-07-29] (Conexant Systems, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-01-18] (Lavasoft AB)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [221112 2018-01-28] (Malwarebytes)
S3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [79880 2009-03-25] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [35272 2009-03-25] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [214024 2009-03-25] (McAfee, Inc.)
S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34216 2009-03-25] (McAfee, Inc.)
S3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-03-25] (McAfee, Inc.)
S3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [33816 2016-08-01] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1711104 2006-10-17] (Intel® Corporation)
S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-08] (Intel Corporation)
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
S3 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
S3 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47104 2005-11-21] (TOSHIBA Corporation) [File not signed]
S3 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-01-20] (TOSHIBA CORPORATION) [File not signed]
S3 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [36480 2005-09-15] (TOSHIBA Corporation) [File not signed]
S1 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-01-11] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-05] (TOSHIBA Corporation.) [File not signed]
S3 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [50048 2005-04-05] (TOSHIBA Corporation) [File not signed]
S3 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [39936 2006-02-09] (TOSHIBA CORPORATION) [File not signed]
R3 ubohci; C:\WINDOWS\System32\DRIVERS\ubohci.sys [116736 2012-10-05] (Unibrain)
R2 ubsbm; C:\WINDOWS\System32\DRIVERS\ubsbm.sys [17408 2016-12-24] (Unibrain)
R2 ubumapi; C:\WINDOWS\System32\DRIVERS\ubumapi.sys [46592 2016-12-24] (Unibrain)
S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1429632 2006-04-27] (Intel® Corporation)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
S0 degkgkf; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 UIUSys; no ImagePath
S3 wanatw; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-12 07:41 - 2007-05-10 10:22 - 000405504 ____C (SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
2018-03-12 07:40 - 2007-08-21 09:58 - 000146944 ____C (IDT, Inc.) C:\WINDOWS\system32\st325602.dll
2018-03-12 07:39 - 2018-03-12 07:39 - 000000000 ___DC C:\Program Files\Sigmatel
2018-03-12 07:39 - 2007-05-10 10:23 - 004952064 ____C (SigmaTel, Inc.) C:\WINDOWS\system32\stacgui.cpl
2018-03-12 07:39 - 2007-04-10 17:02 - 001601536 ____C (SigmaTel, Inc.) C:\WINDOWS\system32\stlang.dll
2018-03-12 07:13 - 2018-03-12 07:14 - 001389856 _____ C:\Documents and Settings\Philip\Desktop\R114079(3).EXE
2018-03-12 07:11 - 2018-03-12 07:12 - 008345792 _____ C:\Documents and Settings\Philip\Desktop\R171789(2).exe
2018-03-12 06:58 - 2018-03-12 08:24 - 000000330 ___HC C:\WINDOWS\Tasks\MP Scheduled Scan.job
2018-03-12 06:46 - 2018-03-12 06:48 - 000022187 _____ C:\Documents and Settings\Philip\Desktop\Fixlog.txt
2018-03-12 06:37 - 2018-03-12 06:37 - 000023392 ____C C:\WINDOWS\system32\nscompat.tlb
2018-03-12 06:37 - 2018-03-12 06:37 - 000016832 ____C C:\WINDOWS\system32\amcompat.tlb
2018-03-11 20:16 - 2018-03-11 20:16 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\LHService
2018-03-11 11:38 - 2018-03-12 06:46 - 000000000 ____D C:\Documents and Settings\Philip\Desktop\FRST-OlderVersion
2018-03-10 22:14 - 2018-03-10 22:58 - 000000000 ____D C:\Documents and Settings\Philip\My Documents\Old Firefox Data
2018-03-10 21:58 - 2018-03-10 21:58 - 000002821 _____ C:\Documents and Settings\Philip\Desktop\Hardware Interrupts and DPCs.txt
2018-03-10 21:53 - 2018-03-10 21:53 - 000002895 _____ C:\Documents and Settings\Philip\My Documents\Hardware Interrupts and DPCs.txt
2018-03-10 21:39 - 2018-03-11 11:46 - 000046012 _____ C:\Documents and Settings\Philip\Desktop\Addition.txt
2018-03-10 21:36 - 2018-03-12 08:38 - 000018238 _____ C:\Documents and Settings\Philip\Desktop\FRST.txt
2018-03-10 21:28 - 2018-03-10 21:28 - 000002105 _____ C:\Documents and Settings\Philip\Desktop\JRT.txt
2018-03-10 20:53 - 2018-03-10 20:53 - 000085752 _____ C:\Documents and Settings\Philip\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2018-03-10 20:52 - 2018-03-10 20:52 - 000326704 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-10 20:22 - 2018-03-10 20:22 - 000396616 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2018-03-10 19:52 - 2018-03-10 19:52 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Philip\Desktop\JRT.exe
2018-03-10 19:32 - 2018-03-10 19:34 - 000194863 _____ C:\Documents and Settings\Philip\Desktop\ENILLION.txt
2018-03-10 19:24 - 2018-03-10 19:24 - 006299336 _____ (Piriform Ltd) C:\Documents and Settings\Philip\Desktop\spsetup131.exe
2018-03-10 19:15 - 2018-03-10 19:15 - 000004562 _____ C:\junk.txt
2018-03-10 19:10 - 2018-03-10 20:52 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2018-03-10 19:06 - 2018-03-10 19:06 - 000004052 _____ C:\Documents and Settings\Philip\Desktop\System Idle Process.txt
2018-03-10 18:47 - 2018-03-10 18:47 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Philip\Desktop\procexp.exe
2018-03-08 09:31 - 2018-03-08 21:12 - 000910745 _____ C:\Documents and Settings\Philip\Desktop\MM061A17.exe
2018-03-07 12:49 - 2018-03-07 12:49 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2018-03-07 12:49 - 2018-03-07 12:49 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2018-03-07 12:47 - 2018-03-12 08:22 - 000000358 ___HC C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-03-07 12:46 - 2018-03-07 12:45 - 000391856 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000310784 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000205344 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000167040 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000124392 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000070816 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000070576 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000042808 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000783608 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000276688 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000185432 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000169536 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000157368 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000050336 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2018-03-07 12:45 - 2018-03-07 12:45 - 000319392 ____C (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-04 19:26 - 2018-03-04 19:26 - 000359286 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1184402194-1185109317-1466214600-1005-0.dat
2018-03-04 19:25 - 2018-03-04 19:25 - 000359286 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-12 08:38 - 2006-07-21 23:50 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Temp
2018-03-12 08:37 - 2018-02-04 23:00 - 000000000 ____D C:\FRST
2018-03-12 08:28 - 2004-08-11 17:11 - 000000000 ___DC C:\WINDOWS\Registration
2018-03-12 08:20 - 2004-08-11 17:20 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2018-03-12 08:20 - 2004-08-11 17:00 - 000002206 ____C C:\WINDOWS\system32\wpa.dbl
2018-03-12 08:18 - 2013-01-27 17:01 - 000032636 ____C C:\WINDOWS\SchedLgU.Txt
2018-03-12 08:18 - 2006-07-21 23:50 - 000000278 ___SH C:\Documents and Settings\Philip\ntuser.ini
2018-03-12 08:18 - 2006-07-21 23:50 - 000000000 ____D C:\Documents and Settings\Philip
2018-03-12 08:10 - 2008-10-24 20:36 - 000000000 ___DC C:\Program Files\Microsoft SQL Server
2018-03-12 07:41 - 2004-08-11 17:02 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2018-03-12 07:41 - 2004-08-11 17:02 - 000000000 __HDC C:\WINDOWS\inf
2018-03-12 07:35 - 2006-06-29 14:21 - 000000000 ___DC C:\Program Files\Dell
2018-03-12 07:31 - 2018-02-05 17:16 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2018-03-12 07:21 - 2006-06-29 14:05 - 000000000 ___DC C:\WINDOWS\system32\ReinstallBackups
2018-03-12 06:46 - 2018-02-04 22:45 - 001763328 _____ (Farbar) C:\Documents and Settings\Philip\Desktop\FRST.exe
2018-03-12 06:37 - 2017-01-08 20:31 - 000000792 ____C C:\Documents and Settings\Philip\Start Menu\Programs\Windows Media Player.lnk
2018-03-12 06:37 - 2008-10-24 16:23 - 000000000 ___DC C:\Program Files\Windows Desktop Search
2018-03-12 06:37 - 2004-08-11 17:00 - 000000765 ____C C:\WINDOWS\win.ini
2018-03-11 20:16 - 2016-12-28 21:16 - 000000000 ___DC C:\Program Files\LockHunter
2018-03-11 20:08 - 2006-06-29 14:21 - 000000000 __HDC C:\Program Files\InstallShield Installation Information
2018-03-11 20:03 - 2006-07-29 08:44 - 000000000 ___DC C:\Program Files\Windows Media Connect 2
2018-03-11 20:03 - 2004-08-11 17:02 - 000000000 ___DC C:\WINDOWS\Help
2018-03-11 20:00 - 2018-01-18 18:28 - 000000000 ___DC C:\Program Files\Belarc
2018-03-11 19:59 - 2013-11-01 14:30 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2018-03-11 19:59 - 2013-11-01 14:29 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2018-03-11 19:18 - 2004-08-11 17:00 - 000000227 ____C C:\WINDOWS\system.ini
2018-03-11 19:18 - 2004-08-11 17:00 - 000000211 ___SH C:\boot.ini
2018-03-11 12:00 - 2004-08-11 17:20 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2018-03-11 10:35 - 2009-02-05 09:15 - 000000000 ___DC C:\WINDOWS\pss
2018-03-10 23:06 - 2006-07-22 21:54 - 000000000 __SHD C:\WINDOWS\CSC
2018-03-10 21:26 - 2004-08-11 17:06 - 000000000 ____D C:\Documents and Settings\All Users
2018-03-10 19:14 - 2014-03-01 09:48 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\Skype
2018-03-10 19:13 - 2007-06-04 21:16 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2018-03-10 19:06 - 2016-08-04 21:02 - 000000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2018-03-08 23:29 - 2004-08-11 17:02 - 000000000 ___DC C:\WINDOWS\security
2018-03-08 22:42 - 2006-06-29 14:16 - 000000000 ___DC C:\Program Files\Common Files\Java
2018-03-08 21:10 - 2010-11-20 19:25 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\PCDr
2018-03-08 09:33 - 2011-02-20 19:34 - 000001324 ____C C:\WINDOWS\system32\d3d9caps.dat
2018-03-08 00:27 - 2004-08-11 17:20 - 000000178 __SHC C:\Documents and Settings\LocalService\ntuser.ini
2018-03-08 00:27 - 2004-08-11 17:20 - 000000000 __SHD C:\Documents and Settings\LocalService
2018-03-04 14:47 - 2009-12-19 16:19 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\Deployment

==================== Files in the root of some directories =======

2006-07-22 04:46 - 2000-03-14 00:00 - 000249856 ____C (Microsoft Corporation) C:\Program Files\SETUP1.EXE
2008-10-27 19:20 - 2008-10-27 19:20 - 000002528 ____C () C:\Documents and Settings\Philip\Application Data\$_hpcst$.hpc
2008-11-25 16:42 - 2009-01-28 20:48 - 000000082 ____C () C:\Documents and Settings\Philip\Application Data\AVSDVDPlayer.m3u
2010-12-08 16:18 - 2015-02-22 15:21 - 000028790 _____ () C:\Documents and Settings\Philip\Application Data\Comma Separated Values (Windows).ADR
2006-07-25 18:38 - 2010-03-30 18:45 - 000014848 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-24 20:30 - 2006-07-24 20:30 - 000000129 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\fusioncache.dat
2007-11-29 09:18 - 2007-11-29 09:18 - 000000032 ____C () C:\Documents and Settings\All Users\Application Data\ezsid.dat
2009-05-24 17:19 - 2017-01-02 21:56 - 000004136 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-07-12 20:16 - 2012-08-28 20:32 - 000000193 ____C () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2006-11-14 16:52 - 2009-04-20 17:07 - 000000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2006-06-29 14:21 - 2006-06-29 14:21 - 000000004 ___HC () C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11.03.2018 01
Ran by Philip (12-03-2018 08:40:01)
Running from C:\Documents and Settings\Philip\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-07-21 22:50:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1184402194-1185109317-1466214600-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Biggles (S-1-5-21-1184402194-1185109317-1466214600-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Biggles
Guest (S-1-5-21-1184402194-1185109317-1466214600-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1184402194-1185109317-1466214600-1004 - Limited - Disabled)
Philip (S-1-5-21-1184402194-1185109317-1466214600-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Philip
SUPPORT_388945a0 (S-1-5-21-1184402194-1185109317-1466214600-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{47ECCB1F-2811-49C0-B6A7-26778639ABA0}) (Version: 3.1.1 - Hewlett-Packard) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
C4580 (HKLM\...\{403E07CF-040C-4653-85C6-1053B992CA53}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: 7.63.00.50 - Conexant)
Copy (HKLM\...\{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Destination Component (HKLM\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DownloadX ActiveX Download Control 1.6.8 (HKLM\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version:  - Genesis Mobile)
GNU Backgammon (MAIN branch, 20081113 code) (HKLM\...\GNU Backgammon_is1) (Version:  - Free Software Foundation)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
InstaCodecs (HKLM\...\InstaCodecs_is1) (Version: 1.0 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{954B463D-FC19-4855-B9FA-92A136AE7BB7}) (Version: 15.03.0000 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MCU (HKLM\...\{D2988E9B-C73F-422C-AD4B-A66EBE257120}) (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Web Apps Browser Plugin (HKLM\...\{95140000-1148-0409-0000-0000000FF1CE}) (Version: 14.0.5568.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.6.0 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.6.0 ESR (x86 en-GB)) (Version: 52.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.6.0.6592 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Network (HKLM\...\{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Oxford Spanish Dictionary (HKLM\...\Oxford Spanish Dictionary) (Version:  - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.208.0 - Tracker Software Products Ltd)
PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.199.0 - Tracker Software Products Ltd)
PDF-XChange Viewer (HKLM\...\{D652ACB5-5443-43FA-B25C-259AFF394D8D}) (Version: 2.0.44.0 - Tracker Software Products Ltd.)
PS_AIO_04_C4580_Software_Min (HKLM\...\{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Recuva (remove only) (HKLM\...\Recuva) (Version:  - )
Scan (HKLM\...\{9CCCFD9C-248F-47FE-9496-1680E3E5C163}) (Version: 12.0.0.0 - Hewlett-Packard) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SmartWebPrinting (HKLM\...\{800E784D-53E3-4948-B491-9E7FA5EACBDC}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Sonic Audio module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.98 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sound Blaster ADVANCED MB Drivers (HKLM\...\SAMB_ADVMB_FILTER_DRV) (Version:  - )
Status (HKLM\...\{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Toolbox (HKLM\...\{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{4D304678-738E-42a0-931A-2B022F49DEB8}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Webcam 1200 (HKLM\...\{66D475AE-F18B-43A0-8BAF-61AF4403E339}) (Version: 1.0.0.0 - Logitech)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.14 - Microsoft Corporation)
Windows Driver Package - Conexant (winachsf) Modem  (03/22/2007 7.63.00.50) (HKLM\...\BC9093B69A2F23E789D7F05A3770E314C8D0F44E) (Version: 03/22/2007 7.63.00.50 - Conexant)
Windows Driver Package - Dell Inc (omci) system  (05/26/2009 7.7.0.830) (HKLM\...\B2A4CCA33ED18F8364EBC488FB0B7A4B87B9F00D) (Version: 05/26/2009 7.7.0.830 - Dell Inc)
Windows Driver Package - Intel hdc  (07/25/2013 9.1.9.1005) (HKLM\...\0FC89EF25B8E7EB4E6DEC68AAB6FC08D970018E8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/09/2013 9.1.9.1004) (HKLM\...\737C68EDD1AFCD5D42AE3A1B12CD1455500F0EA2) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\FFD5BD6AF8B693FED8D50E12A23F30056D22A864) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB  (07/09/2013 9.1.9.1004) (HKLM\...\7FE3091A683E1D79B336ED7A5D69467CDFFB7A5E) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device  (12/22/2017 6.2.84.276) (HKLM\...\5904AD65D5DEFFD8294BF5DB998020688E567249) (Version: 12/22/2017 6.2.84.276 - IVT Corporation)
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Driver Package - Ricoh Company (risdptsk) hdc  (09/02/2008 6.03.02.22) (HKLM\...\37F6DB1FE70CA0A966E15DBD0B314B56D7A92A5B) (Version: 09/02/2008 6.03.02.22 - Ricoh Company)
Windows Driver Package - Ricoh Company MMC Host Controller (03/07/2011 6.00.03.05) (HKLM\...\07A14B7D240AEA7F81B3C2FE99BFE33F46642538) (Version: 03/07/2011 6.00.03.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (03/07/2011 6.00.01.11) (HKLM\...\0BFE5FCDE57FA0AF01CA8E6EA54F614A15083EBF) (Version: 03/07/2011 6.00.01.11 - Ricoh Company)
Windows Driver Package - Ricoh Company xD Host Controller (03/07/2011 6.00.01.13) (HKLM\...\7624569EEDBF62171F717E0F02EAF2547B81FFAF) (Version: 03/07/2011 6.00.01.13 - Ricoh Company)
Windows Driver Package - SigmaTel MEDIA  (02/15/2008 6.10.0.5866) (HKLM\...\0C327E80B04D91ACEF343253C80A5CAEDF25AF73) (Version: 02/15/2008 6.10.0.5866 - SigmaTel)
Windows Driver Package - Unibrain (ubohci) UB1394  (10/05/2012 6.0) (HKLM\...\E2CB89A0476213170E58E955F4C2024F6879C877) (Version: 10/05/2012 6.0 - Unibrain)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Connect (HKLM\...\WMCSetup) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers1: [Auslogics BoostSpeed Shell Context Menu 9.x] -> {CC89327D-D094-8297-82CB-F989EE26FC51} => C:\Program Files\Auslogics\BoostSpeed\ShellExtension.ContextMenu.x32.dll -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2007-03-30] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Philip\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2018-03-07 12:45 - 2018-03-07 12:45 - 000287960 ____C () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000280280 ____C () C:\Program Files\avast software\avast\tasks_core.dll
2018-03-11 17:28 - 2018-03-11 17:28 - 005800080 ____C () C:\Program Files\AVAST Software\Avast\defs\18031102\algo.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000756952 ____C () C:\Program Files\avast software\avast\ffl2.dll
2018-03-07 12:44 - 2018-03-07 12:44 - 000172760 ____C () C:\Program Files\avast software\avast\hns_tools.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000964824 ____C () C:\Program Files\avast software\avast\shepherdsync.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000475352 ____C () C:\Program Files\avast software\avast\gui_cache.dll
2017-11-27 15:03 - 2018-01-14 20:51 - 001934792 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2008-12-15 16:17 - 2008-12-15 16:17 - 000126976 _____ () C:\WINDOWS\system32\UAService7.exe
2018-03-07 12:44 - 2018-03-07 12:44 - 000618200 ____C () c:\Program Files\avast software\avast\vaarclient.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 048936448 ____C () C:\Program Files\avast software\avast\libcef.dll
2004-08-11 17:00 - 2013-01-02 07:49 - 001292288 ____C () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\Philip\Desktop\MM061A17.exe:SummaryInformation [43]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com

There are 5486 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

IE trusted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\internet -> internet
IE trusted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\mcafee.com -> hxxps://mcafee.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\1-2005-search.com -> www.1-2005-search.com

There are 10344 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 17:00 - 2018-03-12 06:48 - 000000027 ____C C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Advanced SystemCare 6 =>
MSCONFIG\startupreg: SigmatelSysTrayApp =>
MSCONFIG\startupreg: TkBellExe =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\msiexec.exe] => Generic Host Process
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\svchost.exe] => Generic Host Process
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
DomainProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
DomainProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
DomainProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
DomainProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
StandardProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
StandardProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
StandardProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017

==================== Restore Points =========================

11-03-2018 20:08:13 Removed NetWaiting
11-03-2018 20:15:38 Removed Google Earth Pro
12-03-2018 07:33:32 Removed SigmaTel Audio
12-03-2018 07:41:42 Installed SigmaTel Audio
12-03-2018 08:07:34 Removed Microsoft SQL Server Native Client
12-03-2018 08:08:47 Removed Microsoft SQL Server Setup Support Files (English)
12-03-2018 08:10:19 Removed Microsoft SQL Server VSS Writer

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 350 Bluetooth Internal Card
Description: Dell Wireless 350 Bluetooth Internal Card
Class Guid: {9B21FD3A-B1AB-4EB9-956F-E56ACFE78BCE}
Manufacturer: Toshiba
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2018 11:07:45 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: Event-ID 15

Error: (03/11/2018 11:07:45 AM) (Source: MatSvc) (EventID: 3) (User: )
Description: Event-ID 3

Error: (03/11/2018 10:40:14 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: Event-ID 15

Error: (03/11/2018 10:40:14 AM) (Source: MatSvc) (EventID: 3) (User: )
Description: Event-ID 3

Error: (03/11/2018 09:55:35 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: Event-ID 15

Error: (03/11/2018 09:55:35 AM) (Source: MatSvc) (EventID: 3) (User: )
Description: Event-ID 3

Error: (03/10/2018 11:09:07 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: Event-ID 15

Error: (03/10/2018 11:09:07 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: Event-ID 3


System errors:
=============
Error: (03/12/2018 08:26:04 AM) (Source: DCOM) (EventID: 10005) (User: ENILLION)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (03/12/2018 08:22:21 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (03/12/2018 08:20:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Uninterruptible Power Supply service terminated with the following error:
%%2481 = The UPS service is not configured correctly.

Error: (03/12/2018 08:20:59 AM) (Source: UPS) (EventID: 2481) (User: )
Description: The UPS service is not configured correctly.

Error: (03/12/2018 08:00:29 AM) (Source: DCOM) (EventID: 10005) (User: ENILLION)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (03/12/2018 07:44:58 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (03/12/2018 07:43:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Uninterruptible Power Supply service terminated with the following error:
%%2481 = The UPS service is not configured correctly.

Error: (03/12/2018 07:43:35 AM) (Source: UPS) (EventID: 2481) (User: )
Description: The UPS service is not configured correctly.


==================== Memory info ===========================

Processor: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of memory in use: 84%
Total physical RAM: 1014.37 MB
Available physical RAM: 158.72 MB
Total Virtual: 2439.72 MB
Available Virtual: 1614.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:51.39 GB) (Free:27.7 GB) NTFS ==>[drive with boot components (Windows XP)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 54.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=51.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End of Addition.txt ============================

 

Not sure it is relevant, but I noticed in the list of programs that a Backgammon game that I deleted previously is still shown. Attempting to remove it gives an already removed message, but the entry remains,

 

Perfect timing, my breakfast has just arrived!


  • 0

Advertisements


#77
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,463 posts
  • MVP

Sorry about that.  I'm guessing that trying to remove this line:

 

S4 HidServ; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)

 

is where it went wrong.  If FRST removed svchost.exe then it's no wonder that things went South.

 

Let's try again and just remove the non-MS services.

Attached File  fixlist.txt   3.1KB   37 downloads


  • 0

#78
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Sorry Ron,

 

Back to the drawing board I'm afraid it crashed the same way as it did this morning. I tried the start normally option, but that went straight to the blue screen so last known good route taken.

 

Here is the log:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 11.03.2018 01
Ran by Philip (12-03-2018 14:38:06) Run:2
Running from C:\Documents and Settings\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Philip & Biggles & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
S4 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S2 gupdate1c996655bba3304; C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2016-08-04] (Google Inc.)
R0 bdisk; C:\WINDOWS\System32\drivers\bdisk.sys [69216 2010-01-07] ()
R0 CBUfs; C:\WINDOWS\System32\DRIVERS\CBUFS.sys [120960 2010-01-07] (COMODO Security Solutions Inc.)
S3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [79880 2009-03-25] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [35272 2009-03-25] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [214024 2009-03-25] (McAfee, Inc.)
S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34216 2009-03-25] (McAfee, Inc.)
S3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-03-25] (McAfee, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-01-18] (Lavasoft AB)
S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]
S3 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
S0 degkgkf; no ImagePath
S3 PCDSRVC{AEEF1793-83875E70-06020200}_0; c:\program files\dell\supportassist\pcdsrvc.pkms [22640 2016-08-01] (PC-Doctor, Inc.)
ContextMenuHandlers1: [Auslogics BoostSpeed Shell Context Menu 9.x] -> {CC89327D-D094-8297-82CB-F989EE26FC51} => C:\Program Files\Auslogics\BoostSpeed\ShellExtension.ContextMenu.x32.dll -> No File
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
*****************

"HKLM\System\CurrentControlSet\Services\hpqcxs08" => removed successfully.
hpqcxs08 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\gupdate1c996655bba3304" => removed successfully.
gupdate1c996655bba3304 => service removed successfully.
bdisk => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\bdisk" => removed successfully.
bdisk => service removed successfully.
CBUfs => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\CBUfs" => removed successfully.
CBUfs => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mfeavfk" => removed successfully.
mfeavfk => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mfebopk" => removed successfully.
mfebopk => service removed successfully.
mfehidk => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\mfehidk" => removed successfully.
mfehidk => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mferkdk" => removed successfully.
mferkdk => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mfesmfk" => removed successfully.
mfesmfk => service removed successfully.
Lbd => Service stopped successfully.
"HKLM\System\CurrentControlSet\Services\Lbd" => removed successfully.
Lbd => service removed successfully.
"HKLM\System\CurrentControlSet\Services\hpqddsvc" => removed successfully.
hpqddsvc => service removed successfully.
"HKLM\System\CurrentControlSet\Services\HPSLPSVC" => removed successfully.
HPSLPSVC => service removed successfully.
"HKLM\System\CurrentControlSet\Services\cpuz135" => removed successfully.
cpuz135 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\cpuz136" => removed successfully.
cpuz136 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\degkgkf" => removed successfully.
degkgkf => service removed successfully.
PCDSRVC{AEEF1793-83875E70-06020200}_0 => service not found.
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Auslogics BoostSpeed Shell Context Menu 9.x" => removed successfully.
"HKLM\Software\Classes\CLSID\{CC89327D-D094-8297-82CB-F989EE26FC51}" => removed successfully.
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully.
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found


The system needed a reboot.

==== End of Fixlog 14:38:29 ====

 

I remembered your query about the HP drivers, They will be left over from the previous house printer. I replaced the HP with the Canon that we have now. As you expected I haven't beeb able to gain access to get rid of them.

 

I noticed that the Intel Proset WIFI driver was a bit old, so I checked the website and got the latest one. Not that I will be using it for long, but Avast Smart Scan indicated that the system was beibg slowed down by the driver. Anyway, the new one connects more quickly than the previous, but doesn't make more than a few seconds difference to the boot time.

 

I'm off to see my Urologist now and essential shopping is bolted onto the appointment, so I probaly won't get much else done today.


  • 0

#79
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,463 posts
  • MVP

OK.  Let's do it the hard way.

First let's see if we can get the McAfee Removal tool to run on XP:

 

Download, save and run:

https://www.bleeping...s-removal-tool/

 

For Comodo there are two possibilities

 

the old tool:

 

http://forums.comodo...11531#msg511531

 

and the new one:

 

https://forums.comod...-t121091.0.html

 

 

I'm wondering if the random named service (S0 degkgkf; no ImagePath) is an active virus.

 

Let's try Combofix

 

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html


Download and Save this file --  to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.  



    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

 


  • 0

#80
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Good Morning Ron,

 

McAfee ran, but if there is a log I can't find it.

 

Here is the comodo log (I used the new tool.):

10:6:31 Dialog.cpp:293    >> OUT:: Press "Scan" to begin searching for Comodo Internet Security / Firewall / Antivirus products.
10:6:35 RegTools.cpp:43    >> Can't open key (SYSTEM\CurrentControlSet\services\CmdAgent\CisConfigs), error 2
10:6:35 RegTools.cpp:43    >> Can't open key (SYSTEM\Software\COMODO\Firewall Pro\Configurations), error 2
10:6:35 Dialog.cpp:326    >> OUT:: Installation directory: C:\Program Files\COMODO\COMODO Internet Security
10:6:35 Dialog.cpp:293    >> OUT:: Installation directory: C:\Program Files\COMODO\COMODO Internet Security
10:6:36 Dialog.cpp:293    >> OUT:: Scanning for installed shortcuts....
10:6:36 Dialog.cpp:293    >> OUT::  not found
10:6:36 Dialog.cpp:293    >> OUT:: Scanning for installed services....
10:6:36 Dialog.cpp:293    >> OUT::  not found
10:6:36 Dialog.cpp:293    >> OUT:: Scanning for installed drivers....
10:6:36 Dialog.cpp:293    >> OUT::  not found
10:6:36 Working.cpp:957    >> Operation guard: C:\WINDOWS\guard32.dll
10:6:36 Dialog.cpp:293    >> OUT:: Scanning for installed registry hives....
10:6:36 Working.cpp:958    >> Operation key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
10:6:36 Working.cpp:957    >> Operation guard: guard32.dll
10:6:36 Working.cpp:958    >> Operation key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
10:6:36 Dialog.cpp:293    >> OUT::  not found
10:6:36 Dialog.cpp:293    >> OUT:: Scanning for installed files....
10:6:36 Dialog.cpp:293    >> OUT::  found
10:6:36 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Cam\CIS') as symlink, error 2
10:6:36 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Cam') as symlink, error 2
10:6:36 Dialog.cpp:293    >> OUT:: Scanning for installed registry hives....
10:6:36 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro\Options') as symlink, error 2
10:6:36 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro\Data') as symlink, error 2
10:6:36 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro\Configurations') as symlink, error 2
10:6:36 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro') as symlink, error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet006), error 2
10:6:36 Dialog.cpp:293    >> OUT::  not found
10:6:36 Dialog.cpp:293    >> OUT:: Scanning for installed MSI....
10:6:36 Dialog.cpp:293    >> OUT::  found
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisIntegration), error 2
10:6:36 Dialog.cpp:293    >> OUT:: Scanning for installed registry hives....
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisIntegration.1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl.1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate.1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisUrlFltIntegration), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisUrlFltIntegration.1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisLpsIntegration), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisLpsIntegration.1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl.1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisDebugInjector), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisDebugInjector.1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisCWatchIntegration), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisCWatchIntegration.1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate.1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisCceIntegration), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisCceIntegration.1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisWmiProvider), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisWmiProvider.1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisAgent), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.CisAgent.1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.ViruscopeFacadeControl), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (CIS.ViruscopeFacadeControl.1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (Recognizer.HeurWindowsInfector), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (Recognizer.HeurWindowsInfector.1), error 2
10:6:36 RegTools.cpp:256    >> Can't read string (MsiProductCode), error 2
10:6:36 Dialog.cpp:293    >> OUT::  found
10:6:36 Dialog.cpp:293    >> OUT:: Scanning for installed registry hives....
10:6:36 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet006), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (AppID\{342A9490-7F70-4AE6-B553-9BA04288F8F6}), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (Software\CFP), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\CDI\1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\internet security), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\firewall), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\antivirus), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\cis), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\cfp), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (Software\CFP), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SYSTEM\Software\COMODO\Firewall Pro), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SYSTEM\Software\COMODO\Shared Space), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SYSTEM\Software\COMODO\CAM), error 2
10:6:36 Dialog.cpp:293    >> OUT::  found
10:6:36 Dialog.cpp:293    >> OUT:: Scanning for installed MSI components....
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00D3A38DC773DF54E9CC42F77C041A61), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\010AD84127D46CB43B4920CA0D1094D4), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FC6C4540472B5D448BDBD6D77B5E1DE), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\123C5119123EF66439FB479AD6275B9A), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14458549798657D44AC0570BEA27EA7E), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17962C9FE2A890140824564B9B200D43), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2315A4B072E3BDF4B8CE03971AB2770C), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2481B72D9F6713549B081AE095A0C756), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\265D0406C87211546AB7717F49CE3AF3), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29A1D8D4B1639A14D9A0AC98939ECEB6), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D0E47FB821CB5E4092329E6484B2D34), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D91E472B92CF2A44ACD3B206E838DB7), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FC39BA3AE51AB54B8B98AA60A79BE3A), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FCBE66BE4B609A4BB31D90C51D2DE88), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35244D99ADF027A49A0BFD0424080BFC), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35B9D2F62AF55D54DAB59E313EC18C65), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3632B856B3F03AA478F4833A03AE1819), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B4D259ABBDA5914AB8489F199B3296C), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C554669B15392140B16AB417DC306AE), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DA5EB80EF523874587A99BF798C7489), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F613C8E5E9670648B17B9820B8888BA), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50C684E2267759049B952749C78A3EA1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\535D3891E31ED6D47A41825D1B47F51C), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\54B3A0A4441F0DC4897BC010BC9588BD), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\561D95FA9074C6C41AB0F76DA0BB211C), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56E0AD3FD4182664BBBB4E9568B4A199), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5715C43995CE44C4E809E63C95024801), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59467F7B0FB297240A363A088E9A5EF0), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E8CA4DD3FB9D84499E8C8D248127FF9), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5ED6B148C52042A4EA0018DD02283C22), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\672118E19CE60C340A77B6B0166FA2C4), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\689B8F9CBBEB9A0438843541B944B55F), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D08B2C0E87EA944A9E5C5EF9BA4B920), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\739EB50E4C67E3B4085751656AAE972C), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7531C22B6CA47CE4C918EC69FD221664), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\77BD9CD924A655C46BA0CE60072BF0D1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\79973047FCFBA8346BAE074D5F856B50), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B04212B70E33AD47A63DC9D3B6616FB), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E8919EBB89BBDD459FC61F84965F676), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F178CB0464E3B64EBCBADA8658F6FD4), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83497A34FBD18D3449F9073D8B79B5CD), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9AEBDFFED571CA444B16B9546DD8BC8D), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C2600A6E5247E14FA88C2467AB8A7B3), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A15D3B28005954EBE60F531B5F1561), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A70494EE0A89D9641B53FAE3075C223D), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AADEDF2229E177A469DCA25B3C03B8A5), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B10B82F2BAD253249AD70E9BE0D5DBB9), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B18912FD909383442954328A092358FE), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B929C9C03F4EEAE4A849CFCC46E9C7BD), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA9378171F29BAF4DAA757023155466C), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C0CED78355DA37D40A86405ED75BBA52), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C4F871884E15F504F8A16FE80CAF24A7), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA3A70820FC1B4B4BAF952C0A386A971), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB09E82B23DC87642ADCB26DC506C1EA), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBCC66C8465BFEA43A018D24920C631F), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D66089F5909BB4C4A994F91E31F02A58), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D7E865F066F56CF448D95733D9F89C16), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D832826EB62BAC5468921B6A1B4DF197), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA796644865F8DF46A9449234888F56F), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA998A67A404E354594522F69CF0B875), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB3A0A2A2DE53474BA79F7EB7A2A3C36), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC71F2FDD7E93D34E8C145F1316908D1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC9BDE08B14CD9D4593ADE877D13758D), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1A606CA9DC57EC4F8C341E3754A2CA9), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4F7D249C106C154D940169D5C67C7B0), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E789301EAB079BB43BC62D245EA92DA1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E90072900939C124A87EDB0235B01A46), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3B56F0950EB6B440B022DABCD84BA93), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3E2DD9151A1AB84887C18EFDE227427), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4961E762D66B6642BBEFD5F61EE6250), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4ED6542ECA149346A18596EA220A7DF), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F604B15EF9DB69A47B50122F8E0254AE), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F68A213CE806DF541AD0DA9D8C8CCC47), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8C8C380112E30147BA55E84F7491F40), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDF5671EE31DF7347A3B47C9EA89D6EE), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00D3A38DC773DF54E9CC42F77C041A61), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\010AD84127D46CB43B4920CA0D1094D4), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FC6C4540472B5D448BDBD6D77B5E1DE), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14458549798657D44AC0570BEA27EA7E), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17962C9FE2A890140824564B9B200D43), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2315A4B072E3BDF4B8CE03971AB2770C), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2481B72D9F6713549B081AE095A0C756), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\265D0406C87211546AB7717F49CE3AF3), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29A1D8D4B1639A14D9A0AC98939ECEB6), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D0E47FB821CB5E4092329E6484B2D34), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D91E472B92CF2A44ACD3B206E838DB7), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FC39BA3AE51AB54B8B98AA60A79BE3A), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FCBE66BE4B609A4BB31D90C51D2DE88), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35244D99ADF027A49A0BFD0424080BFC), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35B9D2F62AF55D54DAB59E313EC18C65), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3632B856B3F03AA478F4833A03AE1819), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B4D259ABBDA5914AB8489F199B3296C), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C554669B15392140B16AB417DC306AE), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DA5EB80EF523874587A99BF798C7489), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F613C8E5E9670648B17B9820B8888BA), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50C684E2267759049B952749C78A3EA1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\535D3891E31ED6D47A41825D1B47F51C), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\54B3A0A4441F0DC4897BC010BC9588BD), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\561D95FA9074C6C41AB0F76DA0BB211C), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56E0AD3FD4182664BBBB4E9568B4A199), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5715C43995CE44C4E809E63C95024801), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59467F7B0FB297240A363A088E9A5EF0), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E8CA4DD3FB9D84499E8C8D248127FF9), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5ED6B148C52042A4EA0018DD02283C22), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\672118E19CE60C340A77B6B0166FA2C4), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\689B8F9CBBEB9A0438843541B944B55F), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D08B2C0E87EA944A9E5C5EF9BA4B920), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\739EB50E4C67E3B4085751656AAE972C), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7531C22B6CA47CE4C918EC69FD221664), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\77BD9CD924A655C46BA0CE60072BF0D1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\79973047FCFBA8346BAE074D5F856B50), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B04212B70E33AD47A63DC9D3B6616FB), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E8919EBB89BBDD459FC61F84965F676), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F178CB0464E3B64EBCBADA8658F6FD4), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83497A34FBD18D3449F9073D8B79B5CD), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9AEBDFFED571CA444B16B9546DD8BC8D), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C2600A6E5247E14FA88C2467AB8A7B3), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A15D3B28005954EBE60F531B5F1561), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A70494EE0A89D9641B53FAE3075C223D), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AADEDF2229E177A469DCA25B3C03B8A5), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B10B82F2BAD253249AD70E9BE0D5DBB9), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B18912FD909383442954328A092358FE), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B929C9C03F4EEAE4A849CFCC46E9C7BD), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA9378171F29BAF4DAA757023155466C), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C0CED78355DA37D40A86405ED75BBA52), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C4F871884E15F504F8A16FE80CAF24A7), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA3A70820FC1B4B4BAF952C0A386A971), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB09E82B23DC87642ADCB26DC506C1EA), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBCC66C8465BFEA43A018D24920C631F), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D66089F5909BB4C4A994F91E31F02A58), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D7E865F066F56CF448D95733D9F89C16), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D832826EB62BAC5468921B6A1B4DF197), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA796644865F8DF46A9449234888F56F), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA998A67A404E354594522F69CF0B875), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB3A0A2A2DE53474BA79F7EB7A2A3C36), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC71F2FDD7E93D34E8C145F1316908D1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC9BDE08B14CD9D4593ADE877D13758D), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1A606CA9DC57EC4F8C341E3754A2CA9), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4F7D249C106C154D940169D5C67C7B0), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E789301EAB079BB43BC62D245EA92DA1), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E90072900939C124A87EDB0235B01A46), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3B56F0950EB6B440B022DABCD84BA93), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3E2DD9151A1AB84887C18EFDE227427), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4961E762D66B6642BBEFD5F61EE6250), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F604B15EF9DB69A47B50122F8E0254AE), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F68A213CE806DF541AD0DA9D8C8CCC47), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8C8C380112E30147BA55E84F7491F40), error 2
10:6:36 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDF5671EE31DF7347A3B47C9EA89D6EE), error 2
10:6:36 Dialog.cpp:293    >> OUT::  not found
10:6:36 Dialog.cpp:293    >> OUT:: Scanning for scheduled tasks....
10:6:36 Working.cpp:1818    >> ITask::GetApplicationName for task (Avast Emergency Update.job) returned: C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
10:6:36 Working.cpp:1818    >> ITask::GetApplicationName for task (MP Scheduled Scan.job) returned: C:\Program Files\Windows Defender\MpCmdRun.exe
10:6:36 Dialog.cpp:293    >> OUT::  not found
10:6:36 Dialog.cpp:293    >> OUT:: Scanning for Security Center entries....
10:6:36 Working.cpp:1913    >> IWbemServices::GetObject(FirewallProduct.instanceGuid="{043803A3-4F86-4ef6-AFC5-F6E02A79969B}") failed: 0x80041002
10:6:36 Working.cpp:1913    >> IWbemServices::GetObject(AntiSpywareProduct.instanceGuid="{043803A4-4F86-4ef7-AFC5-F6E02A79969B}") failed: 0x80041010
10:6:36 Dialog.cpp:326    >> OUT:: Cannot connect to Windows Security Center. Error 0x80041010:
10:6:36 Dialog.cpp:293    >> OUT:: Cannot connect to Windows Security Center. Error 0x80041010:
10:6:36 Working.cpp:1913    >> IWbemServices::GetObject(AntiVirusProduct.instanceGuid="{043803A5-4F86-4ef7-AFC5-F6E02A79969B}") failed: 0x80041002
10:6:36 Dialog.cpp:293    >> OUT::  not found
10:6:36 Dialog.cpp:293    >> OUT:: Product "Comodo Internet Security" installation is detected. If you want to clean up product related files and registry entries, please press "Continue" button.
10:6:36 Dialog.cpp:198    >> CIS found: 1
10:6:45 Dialog.cpp:293    >> OUT:: Creating system restore point. Please wait...
10:6:55 RestorePoint.cpp:97    >> Restore point creation result: ok(1), status(0), winerror(1008), seqnum in(0), seqnum out(1707), is RP service disabled(0)
10:6:55 Dialog.cpp:206    >> RP created: 1
10:6:55 Dialog.cpp:293    >> OUT:: Removing shortcuts...
10:6:55 Dialog.cpp:293    >> OUT:: Removing installed services...
10:6:55 Dialog.cpp:293    >> OUT:: Removing installed driver(s)...
10:6:55 Working.cpp:957    >> Operation guard: C:\WINDOWS\guard32.dll
10:6:55 Dialog.cpp:293    >> OUT:: Removing registry hives...
10:6:55 Working.cpp:958    >> Operation key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
10:6:55 Working.cpp:957    >> Operation guard: guard32.dll
10:6:55 Working.cpp:958    >> Operation key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
10:6:55 Dialog.cpp:293    >> OUT:: Removing installed files...
10:6:55 Working.cpp:215    >> File/folder deleted: C:\Documents and Settings\All Users\Application Data\Shared Space
10:6:55 Working.cpp:215    >> File/folder deleted: C:\WINDOWS\system32\guard32.dll
10:6:55 Working.cpp:215    >> File/folder deleted: C:\WINDOWS\system32\cmdvrt32.dll
10:6:55 Working.cpp:215    >> File/folder deleted: C:\WINDOWS\system32\cmdcsr.dll
10:6:55 Working.cpp:215    >> File/folder deleted: C:\WINDOWS\system32\cmdkbd32.dll
10:6:55 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Cam\CIS') as symlink, error 2
10:6:55 Dialog.cpp:293    >> OUT:: 5 of 5 files removed
10:6:55 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Cam') as symlink, error 2
10:6:55 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro\Options') as symlink, error 2
10:6:55 Dialog.cpp:293    >> OUT:: Removing symlinks...
10:6:55 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro\Data') as symlink, error 2
10:6:55 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro\Configurations') as symlink, error 2
10:6:55 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro') as symlink, error 2
10:6:55 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet006), error 2
10:6:55 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Cam\CIS') as symlink, error 2
10:6:55 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Cam') as symlink, error 2
10:6:55 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro\Options') as symlink, error 2
10:6:55 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro\Data') as symlink, error 2
10:6:55 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro\Configurations') as symlink, error 2
10:6:55 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro') as symlink, error 2
10:6:55 Dialog.cpp:293    >> OUT:: Symlinks removed
10:6:55 Dialog.cpp:293    >> OUT:: Removing MSI components...
10:6:55 Working.cpp:1296    >> Removing {FD8E178D-8B4E-42DA-B434-EFF270329B1C} ({FD8E178D-8B4E-42DA-B434-EFF270329B1C})...
10:6:55 Working.cpp:1312    >> Starting zap: "C:\Documents and Settings\Philip\Local Settings\Temp\cis4.tmp" TWA! {FD8E178D-8B4E-42DA-B434-EFF270329B1C}
10:7:1 Working.cpp:1312    >> Starting zap: "C:\Documents and Settings\Philip\Local Settings\Temp\cis4.tmp" TW! {FD8E178D-8B4E-42DA-B434-EFF270329B1C}
10:7:3 Dialog.cpp:293    >> OUT:: Removing registry hives...
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisIntegration), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisIntegration.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisUrlFltIntegration), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisUrlFltIntegration.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisLpsIntegration), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisLpsIntegration.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisDebugInjector), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisDebugInjector.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisCWatchIntegration), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisCWatchIntegration.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisCceIntegration), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisCceIntegration.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisWmiProvider), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisWmiProvider.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisAgent), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisAgent.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.ViruscopeFacadeControl), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.ViruscopeFacadeControl.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (Recognizer.HeurWindowsInfector), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (Recognizer.HeurWindowsInfector.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (cmdavcen.InfectedFile), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (cmdavcen.InfectedFile.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (cmdavcen.Infection), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (cmdavcen.Infection.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CavShell.CntMenu), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CavShell.CntMenu.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisIntegration), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisIntegration.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisUrlFltIntegration), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisUrlFltIntegration.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisLpsIntegration), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisLpsIntegration.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisDebugInjector), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisDebugInjector.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisCWatchIntegration), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisCWatchIntegration.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisCceIntegration), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisCceIntegration.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisWmiProvider), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisWmiProvider.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisAgent), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.CisAgent.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.ViruscopeFacadeControl), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (CIS.ViruscopeFacadeControl.1), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (Recognizer.HeurWindowsInfector), error 2
10:7:3 RegTools.cpp:43    >> Can't open key (Recognizer.HeurWindowsInfector.1), error 2
10:7:3 RegTools.cpp:422    >> Can't open key (cmdstat.UsageStatisticSimpleSender), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdstat.UsageStatisticSimpleSender) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdstat.UsageStatisticSimpleSender removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdstat.UsageStatisticSimpleSender.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdstat.UsageStatisticSimpleSender.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdstat.UsageStatisticSimpleSender.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdstat.SvcUsageStatistic), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdstat.SvcUsageStatistic) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdstat.SvcUsageStatistic removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdstat.SvcUsageStatistic.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdstat.SvcUsageStatistic.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdstat.SvcUsageStatistic.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdstat.SvcSystemStatistic), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdstat.SvcSystemStatistic) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdstat.SvcSystemStatistic removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdstat.SvcSystemStatistic.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdstat.SvcSystemStatistic.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdstat.SvcSystemStatistic.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdstat.SvcCisPerfMon), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdstat.SvcCisPerfMon) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdstat.SvcCisPerfMon removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdstat.SvcCisPerfMon.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdstat.SvcCisPerfMon.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdstat.SvcCisPerfMon.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdscope.ViruscopeEnvironmentHelper), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdscope.ViruscopeEnvironmentHelper) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdscope.ViruscopeEnvironmentHelper removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdscope.ViruscopeEnvironmentHelper.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdscope.ViruscopeEnvironmentHelper.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdscope.ViruscopeEnvironmentHelper.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdscope.ViruscopeFacadeControl), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdscope.ViruscopeFacadeControl) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdscope.ViruscopeFacadeControl removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdscope.ViruscopeFacadeControl.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdscope.ViruscopeFacadeControl.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdscope.ViruscopeFacadeControl.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordAlertFw), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordAlertFw) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordAlertFw removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordAlertFw.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordAlertFw.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordAlertFw.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordAlertExec), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordAlertExec) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordAlertExec removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordAlertExec.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordAlertExec.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordAlertExec.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordAlertDf), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordAlertDf) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordAlertDf removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordAlertDf.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordAlertDf.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordAlertDf.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordAlertBo), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordAlertBo) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordAlertBo removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordAlertBo.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordAlertBo.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordAlertBo.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordAlertAv), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordAlertAv) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordAlertAv removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordAlertAv.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordAlertAv.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordAlertAv.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdtrust.SvcTrustCenter), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdtrust.SvcTrustCenter) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdtrust.SvcTrustCenter removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdtrust.SvcTrustCenter.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdtrust.SvcTrustCenter.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdtrust.SvcTrustCenter.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdupd.CisUpdater), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdupd.CisUpdater) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdupd.CisUpdater removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdupd.CisUpdater.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdupd.CisUpdater.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdupd.CisUpdater.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdurlflt.SvcUrlFiltering), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdurlflt.SvcUrlFiltering) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdurlflt.SvcUrlFiltering removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdurlflt.SvcUrlFiltering.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdurlflt.SvcUrlFiltering.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdurlflt.SvcUrlFiltering.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogReportRecord), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogReportRecord) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogReportRecord removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogReportRecord.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogReportRecord.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogReportRecord.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordConfigChange), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordConfigChange) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordConfigChange removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordConfigChange.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordConfigChange.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordConfigChange.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordEventAv), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordEventAv) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordEventAv removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordEventAv.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordEventAv.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordEventAv.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordEventDf), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordEventDf) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordEventDf removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordEventDf.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordEventDf.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordEventDf.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordEventFw), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordEventFw) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordEventFw removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordEventFw.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordEventFw.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordEventFw.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordJobAvScan), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordJobAvScan) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordJobAvScan removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordJobAvScan.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordJobAvScan.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordJobAvScan.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordJobAvUpdate), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordJobAvUpdate) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordJobAvUpdate removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogRecordJobAvUpdate.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogRecordJobAvUpdate.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogRecordJobAvUpdate.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogs), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogs) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogs removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdlogs.SvcLogs.1), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdlogs.SvcLogs.1) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdlogs.SvcLogs.1 removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdcmc.SvcCmc), error 0
10:7:3 RegTools.cpp:433    >> Key (cmdcmc.SvcCmc) deleted
10:7:3 Working.cpp:265    >> Key 2147483648\cmdcmc.SvcCmc removed
10:7:3 RegTools.cpp:422    >> Can't open key (cmdcmc.SvcCmc.1), error 0
10:7:4 RegTools.cpp:433    >> Key (cmdcmc.SvcCmc.1) deleted
10:7:4 Working.cpp:265    >> Key 2147483648\cmdcmc.SvcCmc.1 removed
10:7:4 RegTools.cpp:422    >> Can't open key (cmdcloud.SvcFls), error 0
10:7:4 RegTools.cpp:433    >> Key (cmdcloud.SvcFls) deleted
10:7:4 Working.cpp:265    >> Key 2147483648\cmdcloud.SvcFls removed
10:7:4 RegTools.cpp:422    >> Can't open key (cmdcloud.SvcFls.1), error 0
10:7:4 RegTools.cpp:433    >> Key (cmdcloud.SvcFls.1) deleted
10:7:4 Working.cpp:265    >> Key 2147483648\cmdcloud.SvcFls.1 removed
10:7:4 RegTools.cpp:422    >> Can't open key (cmdcloud.SvcSubmit), error 0
10:7:4 RegTools.cpp:433    >> Key (cmdcloud.SvcSubmit) deleted
10:7:4 Working.cpp:265    >> Key 2147483648\cmdcloud.SvcSubmit removed
10:7:4 RegTools.cpp:422    >> Can't open key (cmdcloud.SvcSubmit.1), error 0
10:7:4 RegTools.cpp:433    >> Key (cmdcloud.SvcSubmit.1) deleted
10:7:4 Working.cpp:265    >> Key 2147483648\cmdcloud.SvcSubmit.1 removed
10:7:4 RegTools.cpp:422    >> Can't open key (cmdcfg.SvcConfiguration), error 0
10:7:4 RegTools.cpp:433    >> Key (cmdcfg.SvcConfiguration) deleted
10:7:4 Working.cpp:265    >> Key 2147483648\cmdcfg.SvcConfiguration removed
10:7:4 RegTools.cpp:422    >> Can't open key (cmdcfg.SvcConfiguration.1), error 0
10:7:4 RegTools.cpp:433    >> Key (cmdcfg.SvcConfiguration.1) deleted
10:7:4 Working.cpp:265    >> Key 2147483648\cmdcfg.SvcConfiguration.1 removed
10:7:4 RegTools.cpp:422    >> Can't open key (cmdboost.SvcBooster), error 0
10:7:4 RegTools.cpp:433    >> Key (cmdboost.SvcBooster) deleted
10:7:4 Working.cpp:265    >> Key 2147483648\cmdboost.SvcBooster removed
10:7:4 RegTools.cpp:422    >> Can't open key (cmdboost.SvcBooster.1), error 0
10:7:4 RegTools.cpp:433    >> Key (cmdboost.SvcBooster.1) deleted
10:7:4 Working.cpp:265    >> Key 2147483648\cmdboost.SvcBooster.1 removed
10:7:4 RegTools.cpp:43    >> Can't open key (cmdavcen.InfectedFile), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (cmdavcen.InfectedFile.1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (cmdavcen.Infection), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (cmdavcen.Infection.1), error 2
10:7:4 RegTools.cpp:422    >> Can't open key (cmdavcen.SvcAvCenter), error 0
10:7:4 RegTools.cpp:433    >> Key (cmdavcen.SvcAvCenter) deleted
10:7:4 Working.cpp:265    >> Key 2147483648\cmdavcen.SvcAvCenter removed
10:7:4 RegTools.cpp:422    >> Can't open key (cmdavcen.SvcAvCenter.1), error 0
10:7:4 RegTools.cpp:433    >> Key (cmdavcen.SvcAvCenter.1) deleted
10:7:4 Working.cpp:265    >> Key 2147483648\cmdavcen.SvcAvCenter.1 removed
10:7:4 RegTools.cpp:422    >> Can't open key (cmdaruns.AutorunEnumerator), error 0
10:7:4 RegTools.cpp:433    >> Key (cmdaruns.AutorunEnumerator) deleted
10:7:4 Working.cpp:265    >> Key 2147483648\cmdaruns.AutorunEnumerator removed
10:7:4 RegTools.cpp:422    >> Can't open key (cmdaruns.AutorunEnumerator.1), error 0
10:7:4 RegTools.cpp:433    >> Key (cmdaruns.AutorunEnumerator.1) deleted
10:7:4 Working.cpp:265    >> Key 2147483648\cmdaruns.AutorunEnumerator.1 removed
10:7:4 RegTools.cpp:43    >> Can't open key (CavWp.AvBoostHelper), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (CavWp.AvBoostHelper.1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (CavWp.AvDllHost), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (CavWp.AvDllHost.1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (CavWp.AvMerger), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (CavWp.AvMerger.1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (CavWp.AvMonitor), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (CavWp.AvMonitor.1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (CavWp.AvScanner), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (CavWp.AvScanner.1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (CavWp.AvSigChecker), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (CavWp.AvSigChecker.1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (CavShell.CntMenu), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (CavShell.CntMenu.1), error 2
10:7:4 Dialog.cpp:293    >> OUT:: 58 of 70 registry hives removed
10:7:4 RegTools.cpp:256    >> Can't read string (MsiProductCode), error 2
10:7:4 Dialog.cpp:293    >> OUT:: Removing registry hives...
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet006), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (AppID\{342A9490-7F70-4AE6-B553-9BA04288F8F6}), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (Software\CFP), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\CDI\1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\internet security), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\firewall), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\antivirus), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\cis), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\cfp), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (Software\CFP), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\Software\COMODO\Firewall Pro), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\Software\COMODO\Shared Space), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\Software\COMODO\CAM), error 2
10:7:4 RegTools.cpp:422    >> Can't open key (SOFTWARE\COMODO\CIS), error 0
10:7:4 RegTools.cpp:433    >> Key (SOFTWARE\COMODO\CIS) deleted
10:7:4 Working.cpp:265    >> Key 2147483650\SOFTWARE\COMODO\CIS removed
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\COMODO Internet Security), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\COMODO Internet Security), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (System\VritualRoot), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\internet security), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\firewall), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\antivirus), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\cis), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\cfp), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\CDI\1), error 2
10:7:4 RegTools.cpp:422    >> Can't open key (SYSTEM\ControlSet001\services\cmdagent), error 0
10:7:4 RegTools.cpp:433    >> Key (SYSTEM\ControlSet001\services\cmdagent) deleted
10:7:4 Working.cpp:265    >> Key 2147483650\SYSTEM\ControlSet001\services\cmdagent removed
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet001\services\cmderd), error 2
10:7:4 RegTools.cpp:422    >> Can't open key (SYSTEM\ControlSet001\services\cmdguard), error 0
10:7:4 RegTools.cpp:433    >> Key (SYSTEM\ControlSet001\services\cmdguard) deleted
10:7:4 Working.cpp:265    >> Key 2147483650\SYSTEM\ControlSet001\services\cmdguard removed
10:7:4 RegTools.cpp:422    >> Can't open key (SYSTEM\ControlSet001\services\cmdhlp), error 0
10:7:4 RegTools.cpp:433    >> Key (SYSTEM\ControlSet001\services\cmdhlp) deleted
10:7:4 Working.cpp:265    >> Key 2147483650\SYSTEM\ControlSet001\services\cmdhlp removed
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet001\services\cmdvirth), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet001\services\cmdinspect), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet002\services\cmdagent), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet002\services\cmderd), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet002\services\cmdguard), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet002\services\cmdhlp), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet002\services\cmdvirth), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet002\services\cmdinspect), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet004\services\cmdagent), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet004\services\cmderd), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet004\services\cmdguard), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet004\services\cmdhlp), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet004\services\cmdvirth), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet004\services\cmdinspect), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet005\services\cmdagent), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet005\services\cmderd), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet005\services\cmdguard), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet005\services\cmdhlp), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet005\services\cmdvirth), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet005\services\cmdinspect), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\CDI), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (System\Software\Comodo), error 2
10:7:4 RegTools.cpp:422    >> Can't open key (System\Software), error 0
10:7:4 RegTools.cpp:433    >> Key (System\Software) deleted
10:7:4 Working.cpp:265    >> Key 2147483650\System\Software removed
10:7:4 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\CDI), error 2
10:7:4 RegTools.cpp:496    >> Can't query value (COMODO Internet Security), error 2
10:7:4 RegTools.cpp:496    >> Can't query value (CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}), error 2
10:7:4 RegTools.cpp:496    >> Can't query value (Comodo Installer Cleanup), error 2
10:7:4 Dialog.cpp:293    >> OUT:: 5 of 5 registry hives removed
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00D3A38DC773DF54E9CC42F77C041A61), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\010AD84127D46CB43B4920CA0D1094D4), error 2
10:7:4 Dialog.cpp:293    >> OUT:: Removing MSI components...
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FC6C4540472B5D448BDBD6D77B5E1DE), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\123C5119123EF66439FB479AD6275B9A), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14458549798657D44AC0570BEA27EA7E), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17962C9FE2A890140824564B9B200D43), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2315A4B072E3BDF4B8CE03971AB2770C), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2481B72D9F6713549B081AE095A0C756), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\265D0406C87211546AB7717F49CE3AF3), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29A1D8D4B1639A14D9A0AC98939ECEB6), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D0E47FB821CB5E4092329E6484B2D34), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D91E472B92CF2A44ACD3B206E838DB7), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FC39BA3AE51AB54B8B98AA60A79BE3A), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FCBE66BE4B609A4BB31D90C51D2DE88), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35244D99ADF027A49A0BFD0424080BFC), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35B9D2F62AF55D54DAB59E313EC18C65), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3632B856B3F03AA478F4833A03AE1819), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B4D259ABBDA5914AB8489F199B3296C), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C554669B15392140B16AB417DC306AE), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DA5EB80EF523874587A99BF798C7489), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F613C8E5E9670648B17B9820B8888BA), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50C684E2267759049B952749C78A3EA1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\535D3891E31ED6D47A41825D1B47F51C), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\54B3A0A4441F0DC4897BC010BC9588BD), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\561D95FA9074C6C41AB0F76DA0BB211C), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56E0AD3FD4182664BBBB4E9568B4A199), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5715C43995CE44C4E809E63C95024801), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59467F7B0FB297240A363A088E9A5EF0), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E8CA4DD3FB9D84499E8C8D248127FF9), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5ED6B148C52042A4EA0018DD02283C22), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\672118E19CE60C340A77B6B0166FA2C4), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\689B8F9CBBEB9A0438843541B944B55F), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D08B2C0E87EA944A9E5C5EF9BA4B920), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\739EB50E4C67E3B4085751656AAE972C), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7531C22B6CA47CE4C918EC69FD221664), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\77BD9CD924A655C46BA0CE60072BF0D1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\79973047FCFBA8346BAE074D5F856B50), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B04212B70E33AD47A63DC9D3B6616FB), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E8919EBB89BBDD459FC61F84965F676), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F178CB0464E3B64EBCBADA8658F6FD4), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83497A34FBD18D3449F9073D8B79B5CD), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9AEBDFFED571CA444B16B9546DD8BC8D), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C2600A6E5247E14FA88C2467AB8A7B3), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A15D3B28005954EBE60F531B5F1561), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A70494EE0A89D9641B53FAE3075C223D), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AADEDF2229E177A469DCA25B3C03B8A5), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B10B82F2BAD253249AD70E9BE0D5DBB9), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B18912FD909383442954328A092358FE), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B929C9C03F4EEAE4A849CFCC46E9C7BD), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA9378171F29BAF4DAA757023155466C), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C0CED78355DA37D40A86405ED75BBA52), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C4F871884E15F504F8A16FE80CAF24A7), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA3A70820FC1B4B4BAF952C0A386A971), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB09E82B23DC87642ADCB26DC506C1EA), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBCC66C8465BFEA43A018D24920C631F), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D66089F5909BB4C4A994F91E31F02A58), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D7E865F066F56CF448D95733D9F89C16), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D832826EB62BAC5468921B6A1B4DF197), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA796644865F8DF46A9449234888F56F), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA998A67A404E354594522F69CF0B875), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB3A0A2A2DE53474BA79F7EB7A2A3C36), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC71F2FDD7E93D34E8C145F1316908D1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC9BDE08B14CD9D4593ADE877D13758D), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1A606CA9DC57EC4F8C341E3754A2CA9), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4F7D249C106C154D940169D5C67C7B0), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E789301EAB079BB43BC62D245EA92DA1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E90072900939C124A87EDB0235B01A46), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3B56F0950EB6B440B022DABCD84BA93), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3E2DD9151A1AB84887C18EFDE227427), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4961E762D66B6642BBEFD5F61EE6250), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4ED6542ECA149346A18596EA220A7DF), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F604B15EF9DB69A47B50122F8E0254AE), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F68A213CE806DF541AD0DA9D8C8CCC47), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8C8C380112E30147BA55E84F7491F40), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDF5671EE31DF7347A3B47C9EA89D6EE), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00D3A38DC773DF54E9CC42F77C041A61), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\010AD84127D46CB43B4920CA0D1094D4), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FC6C4540472B5D448BDBD6D77B5E1DE), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14458549798657D44AC0570BEA27EA7E), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17962C9FE2A890140824564B9B200D43), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2315A4B072E3BDF4B8CE03971AB2770C), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2481B72D9F6713549B081AE095A0C756), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\265D0406C87211546AB7717F49CE3AF3), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29A1D8D4B1639A14D9A0AC98939ECEB6), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D0E47FB821CB5E4092329E6484B2D34), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D91E472B92CF2A44ACD3B206E838DB7), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FC39BA3AE51AB54B8B98AA60A79BE3A), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FCBE66BE4B609A4BB31D90C51D2DE88), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35244D99ADF027A49A0BFD0424080BFC), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35B9D2F62AF55D54DAB59E313EC18C65), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3632B856B3F03AA478F4833A03AE1819), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B4D259ABBDA5914AB8489F199B3296C), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C554669B15392140B16AB417DC306AE), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DA5EB80EF523874587A99BF798C7489), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F613C8E5E9670648B17B9820B8888BA), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50C684E2267759049B952749C78A3EA1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\535D3891E31ED6D47A41825D1B47F51C), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\54B3A0A4441F0DC4897BC010BC9588BD), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\561D95FA9074C6C41AB0F76DA0BB211C), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56E0AD3FD4182664BBBB4E9568B4A199), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5715C43995CE44C4E809E63C95024801), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59467F7B0FB297240A363A088E9A5EF0), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E8CA4DD3FB9D84499E8C8D248127FF9), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5ED6B148C52042A4EA0018DD02283C22), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\672118E19CE60C340A77B6B0166FA2C4), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\689B8F9CBBEB9A0438843541B944B55F), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D08B2C0E87EA944A9E5C5EF9BA4B920), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\739EB50E4C67E3B4085751656AAE972C), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7531C22B6CA47CE4C918EC69FD221664), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\77BD9CD924A655C46BA0CE60072BF0D1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\79973047FCFBA8346BAE074D5F856B50), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B04212B70E33AD47A63DC9D3B6616FB), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E8919EBB89BBDD459FC61F84965F676), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F178CB0464E3B64EBCBADA8658F6FD4), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83497A34FBD18D3449F9073D8B79B5CD), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9AEBDFFED571CA444B16B9546DD8BC8D), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C2600A6E5247E14FA88C2467AB8A7B3), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A15D3B28005954EBE60F531B5F1561), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A70494EE0A89D9641B53FAE3075C223D), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AADEDF2229E177A469DCA25B3C03B8A5), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B10B82F2BAD253249AD70E9BE0D5DBB9), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B18912FD909383442954328A092358FE), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B929C9C03F4EEAE4A849CFCC46E9C7BD), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA9378171F29BAF4DAA757023155466C), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C0CED78355DA37D40A86405ED75BBA52), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C4F871884E15F504F8A16FE80CAF24A7), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA3A70820FC1B4B4BAF952C0A386A971), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB09E82B23DC87642ADCB26DC506C1EA), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBCC66C8465BFEA43A018D24920C631F), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D66089F5909BB4C4A994F91E31F02A58), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D7E865F066F56CF448D95733D9F89C16), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D832826EB62BAC5468921B6A1B4DF197), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA796644865F8DF46A9449234888F56F), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA998A67A404E354594522F69CF0B875), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB3A0A2A2DE53474BA79F7EB7A2A3C36), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC71F2FDD7E93D34E8C145F1316908D1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC9BDE08B14CD9D4593ADE877D13758D), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1A606CA9DC57EC4F8C341E3754A2CA9), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4F7D249C106C154D940169D5C67C7B0), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E789301EAB079BB43BC62D245EA92DA1), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E90072900939C124A87EDB0235B01A46), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3B56F0950EB6B440B022DABCD84BA93), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3E2DD9151A1AB84887C18EFDE227427), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4961E762D66B6642BBEFD5F61EE6250), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F604B15EF9DB69A47B50122F8E0254AE), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F68A213CE806DF541AD0DA9D8C8CCC47), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8C8C380112E30147BA55E84F7491F40), error 2
10:7:4 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDF5671EE31DF7347A3B47C9EA89D6EE), error 2
10:7:4 Dialog.cpp:293    >> OUT:: Removing scheduled tasks...
10:7:5 Working.cpp:1818    >> ITask::GetApplicationName for task (Avast Emergency Update.job) returned: C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
10:7:5 Working.cpp:1818    >> ITask::GetApplicationName for task (MP Scheduled Scan.job) returned: C:\Program Files\Windows Defender\MpCmdRun.exe
10:7:5 Dialog.cpp:293    >> OUT:: Removing Security Center entries...
10:7:6 Working.cpp:1913    >> IWbemServices::GetObject(FirewallProduct.instanceGuid="{043803A3-4F86-4ef6-AFC5-F6E02A79969B}") failed: 0x80041002
10:7:6 Working.cpp:1929    >> IWbemServices::DeleteInstance(FirewallProduct.instanceGuid="{043803A3-4F86-4ef6-AFC5-F6E02A79969B}") failed: 0x80041002
10:7:6 Working.cpp:1913    >> IWbemServices::GetObject(AntiSpywareProduct.instanceGuid="{043803A4-4F86-4ef7-AFC5-F6E02A79969B}") failed: 0x80041010
10:7:6 Dialog.cpp:326    >> OUT:: Cannot connect to Windows Security Center. Error 0x80041010:
10:7:6 Dialog.cpp:293    >> OUT:: Cannot connect to Windows Security Center. Error 0x80041010:
10:7:6 Working.cpp:1929    >> IWbemServices::DeleteInstance(AntiSpywareProduct.instanceGuid="{043803A4-4F86-4ef7-AFC5-F6E02A79969B}") failed: 0x80041010
10:7:6 Dialog.cpp:326    >> OUT:: Cannot remove 'AntiSpywareProduct' entry from Security Center. Error 0x80041010
10:7:6 Dialog.cpp:293    >> OUT:: Cannot remove 'AntiSpywareProduct' entry from Security Center. Error 0x80041010
10:7:6 Working.cpp:1913    >> IWbemServices::GetObject(AntiVirusProduct.instanceGuid="{043803A5-4F86-4ef7-AFC5-F6E02A79969B}") failed: 0x80041002
10:7:6 Working.cpp:1929    >> IWbemServices::DeleteInstance(AntiVirusProduct.instanceGuid="{043803A5-4F86-4ef7-AFC5-F6E02A79969B}") failed: 0x80041002
10:7:6 Dialog.cpp:293    >> OUT:: Press "Restart" to restart the computer.
10:7:6 Dialog.cpp:212    >> CIS removed: 1
10:7:16 RestorePoint.cpp:97    >> Restore point creation result: ok(1), status(0), winerror(1008), seqnum in(1707), seqnum out(1707), is RP service disabled(0)


10:9:43 Dialog.cpp:293    >> OUT:: Press "Continue" button to finalize uninstallation
10:9:46 Dialog.cpp:293    >> OUT:: Removing shortcuts...
10:9:46 Dialog.cpp:293    >> OUT:: Removing installed services...
10:9:46 Dialog.cpp:293    >> OUT:: Removing installed driver(s)...
10:9:46 Working.cpp:957    >> Operation guard: C:\WINDOWS\guard32.dll
10:9:46 Working.cpp:958    >> Operation key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
10:9:46 Dialog.cpp:293    >> OUT:: Removing registry hives...
10:9:46 Working.cpp:957    >> Operation guard: guard32.dll
10:9:46 Working.cpp:958    >> Operation key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
10:9:46 Dialog.cpp:293    >> OUT:: Removing installed files...
10:9:46 Dialog.cpp:293    >> OUT:: Removing symlinks...
10:9:46 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Cam\CIS') as symlink, error 2
10:9:46 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Cam') as symlink, error 2
10:9:46 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro\Options') as symlink, error 2
10:9:46 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro\Data') as symlink, error 2
10:9:46 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro\Configurations') as symlink, error 2
10:9:46 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro') as symlink, error 2
10:9:46 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet006), error 2
10:9:46 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Cam\CIS') as symlink, error 2
10:9:46 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Cam') as symlink, error 2
10:9:46 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro\Options') as symlink, error 2
10:9:46 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro\Data') as symlink, error 2
10:9:46 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro\Configurations') as symlink, error 2
10:9:46 Working.cpp:883    >> Can't open key ('SYSTEM\Software\COMODO\Firewall Pro') as symlink, error 2
10:9:46 Dialog.cpp:293    >> OUT:: Symlinks removed
10:9:46 Dialog.cpp:293    >> OUT:: Removing MSI components...
10:9:47 Working.cpp:1296    >> Removing  ()...
10:9:47 Working.cpp:1312    >> Starting zap: "C:\Documents and Settings\Philip\Local Settings\Temp\cis1.tmp" TWA!
10:9:47 Working.cpp:1312    >> Starting zap: "C:\Documents and Settings\Philip\Local Settings\Temp\cis1.tmp" TW!
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisIntegration), error 2
10:9:47 Dialog.cpp:293    >> OUT:: Removing registry hives...
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisIntegration.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisUrlFltIntegration), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisUrlFltIntegration.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisLpsIntegration), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisLpsIntegration.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisDebugInjector), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisDebugInjector.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisCWatchIntegration), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisCWatchIntegration.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisCceIntegration), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisCceIntegration.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisWmiProvider), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisWmiProvider.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisAgent), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisAgent.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.ViruscopeFacadeControl), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.ViruscopeFacadeControl.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Recognizer.HeurWindowsInfector), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Recognizer.HeurWindowsInfector.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.UsageStatisticSimpleSender), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.UsageStatisticSimpleSender.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.SvcUsageStatistic), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.SvcUsageStatistic.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.SvcSystemStatistic), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.SvcSystemStatistic.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.SvcCisPerfMon), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.SvcCisPerfMon.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdscope.ViruscopeEnvironmentHelper), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdscope.ViruscopeEnvironmentHelper.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdscope.ViruscopeFacadeControl), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdscope.ViruscopeFacadeControl.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertFw), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertFw.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertExec), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertExec.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertDf), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertDf.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertBo), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertBo.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertAv), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertAv.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdtrust.SvcTrustCenter), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdtrust.SvcTrustCenter.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdupd.CisUpdater), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdupd.CisUpdater.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdurlflt.SvcUrlFiltering), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdurlflt.SvcUrlFiltering.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogReportRecord), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogReportRecord.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordConfigChange), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordConfigChange.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordEventAv), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordEventAv.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordEventDf), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordEventDf.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordEventFw), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordEventFw.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordJobAvScan), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordJobAvScan.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordJobAvUpdate), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordJobAvUpdate.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogs), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogs.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcmc.SvcCmc), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcmc.SvcCmc.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcloud.SvcFls), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcloud.SvcFls.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcloud.SvcSubmit), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcloud.SvcSubmit.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcfg.SvcConfiguration), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcfg.SvcConfiguration.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdboost.SvcBooster), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdboost.SvcBooster.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdavcen.InfectedFile), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdavcen.InfectedFile.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdavcen.Infection), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdavcen.Infection.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdavcen.SvcAvCenter), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdavcen.SvcAvCenter.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdaruns.AutorunEnumerator), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdaruns.AutorunEnumerator.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvBoostHelper), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvBoostHelper.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvDllHost), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvDllHost.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvMerger), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvMerger.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvMonitor), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvMonitor.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvScanner), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvScanner.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvSigChecker), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvSigChecker.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavShell.CntMenu), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavShell.CntMenu.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisIntegration), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisIntegration.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisUrlFltIntegration), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisUrlFltIntegration.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisLpsIntegration), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisLpsIntegration.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisRmControl.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisDebugInjector), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisDebugInjector.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisCWatchIntegration), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisCWatchIntegration.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CISSVC.CisGate.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisCceIntegration), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisCceIntegration.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisWmiProvider), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisWmiProvider.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisAgent), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.CisAgent.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.ViruscopeFacadeControl), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CIS.ViruscopeFacadeControl.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Recognizer.HeurWindowsInfector), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Recognizer.HeurWindowsInfector.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.UsageStatisticSimpleSender), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.UsageStatisticSimpleSender.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.SvcUsageStatistic), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.SvcUsageStatistic.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.SvcSystemStatistic), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.SvcSystemStatistic.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.SvcCisPerfMon), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdstat.SvcCisPerfMon.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdscope.ViruscopeEnvironmentHelper), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdscope.ViruscopeEnvironmentHelper.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdscope.ViruscopeFacadeControl), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdscope.ViruscopeFacadeControl.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertFw), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertFw.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertExec), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertExec.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertDf), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertDf.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertBo), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertBo.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertAv), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordAlertAv.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdtrust.SvcTrustCenter), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdtrust.SvcTrustCenter.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdupd.CisUpdater), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdupd.CisUpdater.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdurlflt.SvcUrlFiltering), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdurlflt.SvcUrlFiltering.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogReportRecord), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogReportRecord.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordConfigChange), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordConfigChange.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordEventAv), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordEventAv.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordEventDf), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordEventDf.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordEventFw), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordEventFw.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordJobAvScan), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordJobAvScan.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordJobAvUpdate), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogRecordJobAvUpdate.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogs), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdlogs.SvcLogs.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcmc.SvcCmc), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcmc.SvcCmc.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcloud.SvcFls), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcloud.SvcFls.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcloud.SvcSubmit), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcloud.SvcSubmit.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcfg.SvcConfiguration), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdcfg.SvcConfiguration.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdboost.SvcBooster), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdboost.SvcBooster.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdavcen.InfectedFile), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdavcen.InfectedFile.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdavcen.Infection), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdavcen.Infection.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdavcen.SvcAvCenter), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdavcen.SvcAvCenter.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdaruns.AutorunEnumerator), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (cmdaruns.AutorunEnumerator.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvBoostHelper), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvBoostHelper.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvDllHost), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvDllHost.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvMerger), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvMerger.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvMonitor), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvMonitor.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvScanner), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvScanner.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvSigChecker), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavWp.AvSigChecker.1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavShell.CntMenu), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (CavShell.CntMenu.1), error 2
10:9:47 Dialog.cpp:293    >> OUT:: Removing registry hives...
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\COMODO\CIS\Installer), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet006), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (AppID\{342A9490-7F70-4AE6-B553-9BA04288F8F6}), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\CFP), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\CDI\1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\internet security), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\firewall), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\antivirus), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\cis), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\cfp), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\CFP), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\Software\COMODO\Firewall Pro), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\Software\COMODO\Shared Space), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\Software\COMODO\CAM), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\COMODO\CIS), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\COMODO Internet Security), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\COMODO Internet Security), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (System\VritualRoot), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\internet security), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\firewall), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\antivirus), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\cis), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\cfp), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\CDI\1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet001\services\cmdagent), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet001\services\cmderd), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet001\services\cmdguard), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet001\services\cmdhlp), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet001\services\cmdvirth), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet001\services\cmdinspect), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet002\services\cmdagent), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet002\services\cmderd), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet002\services\cmdguard), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet002\services\cmdhlp), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet002\services\cmdvirth), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet002\services\cmdinspect), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet004\services\cmdagent), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet004\services\cmderd), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet004\services\cmdguard), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet004\services\cmdhlp), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet004\services\cmdvirth), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet004\services\cmdinspect), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet005\services\cmdagent), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet005\services\cmderd), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet005\services\cmdguard), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet005\services\cmdhlp), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet005\services\cmdvirth), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SYSTEM\ControlSet005\services\cmdinspect), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\CDI), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (System\Software\Comodo), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (System\Software), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (Software\ComodoGroup\CDI), error 2
10:9:47 RegTools.cpp:496    >> Can't query value (COMODO Internet Security), error 2
10:9:47 RegTools.cpp:496    >> Can't query value (CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}), error 2
10:9:47 RegTools.cpp:496    >> Can't query value (Comodo Installer Cleanup), error 2
10:9:47 Dialog.cpp:293    >> OUT:: Removing MSI components...
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00D3A38DC773DF54E9CC42F77C041A61), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\010AD84127D46CB43B4920CA0D1094D4), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FC6C4540472B5D448BDBD6D77B5E1DE), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\123C5119123EF66439FB479AD6275B9A), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14458549798657D44AC0570BEA27EA7E), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17962C9FE2A890140824564B9B200D43), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2315A4B072E3BDF4B8CE03971AB2770C), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2481B72D9F6713549B081AE095A0C756), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\265D0406C87211546AB7717F49CE3AF3), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29A1D8D4B1639A14D9A0AC98939ECEB6), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D0E47FB821CB5E4092329E6484B2D34), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D91E472B92CF2A44ACD3B206E838DB7), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FC39BA3AE51AB54B8B98AA60A79BE3A), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FCBE66BE4B609A4BB31D90C51D2DE88), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35244D99ADF027A49A0BFD0424080BFC), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35B9D2F62AF55D54DAB59E313EC18C65), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3632B856B3F03AA478F4833A03AE1819), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B4D259ABBDA5914AB8489F199B3296C), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C554669B15392140B16AB417DC306AE), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DA5EB80EF523874587A99BF798C7489), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F613C8E5E9670648B17B9820B8888BA), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50C684E2267759049B952749C78A3EA1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\535D3891E31ED6D47A41825D1B47F51C), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\54B3A0A4441F0DC4897BC010BC9588BD), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\561D95FA9074C6C41AB0F76DA0BB211C), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56E0AD3FD4182664BBBB4E9568B4A199), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5715C43995CE44C4E809E63C95024801), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59467F7B0FB297240A363A088E9A5EF0), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E8CA4DD3FB9D84499E8C8D248127FF9), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5ED6B148C52042A4EA0018DD02283C22), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\672118E19CE60C340A77B6B0166FA2C4), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\689B8F9CBBEB9A0438843541B944B55F), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D08B2C0E87EA944A9E5C5EF9BA4B920), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\739EB50E4C67E3B4085751656AAE972C), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7531C22B6CA47CE4C918EC69FD221664), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\77BD9CD924A655C46BA0CE60072BF0D1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\79973047FCFBA8346BAE074D5F856B50), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B04212B70E33AD47A63DC9D3B6616FB), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E8919EBB89BBDD459FC61F84965F676), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F178CB0464E3B64EBCBADA8658F6FD4), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83497A34FBD18D3449F9073D8B79B5CD), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9AEBDFFED571CA444B16B9546DD8BC8D), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C2600A6E5247E14FA88C2467AB8A7B3), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A15D3B28005954EBE60F531B5F1561), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A70494EE0A89D9641B53FAE3075C223D), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AADEDF2229E177A469DCA25B3C03B8A5), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B10B82F2BAD253249AD70E9BE0D5DBB9), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B18912FD909383442954328A092358FE), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B929C9C03F4EEAE4A849CFCC46E9C7BD), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA9378171F29BAF4DAA757023155466C), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C0CED78355DA37D40A86405ED75BBA52), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C4F871884E15F504F8A16FE80CAF24A7), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA3A70820FC1B4B4BAF952C0A386A971), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB09E82B23DC87642ADCB26DC506C1EA), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBCC66C8465BFEA43A018D24920C631F), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D66089F5909BB4C4A994F91E31F02A58), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D7E865F066F56CF448D95733D9F89C16), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D832826EB62BAC5468921B6A1B4DF197), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA796644865F8DF46A9449234888F56F), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA998A67A404E354594522F69CF0B875), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB3A0A2A2DE53474BA79F7EB7A2A3C36), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC71F2FDD7E93D34E8C145F1316908D1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC9BDE08B14CD9D4593ADE877D13758D), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1A606CA9DC57EC4F8C341E3754A2CA9), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4F7D249C106C154D940169D5C67C7B0), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E789301EAB079BB43BC62D245EA92DA1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E90072900939C124A87EDB0235B01A46), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3B56F0950EB6B440B022DABCD84BA93), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3E2DD9151A1AB84887C18EFDE227427), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4961E762D66B6642BBEFD5F61EE6250), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4ED6542ECA149346A18596EA220A7DF), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F604B15EF9DB69A47B50122F8E0254AE), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F68A213CE806DF541AD0DA9D8C8CCC47), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8C8C380112E30147BA55E84F7491F40), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDF5671EE31DF7347A3B47C9EA89D6EE), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00D3A38DC773DF54E9CC42F77C041A61), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\010AD84127D46CB43B4920CA0D1094D4), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FC6C4540472B5D448BDBD6D77B5E1DE), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14458549798657D44AC0570BEA27EA7E), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17962C9FE2A890140824564B9B200D43), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2315A4B072E3BDF4B8CE03971AB2770C), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2481B72D9F6713549B081AE095A0C756), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\265D0406C87211546AB7717F49CE3AF3), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29A1D8D4B1639A14D9A0AC98939ECEB6), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D0E47FB821CB5E4092329E6484B2D34), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D91E472B92CF2A44ACD3B206E838DB7), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FC39BA3AE51AB54B8B98AA60A79BE3A), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FCBE66BE4B609A4BB31D90C51D2DE88), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35244D99ADF027A49A0BFD0424080BFC), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35B9D2F62AF55D54DAB59E313EC18C65), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3632B856B3F03AA478F4833A03AE1819), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B4D259ABBDA5914AB8489F199B3296C), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C554669B15392140B16AB417DC306AE), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DA5EB80EF523874587A99BF798C7489), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F613C8E5E9670648B17B9820B8888BA), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50C684E2267759049B952749C78A3EA1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\535D3891E31ED6D47A41825D1B47F51C), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\54B3A0A4441F0DC4897BC010BC9588BD), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\561D95FA9074C6C41AB0F76DA0BB211C), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56E0AD3FD4182664BBBB4E9568B4A199), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5715C43995CE44C4E809E63C95024801), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59467F7B0FB297240A363A088E9A5EF0), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E8CA4DD3FB9D84499E8C8D248127FF9), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5ED6B148C52042A4EA0018DD02283C22), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\672118E19CE60C340A77B6B0166FA2C4), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\689B8F9CBBEB9A0438843541B944B55F), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D08B2C0E87EA944A9E5C5EF9BA4B920), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\739EB50E4C67E3B4085751656AAE972C), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7531C22B6CA47CE4C918EC69FD221664), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\77BD9CD924A655C46BA0CE60072BF0D1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\79973047FCFBA8346BAE074D5F856B50), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B04212B70E33AD47A63DC9D3B6616FB), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E8919EBB89BBDD459FC61F84965F676), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F178CB0464E3B64EBCBADA8658F6FD4), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83497A34FBD18D3449F9073D8B79B5CD), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9AEBDFFED571CA444B16B9546DD8BC8D), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C2600A6E5247E14FA88C2467AB8A7B3), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A15D3B28005954EBE60F531B5F1561), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A70494EE0A89D9641B53FAE3075C223D), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AADEDF2229E177A469DCA25B3C03B8A5), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B10B82F2BAD253249AD70E9BE0D5DBB9), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B18912FD909383442954328A092358FE), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B929C9C03F4EEAE4A849CFCC46E9C7BD), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA9378171F29BAF4DAA757023155466C), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C0CED78355DA37D40A86405ED75BBA52), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C4F871884E15F504F8A16FE80CAF24A7), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA3A70820FC1B4B4BAF952C0A386A971), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB09E82B23DC87642ADCB26DC506C1EA), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBCC66C8465BFEA43A018D24920C631F), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D66089F5909BB4C4A994F91E31F02A58), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D7E865F066F56CF448D95733D9F89C16), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D832826EB62BAC5468921B6A1B4DF197), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA796644865F8DF46A9449234888F56F), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA998A67A404E354594522F69CF0B875), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB3A0A2A2DE53474BA79F7EB7A2A3C36), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC71F2FDD7E93D34E8C145F1316908D1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC9BDE08B14CD9D4593ADE877D13758D), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1A606CA9DC57EC4F8C341E3754A2CA9), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4F7D249C106C154D940169D5C67C7B0), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E789301EAB079BB43BC62D245EA92DA1), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E90072900939C124A87EDB0235B01A46), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3B56F0950EB6B440B022DABCD84BA93), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3E2DD9151A1AB84887C18EFDE227427), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4961E762D66B6642BBEFD5F61EE6250), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F604B15EF9DB69A47B50122F8E0254AE), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F68A213CE806DF541AD0DA9D8C8CCC47), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8C8C380112E30147BA55E84F7491F40), error 2
10:9:47 RegTools.cpp:43    >> Can't open key (SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDF5671EE31DF7347A3B47C9EA89D6EE), error 2
10:9:47 Dialog.cpp:293    >> OUT:: Removing scheduled tasks...
10:9:47 Working.cpp:1818    >> ITask::GetApplicationName for task (Avast Emergency Update.job) returned: C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
10:9:47 Working.cpp:1818    >> ITask::GetApplicationName for task (MP Scheduled Scan.job) returned: C:\Program Files\Windows Defender\MpCmdRun.exe
10:9:47 Dialog.cpp:293    >> OUT:: Removing Security Center entries...
10:9:47 Working.cpp:1913    >> IWbemServices::GetObject(FirewallProduct.instanceGuid="{043803A3-4F86-4ef6-AFC5-F6E02A79969B}") failed: 0x80041002
10:9:47 Working.cpp:1929    >> IWbemServices::DeleteInstance(FirewallProduct.instanceGuid="{043803A3-4F86-4ef6-AFC5-F6E02A79969B}") failed: 0x80041002
10:9:47 Working.cpp:1913    >> IWbemServices::GetObject(AntiSpywareProduct.instanceGuid="{043803A4-4F86-4ef7-AFC5-F6E02A79969B}") failed: 0x80041010
10:9:47 Dialog.cpp:326    >> OUT:: Cannot connect to Windows Security Center. Error 0x80041010:
10:9:47 Dialog.cpp:293    >> OUT:: Cannot connect to Windows Security Center. Error 0x80041010:
10:9:47 Working.cpp:1929    >> IWbemServices::DeleteInstance(AntiSpywareProduct.instanceGuid="{043803A4-4F86-4ef7-AFC5-F6E02A79969B}") failed: 0x80041010
10:9:47 Dialog.cpp:326    >> OUT:: Cannot remove 'AntiSpywareProduct' entry from Security Center. Error 0x80041010
10:9:47 Dialog.cpp:293    >> OUT:: Cannot remove 'AntiSpywareProduct' entry from Security Center. Error 0x80041010
10:9:47 Working.cpp:1913    >> IWbemServices::GetObject(AntiVirusProduct.instanceGuid="{043803A5-4F86-4ef7-AFC5-F6E02A79969B}") failed: 0x80041002
10:9:47 Working.cpp:1929    >> IWbemServices::DeleteInstance(AntiVirusProduct.instanceGuid="{043803A5-4F86-4ef7-AFC5-F6E02A79969B}") failed: 0x80041002
10:9:47 Dialog.cpp:293    >> OUT:: Press "Restart" to restart the computer.
10:9:47 Dialog.cpp:212    >> CIS removed: 1


10:11:47 Dialog.cpp:293    >> OUT:: Uninstallation is completed. If you still think Comodo product is installed and this application didn't help, please report in Comodo forums.
 

...and here is the combofix log. at one point it told me that there was no internet connection, but I had only just downloaded Combofix and the task bar icon showed a good connection.

 

ComboFix 18-02-16.01 - Philip 13/03/2018  10:34:51.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1014.38 [GMT 1:00]
Running from: c:\documents and settings\Philip\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\EventSystem.log
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\DEBUG.log
c:\windows\system32\drivers\1028_DELL_XPS_MM061                           .MRK
c:\windows\system32\drivers\DELL_XPS_MM061                           .MRK
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\SET14A.tmp
c:\windows\system32\drivers\SET5C.tmp
c:\windows\system32\SETCA.tmp
c:\windows\system32\SETCC.tmp
c:\windows\system32\SETDA.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2018-02-13 to 2018-03-13  )))))))))))))))))))))))))))))))
.
.
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\LocalService\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\NetworkService\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\Philip\Application Data\Intel
2018-03-12 10:13 . 2010-10-07 03:11    6609920    -c--a-w-    c:\windows\system32\drivers\NETwLx32.sys
2018-03-12 10:13 . 2010-02-24 15:39    675840    -c--a-w-    c:\windows\system32\NETwLc32.dll
2018-03-12 10:13 . 2010-02-24 15:37    2756608    -c--a-w-    c:\windows\system32\NETwLr32.dll
2018-03-12 10:12 . 2018-03-12 10:12    --------    dc----w-    c:\program files\Common Files\Intel
2018-03-12 06:41 . 2007-05-10 09:22    405504    -c--a-w-    c:\windows\stsystra.exe
2018-03-12 06:40 . 2007-08-21 08:58    146944    -c--a-w-    c:\windows\system32\st325602.dll
2018-03-12 06:39 . 2018-03-12 06:39    --------    dc----w-    c:\program files\Sigmatel
2018-03-12 06:39 . 2007-04-10 16:02    1601536    -c--a-w-    c:\windows\system32\stlang.dll
2018-03-12 06:39 . 2007-05-10 09:23    4952064    -c--a-w-    c:\windows\system32\stacgui.cpl
2018-03-11 19:16 . 2018-03-11 19:16    --------    d-----w-    c:\documents and settings\Philip\Application Data\LHService
2018-03-10 18:10 . 2018-03-10 19:52    --------    d-----w-    c:\documents and settings\All Users\Application Data\Package Cache
2018-03-07 11:45 . 2018-03-07 11:45    319392    -c--a-w-    c:\windows\system32\aswBoot.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-01-28 18:43 . 2017-11-27 14:04    221112    -c--a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2018-01-14 19:51 . 2017-11-27 14:03    59896    -c--a-w-    c:\windows\system32\drivers\mbae.sys
2000-03-13 23:00 . 2006-07-22 03:46    249856    -c--a-w-    c:\program files\SETUP1.EXE
2017-02-18 20:15    1034688    -cshatr-    c:\windows\system32\ActionCenterForms.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-03-07 11:45    1370328    -c--a-w-    c:\program files\avast software\avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-03-07 245608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2012-04-24 1407248]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-04-24 1210640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2017-01-02 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidshx.sys [07/03/2018 12:46 157368]
R0 aswblog;aswblog;c:\windows\system32\drivers\aswblogx.sys [07/03/2018 12:46 276688]
R0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbunivx.sys [07/03/2018 12:46 50336]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [07/03/2018 12:46 70816]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [07/03/2018 12:46 310784]
R0 bdisk;C.O.M.O.D.O. Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [07/01/2010 19:42 69216]
R0 CBUfs;CBUFS;c:\windows\system32\drivers\cbufs.sys [07/01/2010 19:42 120960]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/02/2009 17:08 64160]
R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [27/11/2017 15:04 221112]
R1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys [07/03/2018 12:46 167040]
R1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [07/03/2018 12:46 185432]
R1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys [07/03/2018 12:46 169536]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/03/2018 12:46 783608]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/03/2018 12:46 391856]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [25/12/2014 18:18 36112]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [07/03/2018 12:46 124392]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [27/11/2017 15:03 4563920]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [23/12/2016 16:02 17408]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [23/12/2016 16:02 46592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 17:19 13592]
R3 aswStmXP;aswStmXP;c:\windows\system32\drivers\aswStmXP.sys [07/03/2018 12:46 205344]
R3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [12/03/2018 11:13 6609920]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [23/12/2016 16:02 116736]
S0 degkgkf;degkgkf; [x]
S2 gupdate1c996655bba3304;Google Update Service (gupdate1c996655bba3304);c:\program files\Google\Update\GoogleUpdate.exe [16/12/2014 15:24 153752]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\avast software\avast\aswidsagent.exe [07/03/2018 12:44 5909888]
S3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [07/03/2018 12:46 42808]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 10:08 11336]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2018-03-13 c:\windows\Tasks\Avast Emergency Update.job
- c:\program files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-07 11:45]
.
2018-03-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.0.1
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
FF - ProfilePath - c:\documents and settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2018-03-13 10:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\SecuROM\License information*]
"datasecu"=hex:af,48,2f,1a,b2,dd,5a,a0,b3,bc,93,8e,bc,7a,60,48,1e,36,0e,51,a1,
   c7,e1,aa,1c,20,af,d3,0c,b7,37,35,f0,d3,81,d4,03,5b,48,1f,98,3c,22,e4,dd,c4,\
"rkeysecu"=hex:e0,ca,e0,90,56,6f,16,be,a1,59,3a,ea,92,60,d5,4a
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2018-03-13  10:55:10
ComboFix-quarantined-files.txt  2018-03-13 09:55
.
Pre-Run: 29,641,154,560 bytes free
Post-Run: 29,845,336,064 bytes free
.
- - End Of File - - 330225A1938B380D1B330EDDEB7A9A1D
DEA9E81F0228B68C9ADAF84C9B0CF931
 

 

...over to you.


  • 0

#81
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,463 posts
  • MVP

McAfee's tool worked.  Comodo's tool talks a lot but didn't accomplish much. We are still showing 3 Comodo drivers from their firewall.

 

R0 bdisk;C.O.M.O.D.O. Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [07/01/2010 19:42 69216]
R0 CBUfs;CBUFS;c:\windows\system32\drivers\cbufs.sys [07/01/2010 19:42 120960]

R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [25/12/2014 18:18 36112]

plus

one from AdAware:
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/02/2009 17:08 64160]

 

and a random named thing that looks like deadwood.  Normally Combofix will remove deadwood for us without us asking and for some reason it didn't.

 

Let's see if we can at least remove the deadwood

 

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************



Driver::
degkgkf
 

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

 

If you put

services.msc

in a run or search box and hit Enter it should find the services window.  Scroll down and find

Google Update Service (or similar name) and right click.  Change Startup Type: to Disabled.  OK.

 

 


  • 0

#82
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

here is the new combofix log:

 

ComboFix 18-02-16.01 - Philip 13/03/2018  15:54:42.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1014.208 [GMT 1:00]
Running from: c:\documents and settings\Philip\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Philip\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_degkgkf
.
.
(((((((((((((((((((((((((   Files Created from 2018-02-13 to 2018-03-13  )))))))))))))))))))))))))))))))
.
.
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\LocalService\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\NetworkService\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\Philip\Application Data\Intel
2018-03-12 10:13 . 2010-10-07 03:11    6609920    -c--a-w-    c:\windows\system32\drivers\NETwLx32.sys
2018-03-12 10:13 . 2010-02-24 15:39    675840    -c--a-w-    c:\windows\system32\NETwLc32.dll
2018-03-12 10:13 . 2010-02-24 15:37    2756608    -c--a-w-    c:\windows\system32\NETwLr32.dll
2018-03-12 10:12 . 2018-03-12 10:12    --------    dc----w-    c:\program files\Common Files\Intel
2018-03-12 06:41 . 2007-05-10 09:22    405504    -c--a-w-    c:\windows\stsystra.exe
2018-03-12 06:40 . 2007-08-21 08:58    146944    -c--a-w-    c:\windows\system32\st325602.dll
2018-03-12 06:39 . 2018-03-12 06:39    --------    dc----w-    c:\program files\Sigmatel
2018-03-12 06:39 . 2007-04-10 16:02    1601536    -c--a-w-    c:\windows\system32\stlang.dll
2018-03-12 06:39 . 2007-05-10 09:23    4952064    -c--a-w-    c:\windows\system32\stacgui.cpl
2018-03-11 19:16 . 2018-03-11 19:16    --------    d-----w-    c:\documents and settings\Philip\Application Data\LHService
2018-03-10 18:10 . 2018-03-10 19:52    --------    d-----w-    c:\documents and settings\All Users\Application Data\Package Cache
2018-03-07 11:45 . 2018-03-07 11:45    319392    -c--a-w-    c:\windows\system32\aswBoot.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-01-28 18:43 . 2017-11-27 14:04    221112    -c--a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2018-01-14 19:51 . 2017-11-27 14:03    59896    -c--a-w-    c:\windows\system32\drivers\mbae.sys
2000-03-13 23:00 . 2006-07-22 03:46    249856    -c--a-w-    c:\program files\SETUP1.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-03-07 11:45    1370328    -c--a-w-    c:\program files\avast software\avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-03-07 245608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2012-04-24 1407248]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-04-24 1210640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2017-01-02 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidshx.sys [07/03/2018 12:46 157368]
R0 aswblog;aswblog;c:\windows\system32\drivers\aswblogx.sys [07/03/2018 12:46 276688]
R0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbunivx.sys [07/03/2018 12:46 50336]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [07/03/2018 12:46 70816]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [07/03/2018 12:46 310784]
R0 bdisk;C.O.M.O.D.O. Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [07/01/2010 19:42 69216]
R0 CBUfs;CBUFS;c:\windows\system32\drivers\cbufs.sys [07/01/2010 19:42 120960]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/02/2009 17:08 64160]
R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [27/11/2017 15:04 221112]
R1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys [07/03/2018 12:46 167040]
R1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [07/03/2018 12:46 185432]
R1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys [07/03/2018 12:46 169536]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/03/2018 12:46 783608]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/03/2018 12:46 391856]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [25/12/2014 18:18 36112]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [07/03/2018 12:46 124392]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [27/11/2017 15:03 4563920]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [23/12/2016 16:02 17408]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [23/12/2016 16:02 46592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 17:19 13592]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\avast software\avast\aswidsagent.exe [07/03/2018 12:44 5909888]
R3 aswStmXP;aswStmXP;c:\windows\system32\drivers\aswStmXP.sys [07/03/2018 12:46 205344]
R3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [12/03/2018 11:13 6609920]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [23/12/2016 16:02 116736]
S2 gupdate1c996655bba3304;Google Update Service (gupdate1c996655bba3304);c:\program files\Google\Update\GoogleUpdate.exe [16/12/2014 15:24 153752]
S3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [07/03/2018 12:46 42808]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 10:08 11336]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2018-03-13 c:\windows\Tasks\Avast Emergency Update.job
- c:\program files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-07 11:45]
.
2018-03-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.0.1
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
FF - ProfilePath - c:\documents and settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2018-03-13 16:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\SecuROM\License information*]
"datasecu"=hex:af,48,2f,1a,b2,dd,5a,a0,b3,bc,93,8e,bc,7a,60,48,1e,36,0e,51,a1,
   c7,e1,aa,1c,20,af,d3,0c,b7,37,35,f0,d3,81,d4,03,5b,48,1f,98,3c,22,e4,dd,c4,\
"rkeysecu"=hex:e0,ca,e0,90,56,6f,16,be,a1,59,3a,ea,92,60,d5,4a
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(876)
c:\windows\system32\WININET.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\UAService7.exe
c:\program files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\AVAST Software\Avast\AvastUI.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2018-03-13  16:48:03 - machine was rebooted
ComboFix-quarantined-files.txt  2018-03-13 15:47
ComboFix2.txt  2018-03-13 09:55
.
Pre-Run: 29,860,028,416 bytes free
Post-Run: 29,756,686,336 bytes free
.
- - End Of File - - 6A67C6E471FAD9459017BEEFD5DE141E
DEA9E81F0228B68C9ADAF84C9B0CF931
 

There were 2 instances of Google update services; one automatic and the other manual. I have disabled both.

 

Thinking about the unknown device, I recall that when I did a Dell scan before you started working on this machine, that identified a hardware failure. I don't remember exactly what it was. Should I run the Dell scan again to se if it gives us a clue as to what the device might be?

 

Philip


  • 0

#83
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,463 posts
  • MVP

Sorry for the delay.  My Internet has been acting up so sometimes when I reply they don't go through. 

 

Looks like Combofix was able to remove the randomly name driver. 

 

Let's try it on the adaware driver:

 

same as before but put

 

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************



Driver::
Lbd
 

******************************************


  • 0

#84
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Welcome back Ron,

 

Here is the Combofix Log:

 

ComboFix 18-02-16.01 - Philip 24/03/2018  16:15:08.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1014.388 [GMT 1:00]
Running from: c:\documents and settings\Philip\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Philip\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
 * Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LBD
-------\Service_Lbd
.
.
(((((((((((((((((((((((((   Files Created from 2018-02-24 to 2018-03-24  )))))))))))))))))))))))))))))))
.
.
2018-03-24 14:52 . 2018-03-24 14:52    19136    -c--a-w-    c:\program files\Mozilla Firefox\updated\api-ms-win-core-processenvironment-l1-1-0.dll
2018-03-24 14:49 . 2006-03-22 02:27    98304    -c--a-w-    c:\program files\Mozilla Firefox\updated\plugins\npzylomgamesplayer.dll
2018-03-24 14:49 . 2013-01-18 21:56    171584    -c--a-w-    c:\program files\Mozilla Firefox\updated\plugins\npPDFXCviewNPPlugin.dll
2018-03-24 14:49 . 2008-06-30 21:02    663072    -c--a-w-    c:\program files\Mozilla Firefox\updated\plugins\npOGAPlugin.dll
2018-03-24 14:49 . 2007-12-19 12:57    310272    -c--a-w-    c:\program files\Mozilla Firefox\updated\plugins\npGoogleGadgetPluginFirefoxWin.dll
2018-03-24 14:49 . 2006-10-26 18:12    16192    -c--a-w-    c:\program files\Mozilla Firefox\updated\plugins\NPOFF12.DLL
2018-03-24 14:49 . 2012-01-18 16:01    1826704    -c--a-w-    c:\program files\Mozilla Firefox\updated\plugins\npdjvu.dll
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\LocalService\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\NetworkService\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\Philip\Application Data\Intel
2018-03-12 10:13 . 2010-10-07 03:11    6609920    -c--a-w-    c:\windows\system32\drivers\NETwLx32.sys
2018-03-12 10:13 . 2010-02-24 15:39    675840    -c--a-w-    c:\windows\system32\NETwLc32.dll
2018-03-12 10:13 . 2010-02-24 15:37    2756608    -c--a-w-    c:\windows\system32\NETwLr32.dll
2018-03-12 10:12 . 2018-03-12 10:12    --------    dc----w-    c:\program files\Common Files\Intel
2018-03-12 06:41 . 2007-05-10 09:22    405504    -c--a-w-    c:\windows\stsystra.exe
2018-03-12 06:40 . 2007-08-21 08:58    146944    -c--a-w-    c:\windows\system32\st325602.dll
2018-03-12 06:39 . 2018-03-12 06:39    --------    dc----w-    c:\program files\Sigmatel
2018-03-12 06:39 . 2007-04-10 16:02    1601536    -c--a-w-    c:\windows\system32\stlang.dll
2018-03-12 06:39 . 2007-05-10 09:23    4952064    -c--a-w-    c:\windows\system32\stacgui.cpl
2018-03-11 19:16 . 2018-03-11 19:16    --------    d-----w-    c:\documents and settings\Philip\Application Data\LHService
2018-03-10 18:10 . 2018-03-10 19:52    --------    d-----w-    c:\documents and settings\All Users\Application Data\Package Cache
2018-03-07 11:45 . 2018-03-07 11:45    319392    -c--a-w-    c:\windows\system32\aswBoot.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-01-28 18:43 . 2017-11-27 14:04    221112    -c--a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2018-01-14 19:51 . 2017-11-27 14:03    59896    -c--a-w-    c:\windows\system32\drivers\mbae.sys
2000-03-13 23:00 . 2006-07-22 03:46    249856    -c--a-w-    c:\program files\SETUP1.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-03-07 11:45    1370328    -c--a-w-    c:\program files\avast software\avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-03-07 245608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2012-04-24 1407248]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-04-24 1210640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2017-01-02 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders    
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidshx.sys [07/03/2018 12:46 157368]
R0 aswblog;aswblog;c:\windows\system32\drivers\aswblogx.sys [07/03/2018 12:46 276688]
R0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbunivx.sys [07/03/2018 12:46 50336]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [07/03/2018 12:46 70816]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [07/03/2018 12:46 310784]
R0 bdisk;C.O.M.O.D.O. Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [07/01/2010 19:42 69216]
R0 CBUfs;CBUFS;c:\windows\system32\drivers\cbufs.sys [07/01/2010 19:42 120960]
R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [27/11/2017 15:04 221112]
R1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys [07/03/2018 12:46 167040]
R1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [07/03/2018 12:46 185432]
R1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys [07/03/2018 12:46 169536]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/03/2018 12:46 783608]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/03/2018 12:46 391856]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [25/12/2014 18:18 36112]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [07/03/2018 12:46 124392]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [27/11/2017 15:03 4563920]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [23/12/2016 16:02 17408]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [23/12/2016 16:02 46592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 17:19 13592]
R3 aswStmXP;aswStmXP;c:\windows\system32\drivers\aswStmXP.sys [07/03/2018 12:46 205344]
R3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [12/03/2018 11:13 6609920]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [23/12/2016 16:02 116736]
S2 gupdate1c996655bba3304;Google Update Service (gupdate1c996655bba3304);c:\program files\Google\Update\GoogleUpdate.exe [16/12/2014 15:24 153752]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\avast software\avast\aswidsagent.exe [07/03/2018 12:44 5909888]
S3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [07/03/2018 12:46 42808]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 10:08 11336]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2018-03-24 c:\windows\Tasks\Avast Emergency Update.job
- c:\program files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-07 11:45]
.
2018-03-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.0.1
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
FF - ProfilePath - c:\documents and settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2018-03-24 16:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\SecuROM\License information*]
"datasecu"=hex:af,48,2f,1a,b2,dd,5a,a0,b3,bc,93,8e,bc,7a,60,48,1e,36,0e,51,a1,
   c7,e1,aa,1c,20,af,d3,0c,b7,37,35,f0,d3,81,d4,03,5b,48,1f,98,3c,22,e4,dd,c4,\
"rkeysecu"=hex:e0,ca,e0,90,56,6f,16,be,a1,59,3a,ea,92,60,d5,4a
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3876)
c:\windows\system32\WININET.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AVAST Software\Avast\AvastUI.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2018-03-24  16:49:04 - machine was rebooted
ComboFix-quarantined-files.txt  2018-03-24 15:48
ComboFix2.txt  2018-03-13 15:48
ComboFix3.txt  2018-03-13 09:55
.
Pre-Run: 29,582,090,240 bytes free
Post-Run: 29,762,240,512 bytes free
.
- - End Of File - - DC1A763C4C44077573E18615929463C6
DEA9E81F0228B68C9ADAF84C9B0CF931
 


  • 0

#85
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,463 posts
  • MVP

That worked OK. 

 

Open Control Panel, Internet Options, Security, then click on Trusted  Sites.  Sites.  In the bottom pane, click on each entry and REMOVE (or Delete)

 

The remaining three drivers I don't like are all from Comodo.  Lert's see if we can remove them:

 

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************



Driver::
bdisk
CBUfs
CFRMD
 

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

 

If that fails try doing just one of the three at a time.  See if you can figure out which one is the problem.

 

Send me a PM after you post so I will be sure to see it since that I know is working and I am not so sure about the other notification.


  • 0

Advertisements


#86
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Ahh, that wasn't good. After the reboot I got the blue stop screen 0x0000007B (0xF7AA524, 0xC0000034, 0x00000000, 0x00000000), so I tried rebooting into Safe Mode with Networking and got the same, then tried Safe Mode and got the same. So at the moment the old laptop is a brick!

 

Your expertise required please...! :geek:

 

Philip


  • 0

#87
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,463 posts
  • MVP

Have you tried

Last Known Good?


  • 0

#88
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

OK, silly boy! Of course I should havw tried Last Known Good...

 

Here is the log that I was unable to send:

 

ComboFix 18-03-14.01 - Philip 30/03/2018  15:16:37.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1014.307 [GMT 2:00]
Running from: c:\documents and settings\Philip\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Philip\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CBUFS
-------\Legacy_CFRMD
-------\Service_bdisk
-------\Service_CBUfs
-------\Service_CFRMD
.
.
(((((((((((((((((((((((((   Files Created from 2018-02-28 to 2018-03-30  )))))))))))))))))))))))))))))))
.
.
2018-03-30 13:25 . 2018-03-30 13:25    62576    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{96977465-938F-427B-8E83-80425BFE5B9C}\offreg.1380.dll
2018-03-30 13:10 . 2016-11-17 12:56    9834504    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-03-30 13:07 . 2018-03-30 13:06    11741512    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{96977465-938F-427B-8E83-80425BFE5B9C}\mpengine.dll
2018-03-30 12:54 . 2018-03-24 15:52    22208    -c--a-w-    c:\program files\Mozilla Firefox\updated\api-ms-win-crt-convert-l1-1-0.dll
2018-03-24 15:52 . 2018-03-24 15:52    27088    -c--a-w-    c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\LocalService\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\NetworkService\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\Philip\Application Data\Intel
2018-03-12 10:13 . 2010-10-07 03:11    6609920    -c--a-w-    c:\windows\system32\drivers\NETwLx32.sys
2018-03-12 10:13 . 2010-02-24 15:39    675840    -c--a-w-    c:\windows\system32\NETwLc32.dll
2018-03-12 10:13 . 2010-02-24 15:37    2756608    -c--a-w-    c:\windows\system32\NETwLr32.dll
2018-03-12 10:12 . 2018-03-12 10:12    --------    dc----w-    c:\program files\Common Files\Intel
2018-03-12 06:41 . 2007-05-10 09:22    405504    -c--a-w-    c:\windows\stsystra.exe
2018-03-12 06:40 . 2007-08-21 08:58    146944    -c--a-w-    c:\windows\system32\st325602.dll
2018-03-12 06:39 . 2018-03-12 06:39    --------    dc----w-    c:\program files\Sigmatel
2018-03-12 06:39 . 2007-04-10 16:02    1601536    -c--a-w-    c:\windows\system32\stlang.dll
2018-03-12 06:39 . 2007-05-10 09:23    4952064    -c--a-w-    c:\windows\system32\stacgui.cpl
2018-03-11 19:16 . 2018-03-11 19:16    --------    d-----w-    c:\documents and settings\Philip\Application Data\LHService
2018-03-10 18:10 . 2018-03-10 19:52    --------    d-----w-    c:\documents and settings\All Users\Application Data\Package Cache
2018-03-07 11:45 . 2018-03-07 11:45    319392    -c--a-w-    c:\windows\system32\aswBoot.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-01-28 18:43 . 2017-11-27 14:04    221112    -c--a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2018-01-14 19:51 . 2017-11-27 14:03    59896    -c--a-w-    c:\windows\system32\drivers\mbae.sys
2000-03-13 23:00 . 2006-07-22 03:46    249856    -c--a-w-    c:\program files\SETUP1.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-03-07 11:45    1370328    -c--a-w-    c:\program files\avast software\avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-03-07 245608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2012-04-24 1407248]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-04-24 1210640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2017-01-02 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders    
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidshx.sys [07/03/2018 13:46 157368]
R0 aswblog;aswblog;c:\windows\system32\drivers\aswblogx.sys [07/03/2018 13:46 276688]
R0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbunivx.sys [07/03/2018 13:46 50336]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [07/03/2018 13:46 70816]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [07/03/2018 13:46 310784]
R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [27/11/2017 16:04 221112]
R1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys [07/03/2018 13:46 167040]
R1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [07/03/2018 13:46 185432]
R1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys [07/03/2018 13:46 169536]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/03/2018 13:46 783608]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/03/2018 13:46 391856]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [07/03/2018 13:46 124392]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [27/11/2017 16:03 4563920]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [23/12/2016 17:02 17408]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [23/12/2016 17:02 46592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\avast software\avast\aswidsagent.exe [07/03/2018 13:44 5909888]
R3 aswStmXP;aswStmXP;c:\windows\system32\drivers\aswStmXP.sys [07/03/2018 13:46 205344]
R3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [12/03/2018 12:13 6609920]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [23/12/2016 17:02 116736]
S2 gupdate1c996655bba3304;Google Update Service (gupdate1c996655bba3304);c:\program files\Google\Update\GoogleUpdate.exe [16/12/2014 16:24 153752]
S3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [07/03/2018 13:46 42808]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 11:08 11336]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2018-03-30 c:\windows\Tasks\Avast Emergency Update.job
- c:\program files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-07 11:45]
.
2018-03-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
FF - ProfilePath - c:\documents and settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2018-03-30 20:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\SecuROM\License information*]
"datasecu"=hex:af,48,2f,1a,b2,dd,5a,a0,b3,bc,93,8e,bc,7a,60,48,1e,36,0e,51,a1,
   c7,e1,aa,1c,20,af,d3,0c,b7,37,35,f0,d3,81,d4,03,5b,48,1f,98,3c,22,e4,dd,c4,\
"rkeysecu"=hex:e0,ca,e0,90,56,6f,16,be,a1,59,3a,ea,92,60,d5,4a
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3876)
c:\windows\system32\WININET.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AVAST Software\Avast\AvastUI.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2018-03-30  20:50:15 - machine was rebooted
ComboFix-quarantined-files.txt  2018-03-30 18:50
ComboFix2.txt  2018-03-24 15:49
ComboFix3.txt  2018-03-13 15:48
ComboFix4.txt  2018-03-13 09:55
.
Pre-Run: 29,247,795,200 bytes free
Post-Run: 29,203,099,648 bytes free
.
- - End Of File - - 6148F2A222640675994E21487BABD0E2
DEA9E81F0228B68C9ADAF84C9B0CF931
 

 

Here is the truncated report recovered when it restarted:

 

CBUfsFix result of Farbar Recovery Scan Tool (x86) Version: 11.03.2018 01
Ran by Philip (12-03-2018 14:38:06) Run:2
Running from C:\Documents and Settings\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Philip & Biggles & Administrator)
Boot Mode: Normal

================================ ==============

fixlist content:
*****************
S4 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S2 gupdate1c996655bba3304; C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2016-08-04] (Google Inc.)
R0 bdisk; C:\WINDOWS\System32\drivers\bdisk.sys [69216 2010-01-07] ()
R0 CBUfs; C:\WINDOWS\System32\DRIVERS\CBUFS.sys [120960 2010-01-07] (COMODO Security Solutions Inc.)
S3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [79880 2009-03-25] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [35272 2009-03-25] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [214024 2009-03-25] (McAfee, Inc.)
S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34216 2009-03-25] (McAfee, Inc.)
S3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-03-25] (McAfee, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-01-18] (Lavasoft AB)
S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]
S3 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
S0 degkgkf; no ImagePath
S3 PCDSRVC{AEEF1793-83875E70-06020200}_0; c:\program files\dell\supportassist\pcdsrvc.pkms [22640 2016-08-01] (PC-Doctor, Inc.)
ContextMenuHandlers1: [Auslogics BoostSpeed Shell Context Menu 9.x] -> {CC89327D-D094-8297-82CB-F989EE26FC51} => C:\Program Files\Auslogics\BoostSpeed\ShellExtension.ContextMenu.x32.dll -> No File
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
*****************

"HKLM\System\CurrentControlSet\Services\hpqcxs08" => removed successfully.
hpqcxs08 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\gupdate1c996655bba3304" => removed successfully.
gupdate1c996655bba3304 => service removed successfully.
bdisk => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\bdisk" => removed successfully.
bdisk => service removed successfully.
CBUfs => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\CBUfs" => removed successfully.
CBUfs => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mfeavfk" => removed successfully.
mfeavfk => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mfebopk" => removed successfully.
mfebopk => service removed successfully.
mfehidk => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\mfehidk" => removed successfully.
mfehidk => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mferkdk" => removed successfully.
mferkdk => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mfesmfk" => removed successfully.
mfesmfk => service removed successfully.
Lbd => Service stopped successfully.
"HKLM\System\CurrentControlSet\Services\Lbd" => removed successfully.
Lbd => service removed successfully.
"HKLM\System\CurrentControlSet\Services\hpqddsvc" => removed successfully.
hpqddsvc => service removed successfully.
"HKLM\System\CurrentControlSet\Services\HPSLPSVC" => removed successfully.
HPSLPSVC => service removed successfully.
"HKLM\System\CurrentControlSet\Services\cpuz135" => removed successfully.
cpuz135 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\cpuz136" => removed successfully.
cpuz136 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\degkgkf" => removed successfully.
degkgkf => service removed successfully.
PCDSRVC{AEEF1793-83875E70-06020200}_0 => service not found.
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Auslogics BoostSpeed Shell Context Menu 9.x" => removed successfully.
"HKLM\Software\Classes\CLSID\{CC89327D-D094-8297-82CB-F989EE26FC51}" => removed successfully.
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully.
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found


The system needed a reboot.

==== End of Fixlog 14:38:29 ====

 

I read that bdisk was removed, as was CBUfs, but I could see no mention of CFRMD so I ran CF again just for that, here is the log:

 

ComboFix 18-03-14.01 - Philip 30/03/2018  21:41:05.5.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1014.253 [GMT 2:00]
Running from: c:\documents and settings\Philip\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Philip\Desktop\CFScript.txt
AV: Avast Antivirus *Enabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((   Files Created from 2018-02-28 to 2018-03-30  )))))))))))))))))))))))))))))))
.
.
2018-03-30 13:25 . 2018-03-30 13:25    62576    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{96977465-938F-427B-8E83-80425BFE5B9C}\offreg.1380.dll
2018-03-30 13:10 . 2016-11-17 12:56    9834504    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-03-30 13:07 . 2018-03-30 13:06    11741512    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{96977465-938F-427B-8E83-80425BFE5B9C}\mpengine.dll
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\LocalService\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\NetworkService\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\Philip\Application Data\Intel
2018-03-12 10:13 . 2010-10-07 03:11    6609920    -c--a-w-    c:\windows\system32\drivers\NETwLx32.sys
2018-03-12 10:13 . 2010-02-24 15:39    675840    -c--a-w-    c:\windows\system32\NETwLc32.dll
2018-03-12 10:13 . 2010-02-24 15:37    2756608    -c--a-w-    c:\windows\system32\NETwLr32.dll
2018-03-12 10:12 . 2018-03-12 10:12    --------    dc----w-    c:\program files\Common Files\Intel
2018-03-12 06:41 . 2007-05-10 09:22    405504    -c--a-w-    c:\windows\stsystra.exe
2018-03-12 06:40 . 2007-08-21 08:58    146944    -c--a-w-    c:\windows\system32\st325602.dll
2018-03-12 06:39 . 2018-03-12 06:39    --------    dc----w-    c:\program files\Sigmatel
2018-03-12 06:39 . 2007-04-10 16:02    1601536    -c--a-w-    c:\windows\system32\stlang.dll
2018-03-12 06:39 . 2007-05-10 09:23    4952064    -c--a-w-    c:\windows\system32\stacgui.cpl
2018-03-11 19:16 . 2018-03-11 19:16    --------    d-----w-    c:\documents and settings\Philip\Application Data\LHService
2018-03-10 18:10 . 2018-03-10 19:52    --------    d-----w-    c:\documents and settings\All Users\Application Data\Package Cache
2018-03-07 11:45 . 2018-03-07 11:45    319392    -c--a-w-    c:\windows\system32\aswBoot.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-01-28 18:43 . 2017-11-27 14:04    221112    -c--a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2018-01-14 19:51 . 2017-11-27 14:03    59896    -c--a-w-    c:\windows\system32\drivers\mbae.sys
2000-03-13 23:00 . 2006-07-22 03:46    249856    -c--a-w-    c:\program files\SETUP1.EXE
2017-02-18 20:15    1034688    -cshatr-    c:\windows\system32\ActionCenterForms.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-03-07 11:45    1370328    -c--a-w-    c:\program files\avast software\avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-03-07 245608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2012-04-24 1407248]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-04-24 1210640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2017-01-02 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders    
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidshx.sys [07/03/2018 13:46 157368]
R0 aswblog;aswblog;c:\windows\system32\drivers\aswblogx.sys [07/03/2018 13:46 276688]
R0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbunivx.sys [07/03/2018 13:46 50336]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [07/03/2018 13:46 70816]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [07/03/2018 13:46 310784]
R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [27/11/2017 16:04 221112]
R1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys [07/03/2018 13:46 167040]
R1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [07/03/2018 13:46 185432]
R1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys [07/03/2018 13:46 169536]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/03/2018 13:46 783608]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/03/2018 13:46 391856]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [07/03/2018 13:46 124392]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [27/11/2017 16:03 4563920]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [23/12/2016 17:02 17408]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [23/12/2016 17:02 46592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
R3 aswStmXP;aswStmXP;c:\windows\system32\drivers\aswStmXP.sys [07/03/2018 13:46 205344]
R3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [12/03/2018 12:13 6609920]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [23/12/2016 17:02 116736]
S2 gupdate1c996655bba3304;Google Update Service (gupdate1c996655bba3304);c:\program files\Google\Update\GoogleUpdate.exe [16/12/2014 16:24 153752]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\avast software\avast\aswidsagent.exe [07/03/2018 13:44 5909888]
S3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [07/03/2018 13:46 42808]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 11:08 11336]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2018-03-30 c:\windows\Tasks\Avast Emergency Update.job
- c:\program files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-07 11:45]
.
2018-03-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
FF - ProfilePath - c:\documents and settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2018-03-30 21:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\SecuROM\License information*]
"datasecu"=hex:af,48,2f,1a,b2,dd,5a,a0,b3,bc,93,8e,bc,7a,60,48,1e,36,0e,51,a1,
   c7,e1,aa,1c,20,af,d3,0c,b7,37,35,f0,d3,81,d4,03,5b,48,1f,98,3c,22,e4,dd,c4,\
"rkeysecu"=hex:e0,ca,e0,90,56,6f,16,be,a1,59,3a,ea,92,60,d5,4a
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1484)
c:\windows\system32\WININET.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2018-03-30  22:01:24
ComboFix-quarantined-files.txt  2018-03-30 20:01
ComboFix2.txt  2018-03-30 18:50
ComboFix3.txt  2018-03-24 15:49
ComboFix4.txt  2018-03-13 15:48
ComboFix5.txt  2018-03-30 19:38
.
Pre-Run: 29,229,277,184 bytes free
Post-Run: 29,200,523,264 bytes free
.
- - End Of File - - 6016B61150F7736AA1280D371C7964B5
DEA9E81F0228B68C9ADAF84C9B0CF931
 

Again I see no mention of it, So may I assume that it has gone or is it hiding or is theere some other cause?


  • 0

#89
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

OK, silly boy! Of course I should havw tried Last Known Good...

 

Here is the log that I was unable to send:

 

ComboFix 18-03-14.01 - Philip 30/03/2018  15:16:37.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1014.307 [GMT 2:00]
Running from: c:\documents and settings\Philip\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Philip\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CBUFS
-------\Legacy_CFRMD
-------\Service_bdisk
-------\Service_CBUfs
-------\Service_CFRMD
.
.
(((((((((((((((((((((((((   Files Created from 2018-02-28 to 2018-03-30  )))))))))))))))))))))))))))))))
.
.
2018-03-30 13:25 . 2018-03-30 13:25    62576    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{96977465-938F-427B-8E83-80425BFE5B9C}\offreg.1380.dll
2018-03-30 13:10 . 2016-11-17 12:56    9834504    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-03-30 13:07 . 2018-03-30 13:06    11741512    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{96977465-938F-427B-8E83-80425BFE5B9C}\mpengine.dll
2018-03-30 12:54 . 2018-03-24 15:52    22208    -c--a-w-    c:\program files\Mozilla Firefox\updated\api-ms-win-crt-convert-l1-1-0.dll
2018-03-24 15:52 . 2018-03-24 15:52    27088    -c--a-w-    c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\LocalService\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\NetworkService\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\Philip\Application Data\Intel
2018-03-12 10:13 . 2010-10-07 03:11    6609920    -c--a-w-    c:\windows\system32\drivers\NETwLx32.sys
2018-03-12 10:13 . 2010-02-24 15:39    675840    -c--a-w-    c:\windows\system32\NETwLc32.dll
2018-03-12 10:13 . 2010-02-24 15:37    2756608    -c--a-w-    c:\windows\system32\NETwLr32.dll
2018-03-12 10:12 . 2018-03-12 10:12    --------    dc----w-    c:\program files\Common Files\Intel
2018-03-12 06:41 . 2007-05-10 09:22    405504    -c--a-w-    c:\windows\stsystra.exe
2018-03-12 06:40 . 2007-08-21 08:58    146944    -c--a-w-    c:\windows\system32\st325602.dll
2018-03-12 06:39 . 2018-03-12 06:39    --------    dc----w-    c:\program files\Sigmatel
2018-03-12 06:39 . 2007-04-10 16:02    1601536    -c--a-w-    c:\windows\system32\stlang.dll
2018-03-12 06:39 . 2007-05-10 09:23    4952064    -c--a-w-    c:\windows\system32\stacgui.cpl
2018-03-11 19:16 . 2018-03-11 19:16    --------    d-----w-    c:\documents and settings\Philip\Application Data\LHService
2018-03-10 18:10 . 2018-03-10 19:52    --------    d-----w-    c:\documents and settings\All Users\Application Data\Package Cache
2018-03-07 11:45 . 2018-03-07 11:45    319392    -c--a-w-    c:\windows\system32\aswBoot.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-01-28 18:43 . 2017-11-27 14:04    221112    -c--a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2018-01-14 19:51 . 2017-11-27 14:03    59896    -c--a-w-    c:\windows\system32\drivers\mbae.sys
2000-03-13 23:00 . 2006-07-22 03:46    249856    -c--a-w-    c:\program files\SETUP1.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-03-07 11:45    1370328    -c--a-w-    c:\program files\avast software\avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-03-07 245608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2012-04-24 1407248]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-04-24 1210640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2017-01-02 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders    
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidshx.sys [07/03/2018 13:46 157368]
R0 aswblog;aswblog;c:\windows\system32\drivers\aswblogx.sys [07/03/2018 13:46 276688]
R0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbunivx.sys [07/03/2018 13:46 50336]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [07/03/2018 13:46 70816]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [07/03/2018 13:46 310784]
R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [27/11/2017 16:04 221112]
R1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys [07/03/2018 13:46 167040]
R1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [07/03/2018 13:46 185432]
R1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys [07/03/2018 13:46 169536]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/03/2018 13:46 783608]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/03/2018 13:46 391856]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [07/03/2018 13:46 124392]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [27/11/2017 16:03 4563920]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [23/12/2016 17:02 17408]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [23/12/2016 17:02 46592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\avast software\avast\aswidsagent.exe [07/03/2018 13:44 5909888]
R3 aswStmXP;aswStmXP;c:\windows\system32\drivers\aswStmXP.sys [07/03/2018 13:46 205344]
R3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [12/03/2018 12:13 6609920]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [23/12/2016 17:02 116736]
S2 gupdate1c996655bba3304;Google Update Service (gupdate1c996655bba3304);c:\program files\Google\Update\GoogleUpdate.exe [16/12/2014 16:24 153752]
S3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [07/03/2018 13:46 42808]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 11:08 11336]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2018-03-30 c:\windows\Tasks\Avast Emergency Update.job
- c:\program files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-07 11:45]
.
2018-03-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
FF - ProfilePath - c:\documents and settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2018-03-30 20:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\SecuROM\License information*]
"datasecu"=hex:af,48,2f,1a,b2,dd,5a,a0,b3,bc,93,8e,bc,7a,60,48,1e,36,0e,51,a1,
   c7,e1,aa,1c,20,af,d3,0c,b7,37,35,f0,d3,81,d4,03,5b,48,1f,98,3c,22,e4,dd,c4,\
"rkeysecu"=hex:e0,ca,e0,90,56,6f,16,be,a1,59,3a,ea,92,60,d5,4a
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3876)
c:\windows\system32\WININET.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AVAST Software\Avast\AvastUI.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2018-03-30  20:50:15 - machine was rebooted
ComboFix-quarantined-files.txt  2018-03-30 18:50
ComboFix2.txt  2018-03-24 15:49
ComboFix3.txt  2018-03-13 15:48
ComboFix4.txt  2018-03-13 09:55
.
Pre-Run: 29,247,795,200 bytes free
Post-Run: 29,203,099,648 bytes free
.
- - End Of File - - 6148F2A222640675994E21487BABD0E2
DEA9E81F0228B68C9ADAF84C9B0CF931
 

 

Here is the truncated report recovered when it restarted:

 

CBUfsFix result of Farbar Recovery Scan Tool (x86) Version: 11.03.2018 01
Ran by Philip (12-03-2018 14:38:06) Run:2
Running from C:\Documents and Settings\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Philip & Biggles & Administrator)
Boot Mode: Normal

================================ ==============

fixlist content:
*****************
S4 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S2 gupdate1c996655bba3304; C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2016-08-04] (Google Inc.)
R0 bdisk; C:\WINDOWS\System32\drivers\bdisk.sys [69216 2010-01-07] ()
R0 CBUfs; C:\WINDOWS\System32\DRIVERS\CBUFS.sys [120960 2010-01-07] (COMODO Security Solutions Inc.)
S3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [79880 2009-03-25] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [35272 2009-03-25] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [214024 2009-03-25] (McAfee, Inc.)
S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34216 2009-03-25] (McAfee, Inc.)
S3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-03-25] (McAfee, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-01-18] (Lavasoft AB)
S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]
S3 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
S0 degkgkf; no ImagePath
S3 PCDSRVC{AEEF1793-83875E70-06020200}_0; c:\program files\dell\supportassist\pcdsrvc.pkms [22640 2016-08-01] (PC-Doctor, Inc.)
ContextMenuHandlers1: [Auslogics BoostSpeed Shell Context Menu 9.x] -> {CC89327D-D094-8297-82CB-F989EE26FC51} => C:\Program Files\Auslogics\BoostSpeed\ShellExtension.ContextMenu.x32.dll -> No File
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
*****************

"HKLM\System\CurrentControlSet\Services\hpqcxs08" => removed successfully.
hpqcxs08 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\gupdate1c996655bba3304" => removed successfully.
gupdate1c996655bba3304 => service removed successfully.
bdisk => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\bdisk" => removed successfully.
bdisk => service removed successfully.
CBUfs => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\CBUfs" => removed successfully.
CBUfs => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mfeavfk" => removed successfully.
mfeavfk => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mfebopk" => removed successfully.
mfebopk => service removed successfully.
mfehidk => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\mfehidk" => removed successfully.
mfehidk => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mferkdk" => removed successfully.
mferkdk => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mfesmfk" => removed successfully.
mfesmfk => service removed successfully.
Lbd => Service stopped successfully.
"HKLM\System\CurrentControlSet\Services\Lbd" => removed successfully.
Lbd => service removed successfully.
"HKLM\System\CurrentControlSet\Services\hpqddsvc" => removed successfully.
hpqddsvc => service removed successfully.
"HKLM\System\CurrentControlSet\Services\HPSLPSVC" => removed successfully.
HPSLPSVC => service removed successfully.
"HKLM\System\CurrentControlSet\Services\cpuz135" => removed successfully.
cpuz135 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\cpuz136" => removed successfully.
cpuz136 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\degkgkf" => removed successfully.
degkgkf => service removed successfully.
PCDSRVC{AEEF1793-83875E70-06020200}_0 => service not found.
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Auslogics BoostSpeed Shell Context Menu 9.x" => removed successfully.
"HKLM\Software\Classes\CLSID\{CC89327D-D094-8297-82CB-F989EE26FC51}" => removed successfully.
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully.
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found


The system needed a reboot.

==== End of Fixlog 14:38:29 ====

 

I read that bdisk was removed, as was CBUfs, but I could see no mention of CFRMD so I ran CF again just for that, here is the log:

 

ComboFix 18-03-14.01 - Philip 30/03/2018  21:41:05.5.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1014.253 [GMT 2:00]
Running from: c:\documents and settings\Philip\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Philip\Desktop\CFScript.txt
AV: Avast Antivirus *Enabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((   Files Created from 2018-02-28 to 2018-03-30  )))))))))))))))))))))))))))))))
.
.
2018-03-30 13:25 . 2018-03-30 13:25    62576    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{96977465-938F-427B-8E83-80425BFE5B9C}\offreg.1380.dll
2018-03-30 13:10 . 2016-11-17 12:56    9834504    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-03-30 13:07 . 2018-03-30 13:06    11741512    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{96977465-938F-427B-8E83-80425BFE5B9C}\mpengine.dll
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\LocalService\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\NetworkService\Application Data\Intel
2018-03-12 10:14 . 2018-03-12 10:14    --------    d-----w-    c:\documents and settings\Philip\Application Data\Intel
2018-03-12 10:13 . 2010-10-07 03:11    6609920    -c--a-w-    c:\windows\system32\drivers\NETwLx32.sys
2018-03-12 10:13 . 2010-02-24 15:39    675840    -c--a-w-    c:\windows\system32\NETwLc32.dll
2018-03-12 10:13 . 2010-02-24 15:37    2756608    -c--a-w-    c:\windows\system32\NETwLr32.dll
2018-03-12 10:12 . 2018-03-12 10:12    --------    dc----w-    c:\program files\Common Files\Intel
2018-03-12 06:41 . 2007-05-10 09:22    405504    -c--a-w-    c:\windows\stsystra.exe
2018-03-12 06:40 . 2007-08-21 08:58    146944    -c--a-w-    c:\windows\system32\st325602.dll
2018-03-12 06:39 . 2018-03-12 06:39    --------    dc----w-    c:\program files\Sigmatel
2018-03-12 06:39 . 2007-04-10 16:02    1601536    -c--a-w-    c:\windows\system32\stlang.dll
2018-03-12 06:39 . 2007-05-10 09:23    4952064    -c--a-w-    c:\windows\system32\stacgui.cpl
2018-03-11 19:16 . 2018-03-11 19:16    --------    d-----w-    c:\documents and settings\Philip\Application Data\LHService
2018-03-10 18:10 . 2018-03-10 19:52    --------    d-----w-    c:\documents and settings\All Users\Application Data\Package Cache
2018-03-07 11:45 . 2018-03-07 11:45    319392    -c--a-w-    c:\windows\system32\aswBoot.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-01-28 18:43 . 2017-11-27 14:04    221112    -c--a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2018-01-14 19:51 . 2017-11-27 14:03    59896    -c--a-w-    c:\windows\system32\drivers\mbae.sys
2000-03-13 23:00 . 2006-07-22 03:46    249856    -c--a-w-    c:\program files\SETUP1.EXE
2017-02-18 20:15    1034688    -cshatr-    c:\windows\system32\ActionCenterForms.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-03-07 11:45    1370328    -c--a-w-    c:\program files\avast software\avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-03-07 245608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2012-04-24 1407248]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-04-24 1210640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2017-01-02 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders    
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidshx.sys [07/03/2018 13:46 157368]
R0 aswblog;aswblog;c:\windows\system32\drivers\aswblogx.sys [07/03/2018 13:46 276688]
R0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbunivx.sys [07/03/2018 13:46 50336]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [07/03/2018 13:46 70816]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [07/03/2018 13:46 310784]
R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [27/11/2017 16:04 221112]
R1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys [07/03/2018 13:46 167040]
R1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [07/03/2018 13:46 185432]
R1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys [07/03/2018 13:46 169536]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/03/2018 13:46 783608]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/03/2018 13:46 391856]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [07/03/2018 13:46 124392]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [27/11/2017 16:03 4563920]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [23/12/2016 17:02 17408]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [23/12/2016 17:02 46592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
R3 aswStmXP;aswStmXP;c:\windows\system32\drivers\aswStmXP.sys [07/03/2018 13:46 205344]
R3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [12/03/2018 12:13 6609920]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [23/12/2016 17:02 116736]
S2 gupdate1c996655bba3304;Google Update Service (gupdate1c996655bba3304);c:\program files\Google\Update\GoogleUpdate.exe [16/12/2014 16:24 153752]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\avast software\avast\aswidsagent.exe [07/03/2018 13:44 5909888]
S3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [07/03/2018 13:46 42808]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 11:08 11336]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2018-03-30 c:\windows\Tasks\Avast Emergency Update.job
- c:\program files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-07 11:45]
.
2018-03-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
FF - ProfilePath - c:\documents and settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2018-03-30 21:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\SecuROM\License information*]
"datasecu"=hex:af,48,2f,1a,b2,dd,5a,a0,b3,bc,93,8e,bc,7a,60,48,1e,36,0e,51,a1,
   c7,e1,aa,1c,20,af,d3,0c,b7,37,35,f0,d3,81,d4,03,5b,48,1f,98,3c,22,e4,dd,c4,\
"rkeysecu"=hex:e0,ca,e0,90,56,6f,16,be,a1,59,3a,ea,92,60,d5,4a
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1484)
c:\windows\system32\WININET.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2018-03-30  22:01:24
ComboFix-quarantined-files.txt  2018-03-30 20:01
ComboFix2.txt  2018-03-30 18:50
ComboFix3.txt  2018-03-24 15:49
ComboFix4.txt  2018-03-13 15:48
ComboFix5.txt  2018-03-30 19:38
.
Pre-Run: 29,229,277,184 bytes free
Post-Run: 29,200,523,264 bytes free
.
- - End Of File - - 6016B61150F7736AA1280D371C7964B5
DEA9E81F0228B68C9ADAF84C9B0CF931
 

Again I see no mention of it, So may I assume that it has gone or is it hiding or is theere some other cause?


  • 0

#90
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,463 posts
  • MVP

Seems to be gone.  Can you run FRST again and post both logs?

 

How long does it take to reboot now?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP