Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I cannot complete Installation of a Program - Error 1632

Started by PhilipW97 , Feb 22 2018 02:39 PM

  • Please log in to reply

#91
PhilipW97
Posted 31 March 2018 - 11:30 AM

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Here are the FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11.03.2018 01
Ran by Philip (administrator) on ENILLION (31-03-2018 18:32:18)
Running from C:\Documents and Settings\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Philip & Biggles & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\WINDOWS\system32\UAService7.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\avast software\avast\aswidsagent.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastUI.exe
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-07] (AVAST Software)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [138008 2007-03-30] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [162584 2007-03-30] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1407248 2012-04-24] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2012-04-24] (Intel® Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
SecurityProviders:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{4E6EE061-C7E0-45E8-A1C8-4121A2A500B7}: [DhcpNameServer] 192.168.8.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {7a085852-6757-4e38-8874-40baece5c3ae} URL =
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {31D37273-C478-446F-B06A-59B0A6C73E72} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-03-07] (AVAST Software)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Sunbird\Profiles\oy1oewzm.default [2008-09-01]
FF Extension: (No Name) - C:\Program Files\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2008-10-24] [not signed]
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078 [2018-03-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-14] [Legacy] [not signed]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2006-03-22] (Zylom)
FF Plugin HKU\S-1-5-21-1184402194-1185109317-1466214600-1005: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fooihgffjknjfdidhkpgeibbipkjlhpn] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888 2018-03-07] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-07] (AVAST Software)
S2 gupdate1c996655bba3304; C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2016-08-04] (Google Inc.)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [919824 2012-04-24] (Intel® Corporation)
R2 UserAccess7; C:\WINDOWS\system32\UAService7.exe [126976 2008-12-15] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S4 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 ARCSOFTVIRTUALCAPTURE; C:\WINDOWS\System32\DRIVERS\ArcSoftVirtualCapture.sys [15104 2006-12-07] (ArcSoft, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167040 2018-03-07] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [185432 2018-03-07] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157368 2018-03-07] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276688 2018-03-07] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50336 2018-03-07] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [169536 2018-03-07] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-03-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124392 2018-03-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70576 2018-03-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70816 2018-03-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783608 2018-03-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [391856 2018-03-07] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205344 2018-03-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-03-07] (AVAST Software)
R0 bdisk; C:\WINDOWS\System32\drivers\bdisk.sys [69216 2010-01-07] ()
R0 CBUfs; C:\WINDOWS\System32\DRIVERS\CBUFS.sys [120960 2010-01-07] (COMODO Security Solutions Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2014-12-25] (Windows ® Win 7 DDK provider)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209536 2009-07-29] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2009-07-29] (Conexant Systems, Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [221112 2018-01-28] (Malwarebytes)
S3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [33816 2016-08-01] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1711104 2006-10-17] (Intel® Corporation)
S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-08] (Intel Corporation)
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
S3 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
S3 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47104 2005-11-21] (TOSHIBA Corporation) [File not signed]
S3 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-01-20] (TOSHIBA CORPORATION) [File not signed]
S3 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [36480 2005-09-15] (TOSHIBA Corporation) [File not signed]
S1 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-01-11] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-05] (TOSHIBA Corporation.) [File not signed]
S3 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [50048 2005-04-05] (TOSHIBA Corporation) [File not signed]
S3 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [39936 2006-02-09] (TOSHIBA CORPORATION) [File not signed]
R3 ubohci; C:\WINDOWS\System32\DRIVERS\ubohci.sys [116736 2012-10-05] (Unibrain)
R2 ubsbm; C:\WINDOWS\System32\DRIVERS\ubsbm.sys [17408 2016-12-24] (Unibrain)
R2 ubumapi; C:\WINDOWS\System32\DRIVERS\ubumapi.sys [46592 2016-12-24] (Unibrain)
S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1429632 2006-04-27] (Intel® Corporation)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 UIUSys; no ImagePath
S3 wanatw; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-30 22:01 - 2018-03-31 18:33 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\temp
2018-03-30 22:01 - 2018-03-30 22:01 - 000012303 _____ C:\ComboFix.txt
2018-03-30 22:01 - 2018-03-30 22:01 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2018-03-30 22:01 - 2018-03-30 22:01 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2018-03-30 22:01 - 2018-03-30 22:01 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2018-03-30 14:54 - 2018-03-30 21:20 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2018-03-13 11:29 - 2011-06-26 08:45 - 000256000 ____C C:\WINDOWS\PEV.exe
2018-03-13 11:29 - 2010-11-07 19:20 - 000208896 ____C C:\WINDOWS\MBR.exe
2018-03-13 11:29 - 2009-04-20 06:56 - 000060416 ____C (NirSoft) C:\WINDOWS\NIRCMD.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000518144 ____C (SteelWerX) C:\WINDOWS\SWREG.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000406528 ____C (SteelWerX) C:\WINDOWS\SWSC.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000212480 ____C (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000098816 ____C C:\WINDOWS\sed.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000080412 ____C C:\WINDOWS\grep.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000068096 ____C C:\WINDOWS\zip.exe
2018-03-13 11:28 - 2018-03-30 22:01 - 000000000 ____D C:\Qoobox
2018-03-13 11:22 - 2018-03-30 15:07 - 005659794 ____R (Swearware) C:\Documents and Settings\Philip\Desktop\ComboFix.exe
2018-03-13 11:05 - 2018-03-13 11:05 - 001543360 _____ (COMODO) C:\Documents and Settings\Philip\Desktop\ciscleanuptool_x86.exe
2018-03-12 22:22 - 2018-03-12 22:22 - 003480040 _____ (McAfee, Inc.) C:\Documents and Settings\Philip\Desktop\MCPR.exe
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\NetworkService\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\LocalService\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\Default User\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Intel
2018-03-12 12:13 - 2018-03-12 12:23 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless
2018-03-12 12:13 - 2010-10-07 05:11 - 006609920 ____C (Intel Corporation) C:\WINDOWS\system32\Drivers\NETwLx32.sys
2018-03-12 12:13 - 2010-02-24 17:39 - 000675840 ____C (Intel Corporation) C:\WINDOWS\system32\NETwLc32.dll
2018-03-12 12:13 - 2010-02-24 17:37 - 002756608 ____C (Intel Corporation) C:\WINDOWS\system32\NETwLr32.dll
2018-03-12 12:12 - 2018-03-12 12:12 - 000000000 ___DC C:\Program Files\Common Files\Intel
2018-03-12 08:41 - 2007-05-10 11:22 - 000405504 ____C (SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
2018-03-12 08:40 - 2007-08-21 10:58 - 000146944 ____C (IDT, Inc.) C:\WINDOWS\system32\st325602.dll
2018-03-12 08:39 - 2018-03-12 08:39 - 000000000 ___DC C:\Program Files\Sigmatel
2018-03-12 08:39 - 2007-05-10 11:23 - 004952064 ____C (SigmaTel, Inc.) C:\WINDOWS\system32\stacgui.cpl
2018-03-12 08:39 - 2007-04-10 18:02 - 001601536 ____C (SigmaTel, Inc.) C:\WINDOWS\system32\stlang.dll
2018-03-12 07:58 - 2018-03-31 18:19 - 000000330 ___HC C:\WINDOWS\Tasks\MP Scheduled Scan.job
2018-03-12 07:46 - 2018-03-30 21:30 - 000004411 _____ C:\Documents and Settings\Philip\Desktop\Fixlog.txt
2018-03-12 07:37 - 2018-03-12 07:37 - 000023392 ____C C:\WINDOWS\system32\nscompat.tlb
2018-03-12 07:37 - 2018-03-12 07:37 - 000016832 ____C C:\WINDOWS\system32\amcompat.tlb
2018-03-11 21:16 - 2018-03-11 21:16 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\LHService
2018-03-11 12:38 - 2018-03-12 07:46 - 000000000 ____D C:\Documents and Settings\Philip\Desktop\FRST-OlderVersion
2018-03-10 23:14 - 2018-03-10 23:58 - 000000000 ____D C:\Documents and Settings\Philip\My Documents\Old Firefox Data
2018-03-10 22:58 - 2018-03-10 22:58 - 000002821 _____ C:\Documents and Settings\Philip\Desktop\Hardware Interrupts and DPCs.txt
2018-03-10 22:53 - 2018-03-10 22:53 - 000002895 _____ C:\Documents and Settings\Philip\My Documents\Hardware Interrupts and DPCs.txt
2018-03-10 22:39 - 2018-03-12 09:44 - 000036078 _____ C:\Documents and Settings\Philip\Desktop\Addition.txt
2018-03-10 22:36 - 2018-03-31 18:33 - 000017763 _____ C:\Documents and Settings\Philip\Desktop\FRST.txt
2018-03-10 22:28 - 2018-03-10 22:28 - 000002105 _____ C:\Documents and Settings\Philip\Desktop\JRT.txt
2018-03-10 21:53 - 2018-03-10 21:53 - 000085752 _____ C:\Documents and Settings\Philip\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2018-03-10 21:52 - 2018-03-10 21:52 - 000326704 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-10 21:22 - 2018-03-10 21:22 - 000396616 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2018-03-10 20:52 - 2018-03-10 20:52 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Philip\Desktop\JRT.exe
2018-03-10 20:32 - 2018-03-10 20:34 - 000194863 _____ C:\Documents and Settings\Philip\Desktop\ENILLION.txt
2018-03-10 20:24 - 2018-03-10 20:24 - 006299336 _____ (Piriform Ltd) C:\Documents and Settings\Philip\Desktop\spsetup131.exe
2018-03-10 20:15 - 2018-03-10 20:15 - 000004562 _____ C:\junk.txt
2018-03-10 20:10 - 2018-03-10 21:52 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2018-03-10 20:06 - 2018-03-10 20:06 - 000004052 _____ C:\Documents and Settings\Philip\Desktop\System Idle Process.txt
2018-03-10 19:47 - 2018-03-10 19:47 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Philip\Desktop\procexp.exe
2018-03-07 13:49 - 2018-03-07 13:49 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2018-03-07 13:49 - 2018-03-07 13:49 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2018-03-07 13:47 - 2018-03-31 18:18 - 000000358 ___HC C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-03-07 13:46 - 2018-03-07 13:45 - 000391856 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000310784 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000205344 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000167040 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000124392 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000070816 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000070576 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000042808 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000783608 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000276688 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000185432 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000169536 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000157368 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000050336 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2018-03-07 13:45 - 2018-03-07 13:45 - 000319392 ____C (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-04 20:26 - 2018-03-04 20:26 - 000359286 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1184402194-1185109317-1466214600-1005-0.dat
2018-03-04 20:25 - 2018-03-04 20:25 - 000359286 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-31 18:32 - 2018-02-05 00:00 - 000000000 ____D C:\FRST
2018-03-31 18:21 - 2004-08-11 18:07 - 000539720 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-31 18:16 - 2004-08-11 18:20 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2018-03-31 18:16 - 2004-08-11 18:00 - 000002206 ____C C:\WINDOWS\system32\wpa.dbl
2018-03-30 23:35 - 2013-01-27 18:01 - 000032654 ____C C:\WINDOWS\SchedLgU.Txt
2018-03-30 23:35 - 2006-07-22 00:50 - 000000278 ___SH C:\Documents and Settings\Philip\ntuser.ini
2018-03-30 23:35 - 2006-07-22 00:50 - 000000000 ____D C:\Documents and Settings\Philip
2018-03-30 21:57 - 2004-08-11 18:00 - 000000227 _____ C:\WINDOWS\system.ini
2018-03-30 21:20 - 2013-02-09 17:50 - 000000000 ___DC C:\Program Files\Mozilla Maintenance Service
2018-03-30 15:37 - 2009-02-03 11:46 - 000000000 ___DC C:\WINDOWS\ERDNT
2018-03-13 11:55 - 2004-08-11 18:20 - 000000000 __SHD C:\Documents and Settings\LocalService
2018-03-13 10:51 - 2007-04-29 19:06 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\McAfee
2018-03-12 12:24 - 2006-06-29 15:05 - 000000000 ___DC C:\WINDOWS\system32\ReinstallBackups
2018-03-12 12:14 - 2004-08-11 18:02 - 000000000 __HDC C:\WINDOWS\inf
2018-03-12 12:12 - 2006-06-29 15:23 - 000000000 ___DC C:\Program Files\Intel
2018-03-12 09:28 - 2004-08-11 18:11 - 000000000 ___DC C:\WINDOWS\Registration
2018-03-12 09:10 - 2008-10-24 21:36 - 000000000 ___DC C:\Program Files\Microsoft SQL Server
2018-03-12 08:41 - 2004-08-11 18:02 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2018-03-12 08:35 - 2006-06-29 15:21 - 000000000 ___DC C:\Program Files\Dell
2018-03-12 08:31 - 2018-02-05 18:16 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2018-03-12 07:46 - 2018-02-04 23:45 - 001763328 _____ (Farbar) C:\Documents and Settings\Philip\Desktop\FRST.exe
2018-03-12 07:37 - 2017-01-08 21:31 - 000000792 ____C C:\Documents and Settings\Philip\Start Menu\Programs\Windows Media Player.lnk
2018-03-12 07:37 - 2008-10-24 17:23 - 000000000 ___DC C:\Program Files\Windows Desktop Search
2018-03-12 07:37 - 2004-08-11 18:00 - 000000765 ____C C:\WINDOWS\win.ini
2018-03-11 21:16 - 2016-12-28 22:16 - 000000000 ___DC C:\Program Files\LockHunter
2018-03-11 21:08 - 2006-06-29 15:21 - 000000000 __HDC C:\Program Files\InstallShield Installation Information
2018-03-11 21:03 - 2006-07-29 09:44 - 000000000 ___DC C:\Program Files\Windows Media Connect 2
2018-03-11 21:03 - 2004-08-11 18:02 - 000000000 ___DC C:\WINDOWS\Help
2018-03-11 21:00 - 2018-01-18 19:28 - 000000000 ___DC C:\Program Files\Belarc
2018-03-11 20:59 - 2013-11-01 15:30 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2018-03-11 20:59 - 2013-11-01 15:29 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2018-03-11 20:18 - 2004-08-11 18:00 - 000000211 ___SH C:\boot.ini
2018-03-11 11:35 - 2009-02-05 10:15 - 000000000 ___DC C:\WINDOWS\pss
2018-03-11 00:06 - 2006-07-22 22:54 - 000000000 __SHD C:\WINDOWS\CSC
2018-03-10 22:26 - 2004-08-11 18:06 - 000000000 ____D C:\Documents and Settings\All Users
2018-03-10 20:14 - 2014-03-01 10:48 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\Skype
2018-03-10 20:13 - 2007-06-04 22:16 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2018-03-10 20:06 - 2016-08-04 22:02 - 000000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2018-03-09 00:29 - 2004-08-11 18:02 - 000000000 ___DC C:\WINDOWS\security
2018-03-08 23:42 - 2006-06-29 15:16 - 000000000 ___DC C:\Program Files\Common Files\Java
2018-03-08 22:10 - 2010-11-20 20:25 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\PCDr
2018-03-08 10:33 - 2011-02-20 20:34 - 000001324 ____C C:\WINDOWS\system32\d3d9caps.dat
2018-03-08 01:27 - 2004-08-11 18:20 - 000000178 __SHC C:\Documents and Settings\LocalService\ntuser.ini
2018-03-04 15:47 - 2009-12-19 17:19 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\Deployment

==================== Files in the root of some directories =======

2006-07-22 05:46 - 2000-03-14 01:00 - 000249856 ____C (Microsoft Corporation) C:\Program Files\SETUP1.EXE
2008-10-27 20:20 - 2008-10-27 20:20 - 000002528 ____C () C:\Documents and Settings\Philip\Application Data\$_hpcst$.hpc
2008-11-25 17:42 - 2009-01-28 21:48 - 000000082 ____C () C:\Documents and Settings\Philip\Application Data\AVSDVDPlayer.m3u
2010-12-08 17:18 - 2015-02-22 16:21 - 000028790 _____ () C:\Documents and Settings\Philip\Application Data\Comma Separated Values (Windows).ADR
2006-07-25 19:38 - 2010-03-30 19:45 - 000014848 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-24 21:30 - 2006-07-24 21:30 - 000000129 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\fusioncache.dat
2007-11-29 10:18 - 2007-11-29 10:18 - 000000032 ____C () C:\Documents and Settings\All Users\Application Data\ezsid.dat
2009-05-24 18:19 - 2017-01-02 22:56 - 000004136 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-07-12 21:16 - 2012-08-28 21:32 - 000000193 ____C () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2006-11-14 17:52 - 2009-04-20 18:07 - 000000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2006-06-29 15:21 - 2006-06-29 15:21 - 000000004 ___HC () C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

...and the additional:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11.03.2018 01
Ran by Philip (31-03-2018 18:34:56)
Running from C:\Documents and Settings\Philip\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-07-21 22:50:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1184402194-1185109317-1466214600-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Biggles (S-1-5-21-1184402194-1185109317-1466214600-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Biggles
Guest (S-1-5-21-1184402194-1185109317-1466214600-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1184402194-1185109317-1466214600-1004 - Limited - Disabled)
Philip (S-1-5-21-1184402194-1185109317-1466214600-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Philip
SUPPORT_388945a0 (S-1-5-21-1184402194-1185109317-1466214600-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{47ECCB1F-2811-49C0-B6A7-26778639ABA0}) (Version: 3.1.1 - Hewlett-Packard) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
C4580 (HKLM\...\{403E07CF-040C-4653-85C6-1053B992CA53}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: 7.63.00.50 - Conexant)
Copy (HKLM\...\{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Destination Component (HKLM\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DownloadX ActiveX Download Control 1.6.8 (HKLM\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version:  - Genesis Mobile)
GNU Backgammon (MAIN branch, 20081113 code) (HKLM\...\GNU Backgammon_is1) (Version:  - Free Software Foundation)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
InstaCodecs (HKLM\...\InstaCodecs_is1) (Version: 1.0 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{954B463D-FC19-4855-B9FA-92A136AE7BB7}) (Version: 15.03.0000 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MCU (HKLM\...\{D2988E9B-C73F-422C-AD4B-A66EBE257120}) (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Web Apps Browser Plugin (HKLM\...\{95140000-1148-0409-0000-0000000FF1CE}) (Version: 14.0.5568.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.7.3 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.7.3 ESR (x86 en-GB)) (Version: 52.7.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.7.3.6655 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Network (HKLM\...\{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Oxford Spanish Dictionary (HKLM\...\Oxford Spanish Dictionary) (Version:  - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.208.0 - Tracker Software Products Ltd)
PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.199.0 - Tracker Software Products Ltd)
PDF-XChange Viewer (HKLM\...\{D652ACB5-5443-43FA-B25C-259AFF394D8D}) (Version: 2.0.44.0 - Tracker Software Products Ltd.)
PS_AIO_04_C4580_Software_Min (HKLM\...\{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Recuva (remove only) (HKLM\...\Recuva) (Version:  - )
Scan (HKLM\...\{9CCCFD9C-248F-47FE-9496-1680E3E5C163}) (Version: 12.0.0.0 - Hewlett-Packard) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SmartWebPrinting (HKLM\...\{800E784D-53E3-4948-B491-9E7FA5EACBDC}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Sonic Audio module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.98 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sound Blaster ADVANCED MB Drivers (HKLM\...\SAMB_ADVMB_FILTER_DRV) (Version:  - )
Status (HKLM\...\{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Toolbox (HKLM\...\{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{4D304678-738E-42a0-931A-2B022F49DEB8}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Webcam 1200 (HKLM\...\{66D475AE-F18B-43A0-8BAF-61AF4403E339}) (Version: 1.0.0.0 - Logitech)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.14 - Microsoft Corporation)
Windows Driver Package - Conexant (winachsf) Modem  (03/22/2007 7.63.00.50) (HKLM\...\BC9093B69A2F23E789D7F05A3770E314C8D0F44E) (Version: 03/22/2007 7.63.00.50 - Conexant)
Windows Driver Package - Dell Inc (omci) system  (05/26/2009 7.7.0.830) (HKLM\...\B2A4CCA33ED18F8364EBC488FB0B7A4B87B9F00D) (Version: 05/26/2009 7.7.0.830 - Dell Inc)
Windows Driver Package - Intel hdc  (07/25/2013 9.1.9.1005) (HKLM\...\0FC89EF25B8E7EB4E6DEC68AAB6FC08D970018E8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/09/2013 9.1.9.1004) (HKLM\...\737C68EDD1AFCD5D42AE3A1B12CD1455500F0EA2) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\FFD5BD6AF8B693FED8D50E12A23F30056D22A864) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB  (07/09/2013 9.1.9.1004) (HKLM\...\7FE3091A683E1D79B336ED7A5D69467CDFFB7A5E) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device  (12/22/2017 6.2.84.276) (HKLM\...\5904AD65D5DEFFD8294BF5DB998020688E567249) (Version: 12/22/2017 6.2.84.276 - IVT Corporation)
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Driver Package - Ricoh Company (risdptsk) hdc  (09/02/2008 6.03.02.22) (HKLM\...\37F6DB1FE70CA0A966E15DBD0B314B56D7A92A5B) (Version: 09/02/2008 6.03.02.22 - Ricoh Company)
Windows Driver Package - Ricoh Company MMC Host Controller (03/07/2011 6.00.03.05) (HKLM\...\07A14B7D240AEA7F81B3C2FE99BFE33F46642538) (Version: 03/07/2011 6.00.03.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (03/07/2011 6.00.01.11) (HKLM\...\0BFE5FCDE57FA0AF01CA8E6EA54F614A15083EBF) (Version: 03/07/2011 6.00.01.11 - Ricoh Company)
Windows Driver Package - Ricoh Company xD Host Controller (03/07/2011 6.00.01.13) (HKLM\...\7624569EEDBF62171F717E0F02EAF2547B81FFAF) (Version: 03/07/2011 6.00.01.13 - Ricoh Company)
Windows Driver Package - SigmaTel MEDIA  (02/15/2008 6.10.0.5866) (HKLM\...\0C327E80B04D91ACEF343253C80A5CAEDF25AF73) (Version: 02/15/2008 6.10.0.5866 - SigmaTel)
Windows Driver Package - Unibrain (ubohci) UB1394  (10/05/2012 6.0) (HKLM\...\E2CB89A0476213170E58E955F4C2024F6879C877) (Version: 10/05/2012 6.0 - Unibrain)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Connect (HKLM\...\WMCSetup) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2007-03-30] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Philip\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2018-03-07 13:45 - 2018-03-07 13:45 - 000287960 ____C () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-07 13:45 - 2018-03-07 13:45 - 000280280 ____C () C:\Program Files\avast software\avast\tasks_core.dll
2018-03-30 20:44 - 2018-03-30 20:44 - 005809296 ____C () C:\Program Files\AVAST Software\Avast\defs\18033004\algo.dll
2018-03-07 13:45 - 2018-03-07 13:45 - 000756952 ____C () C:\Program Files\avast software\avast\ffl2.dll
2018-03-07 13:44 - 2018-03-07 13:44 - 000172760 ____C () C:\Program Files\avast software\avast\hns_tools.dll
2018-03-07 13:45 - 2018-03-07 13:45 - 000964824 ____C () C:\Program Files\avast software\avast\shepherdsync.dll
2018-03-07 13:45 - 2018-03-07 13:45 - 000475352 ____C () C:\Program Files\avast software\avast\gui_cache.dll
2018-03-31 18:21 - 2018-03-31 18:21 - 005810832 ____C () C:\Program Files\AVAST Software\Avast\defs\18033100\algo.dll
2017-11-27 16:03 - 2018-01-14 21:51 - 001934792 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2008-12-15 17:17 - 2008-12-15 17:17 - 000126976 _____ () C:\WINDOWS\system32\UAService7.exe
2018-03-07 13:44 - 2018-03-07 13:44 - 000618200 ____C () c:\Program Files\avast software\avast\vaarclient.dll
2018-03-07 13:45 - 2018-03-07 13:45 - 048936448 ____C () C:\Program Files\avast software\avast\libcef.dll
2004-08-11 18:00 - 2013-01-02 08:49 - 001292288 ____C () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:SummaryInformation [43]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com

There are 5486 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\1-2005-search.com -> www.1-2005-search.com

There are 10342 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 18:00 - 2018-03-30 20:34 - 000000027 ____C C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.8.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\msiexec.exe] => Generic Host Process
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
DomainProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
DomainProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
DomainProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
DomainProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
StandardProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
StandardProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
StandardProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017

==================== Restore Points =========================

24-03-2018 17:04:46 ComboFix created restore point
30-03-2018 15:05:20 Software Distribution Service 3.0

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 350 Bluetooth Internal Card
Description: Dell Wireless 350 Bluetooth Internal Card
Class Guid: {9B21FD3A-B1AB-4EB9-956F-E56ACFE78BCE}
Manufacturer: Toshiba
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2018 03:31:33 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: A connection with the server could not be established

Error: (03/30/2018 03:31:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: A connection with the server could not be established

Error: (03/24/2018 05:27:14 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: A connection with the server could not be established

Error: (03/24/2018 05:26:56 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: A connection with the server could not be established

Error: (03/24/2018 05:26:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: A connection with the server could not be established

Error: (03/11/2018 12:07:45 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: Event-ID 15

Error: (03/11/2018 12:07:45 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: Event-ID 3

Error: (03/11/2018 11:40:14 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: Event-ID 15


System errors:
=============
Error: (03/31/2018 06:17:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (03/30/2018 09:40:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SecuROM User Access Service (V7) service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/30/2018 08:44:31 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.108 for the Network Card with network address 0013028835CC has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/30/2018 08:34:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (03/30/2018 03:15:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SecuROM User Access Service (V7) service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/30/2018 02:42:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (03/30/2018 02:41:35 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (03/24/2018 05:41:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswbIDSAgent service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


==================== Memory info ===========================

Processor: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of memory in use: 85%
Total physical RAM: 1014.37 MB
Available physical RAM: 142.6 MB
Total Virtual: 2439.77 MB
Available Virtual: 1591.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:51.39 GB) (Free:27.45 GB) NTFS ==>[drive with boot components (Windows XP)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 54.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=51.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End of Addition.txt ============================

 

The initial boot today resulted in the Blue Error Page, so I had to use the Last Known Good option. A reboot including the shutdown process was about 7 minutes. A boot took 4 minutes and 50 seconds.

 

I won't get anything done tomorrow, as well as being Easter Sunday and All Fool's Day it is the 100th Anniversary of the founding of the Royal Air Force and we are hosting a lunch for some other RAF types. It will probably go on for a while...!

 

Happy Holiday to you.

 

Philip


  • 0

Advertisements

#92
RKinner
Posted 31 March 2018 - 03:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I got this notification for a change.

 

Looks like they are back.  I think we will leave them for now and go on to some other stuff:

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.
 

1. Please download the Event Viewer Tool by Vino Rosso (if you don't already have it)

http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

Defrag the hard drive:

 

https://www.wikihow....ows-XP-Computer

 

XP doesn't do it automatically and a fragmented drive can slow things down a lot.

 

 


  • 0

#93
PhilipW97
Posted 03 April 2018 - 12:34 AM

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Good morning Ron,

 

I ran the disc check last night and it came up clear with no errors reported. then I ran VEW on the system and locked up and went to bed forgetting to finish off. Got up for a trip to the toilet, saw the light on and ran VEW on application.  This morning I couldn't recover the logs that I had put into this response, so I ran both again.

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 03/04/2018 07:38:13

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/04/2018 07:31:03
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Image Acquisition (WIA) service hung on starting.

Log: 'System' Date/Time: 03/04/2018 01:08:31
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 192.168.0.104 for the Network Card with network address 0013028835CC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 03/04/2018 00:05:47
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Image Acquisition (WIA) service hung on starting.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 03/04/2018 07:50:12

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/04/2018 07:28:18
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 02/04/2018 23:09:45
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

The defrag app told me that defrag wasn't needed, but I ran it anyway. I closed the open apps and rebooted and it took 5min 34sec.

 

Philip


  • 0

#94
RKinner
Posted 03 April 2018 - 06:21 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Log: 'Application' Date/Time: 03/04/2018 07:28:18
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

 

 

Download UPHClean. To download and install UPHClean, visit http://www.majorgeek...up_service.html
    As soon as you have downloaded the UPHClean installer (UPHClean-Setup.msi), double-click the installer to begin the installation.
    In the User Profile Hive Cleanup Service installation wizard, click Next.
    In the License Agreement page, read the license agreement, select I Agree, and then click Next.
    In the Select Installation Folder page, click Next.
    In the Confirm Installation page, click Next.
    When UPHClean is installed, click Close.

 

Log: 'System' Date/Time: 03/04/2018 07:31:03
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Image Acquisition (WIA) service hung on starting.

 

Additional Information

Used for some scanners, web cams, and cameras. If, after disabling this service, your scanner or camera fails to function properly, enable this service by placing it into Automatic.

 

click Start, and then click Run.
    In Open box, type the following text, and then click OK:

    services.msc
    In Services, in the Name column, locate Windows Image Acquisition.  Right click and select Properties then change the Startup Type: to Disabled and OK

 

Reboot (time it) and then run VEW again.  Any improvement in the time?

 

Get Autoruns:

 

from
http://live.sysinter...om/autoruns.exe

 

This is a direct download so the page won't change.

Download Save and Run the program.

 

Scroll down under Everything and UNCHECK any YELLOW highlighted items

 

Close the program and reboot.  Any improvement?

 

Open autoruns again.  Find these 

 

S3 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
S3 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47104 2005-11-21] (TOSHIBA Corporation) [File not signed]
S3 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-01-20] (TOSHIBA CORPORATION) [File not signed]
S3 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [36480 2005-09-15] (TOSHIBA Corporation) [File not signed]
S1 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-01-11] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-05] (TOSHIBA Corporation.) [File not signed]
S3 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [50048 2005-04-05] (TOSHIBA Corporation) [File not signed]
S3 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [39936 2006-02-09] (TOSHIBA CORPORATION) [File not signed]

 

You won't see the S1 or S3s.  They just indicate a service type.  These are drivers for your bluetooth which isn't working.

 

Close Aurtoruns and reboot.  Any faster?

 

Open FRST.  Put bdisk in the Search box and hit Search Registry.  Post the log.


  • 0

#95
PhilipW97
Posted 03 April 2018 - 01:25 PM

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Reboot 3min 47 sec

 

 

reboot now 2min 48sec

 

i assumed that you wanted me to uncheck the 9 drivers so i did and the reboot seemed to hang at 6 min. So I pressed and held the power button to force a shutdown.

 

then a boot took 2min 26sec.

 

Farbar Recovery Scan Tool (x86) Version: 11.03.2018 01
Ran by Philip (03-04-2018 21:13:51)
Running from C:\Documents and Settings\Philip\Desktop
Boot Mode: Normal

================== Search Registry: "bdisk" ===========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="bdisk
PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\DiskST96812AS_______________________________8.03____\5&19c84639&0&0.0.0\Control]
"ActiveService"="bdisk"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdisk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdisk]
"ImagePath"="system32\drivers\bdisk.sys"

====== End of Search ======

 

We seem to have made progress on the start boot, excellent, thank you. I have the impression that Firefox is playing up though. it took ages to start up after the first 2 stages and then opened 3 copies. The next time, after the reboot iwas very careful not to pressthe icon more than once and it still took a long time and opened 2 copies.


  • 0

#96
RKinner
Posted 03 April 2018 - 03:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

For Firefox:

 

get Speedyfox:

 

http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 

 

Does that help with Firefox? If not it's probably a bad extension.  Try it in Safe Mode:

 

https://support.mozi...using-safe-mode

 

I see why bdisk was giving us a hard time.  It's used as an upper filter on the hard drive.  We would need to remove the upper filter at the same time or before we remove the driver.


  • 0

#97
PhilipW97
Posted 04 April 2018 - 04:58 AM

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Thank you, Speedyfox worked well and I have made a note of the safe option for Firefox.

 

I shall await your ibstructions about th HD Filter...

 

Philip


  • 0

#98
RKinner
Posted 04 April 2018 - 05:24 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

See if you can use autoruns to uncheck

CBUFS.sys

 

We may just have to live with bdisk.  Probably not worth the effort to get rid of it.


  • 0

#99
PhilipW97
Posted 04 April 2018 - 07:37 AM

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Yes, found and unchecked it. Do you want me to do anything else?


  • 0

#100
RKinner
Posted 04 April 2018 - 07:51 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

reboot and see if there are any problems.  Then run FRST with addition.txt checked and post both logs


  • 0

Advertisements

#101
PhilipW97
Posted 04 April 2018 - 01:39 PM

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

OK, no problem with the boot; here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11.03.2018 01
Ran by Philip (administrator) on ENILLION (04-04-2018 21:19:55)
Running from C:\Documents and Settings\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Philip & Biggles & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
() C:\WINDOWS\system32\UAService7.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastUI.exe
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\avast software\avast\aswidsagent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-07] (AVAST Software)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [138008 2007-03-30] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [162584 2007-03-30] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1407248 2012-04-24] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2012-04-24] (Intel® Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
SecurityProviders:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4E6EE061-C7E0-45E8-A1C8-4121A2A500B7}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {7a085852-6757-4e38-8874-40baece5c3ae} URL =
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {31D37273-C478-446F-B06A-59B0A6C73E72} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-03-07] (AVAST Software)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Sunbird\Profiles\oy1oewzm.default [2008-09-01]
FF Extension: (No Name) - C:\Program Files\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2008-10-24] [not signed]
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078 [2018-04-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-14] [Legacy] [not signed]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2006-03-22] (Zylom)
FF Plugin HKU\S-1-5-21-1184402194-1185109317-1466214600-1005: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fooihgffjknjfdidhkpgeibbipkjlhpn] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888 2018-03-07] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-07] (AVAST Software)
S2 gupdate1c996655bba3304; C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2016-08-04] (Google Inc.)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [919824 2012-04-24] (Intel® Corporation)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider) [File not signed]
R2 UserAccess7; C:\WINDOWS\system32\UAService7.exe [126976 2008-12-15] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S4 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 ARCSOFTVIRTUALCAPTURE; C:\WINDOWS\System32\DRIVERS\ArcSoftVirtualCapture.sys [15104 2006-12-07] (ArcSoft, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167040 2018-03-07] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [185432 2018-03-07] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157368 2018-03-07] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276688 2018-03-07] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50336 2018-03-07] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [169536 2018-03-07] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-03-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124392 2018-03-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70576 2018-03-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70816 2018-03-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783608 2018-03-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [391856 2018-03-07] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205344 2018-03-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-03-07] (AVAST Software)
R0 bdisk; C:\WINDOWS\System32\drivers\bdisk.sys [69216 2010-01-07] ()
S4 CBUfs; C:\WINDOWS\System32\DRIVERS\CBUFS.sys [120960 2010-01-07] (COMODO Security Solutions Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2014-12-25] (Windows ® Win 7 DDK provider)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209536 2009-07-29] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2009-07-29] (Conexant Systems, Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [221112 2018-01-28] (Malwarebytes)
S3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [33816 2016-08-01] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1711104 2006-10-17] (Intel® Corporation)
S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-08] (Intel Corporation)
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
S4 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
S4 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47104 2005-11-21] (TOSHIBA Corporation) [File not signed]
S4 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-01-20] (TOSHIBA CORPORATION) [File not signed]
S4 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [36480 2005-09-15] (TOSHIBA Corporation) [File not signed]
S4 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
S4 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-01-11] (TOSHIBA Corporation.) [File not signed]
S4 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-05] (TOSHIBA Corporation.) [File not signed]
S4 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [50048 2005-04-05] (TOSHIBA Corporation) [File not signed]
S4 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [39936 2006-02-09] (TOSHIBA CORPORATION) [File not signed]
R3 ubohci; C:\WINDOWS\System32\DRIVERS\ubohci.sys [116736 2012-10-05] (Unibrain)
R2 ubsbm; C:\WINDOWS\System32\DRIVERS\ubsbm.sys [17408 2016-12-24] (Unibrain)
R2 ubumapi; C:\WINDOWS\System32\DRIVERS\ubumapi.sys [46592 2016-12-24] (Unibrain)
S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1429632 2006-04-27] (Intel® Corporation)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S4 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [X]
S4 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S4 UIUSys; no ImagePath
S4 wanatw; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-04 12:53 - 2018-04-04 12:53 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\CrystalIdea Software
2018-04-03 21:13 - 2018-04-03 21:13 - 000000716 _____ C:\Documents and Settings\Philip\Desktop\SearchReg.txt
2018-04-03 20:50 - 2018-04-03 20:50 - 000000000 _____ C:\WINDOWS\system32\default_user_class.dat
2018-04-03 19:57 - 2018-04-03 19:57 - 000000000 ___DC C:\Program Files\UPHClean
2018-04-03 00:08 - 2018-04-03 20:19 - 000002871 _____ C:\VEW.txt
2018-04-02 22:38 - 2018-04-02 22:38 - 000061440 _____ ( ) C:\Documents and Settings\Philip\Desktop\VEW(1).exe
2018-03-30 22:01 - 2018-04-04 21:21 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\temp
2018-03-30 22:01 - 2018-04-02 22:33 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2018-03-30 22:01 - 2018-03-30 22:01 - 000012303 _____ C:\ComboFix.txt
2018-03-30 22:01 - 2018-03-30 22:01 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2018-03-30 22:01 - 2018-03-30 22:01 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2018-03-30 14:54 - 2018-03-30 21:20 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2018-03-13 11:29 - 2011-06-26 08:45 - 000256000 ____C C:\WINDOWS\PEV.exe
2018-03-13 11:29 - 2010-11-07 19:20 - 000208896 ____C C:\WINDOWS\MBR.exe
2018-03-13 11:29 - 2009-04-20 06:56 - 000060416 ____C (NirSoft) C:\WINDOWS\NIRCMD.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000518144 ____C (SteelWerX) C:\WINDOWS\SWREG.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000406528 ____C (SteelWerX) C:\WINDOWS\SWSC.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000212480 ____C (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000098816 ____C C:\WINDOWS\sed.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000080412 ____C C:\WINDOWS\grep.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000068096 ____C C:\WINDOWS\zip.exe
2018-03-13 11:28 - 2018-03-30 22:01 - 000000000 ____D C:\Qoobox
2018-03-13 11:22 - 2018-03-30 15:07 - 005659794 ____R (Swearware) C:\Documents and Settings\Philip\Desktop\ComboFix.exe
2018-03-13 11:05 - 2018-03-13 11:05 - 001543360 _____ (COMODO) C:\Documents and Settings\Philip\Desktop\ciscleanuptool_x86.exe
2018-03-12 22:22 - 2018-03-12 22:22 - 003480040 _____ (McAfee, Inc.) C:\Documents and Settings\Philip\Desktop\MCPR.exe
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\NetworkService\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\LocalService\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\Default User\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Intel
2018-03-12 12:13 - 2018-03-12 12:23 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless
2018-03-12 12:13 - 2010-10-07 05:11 - 006609920 ____C (Intel Corporation) C:\WINDOWS\system32\Drivers\NETwLx32.sys
2018-03-12 12:13 - 2010-02-24 17:39 - 000675840 ____C (Intel Corporation) C:\WINDOWS\system32\NETwLc32.dll
2018-03-12 12:13 - 2010-02-24 17:37 - 002756608 ____C (Intel Corporation) C:\WINDOWS\system32\NETwLr32.dll
2018-03-12 12:12 - 2018-03-12 12:12 - 000000000 ___DC C:\Program Files\Common Files\Intel
2018-03-12 08:41 - 2007-05-10 11:22 - 000405504 ____C (SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
2018-03-12 08:40 - 2007-08-21 10:58 - 000146944 ____C (IDT, Inc.) C:\WINDOWS\system32\st325602.dll
2018-03-12 08:39 - 2018-03-12 08:39 - 000000000 ___DC C:\Program Files\Sigmatel
2018-03-12 08:39 - 2007-05-10 11:23 - 004952064 ____C (SigmaTel, Inc.) C:\WINDOWS\system32\stacgui.cpl
2018-03-12 08:39 - 2007-04-10 18:02 - 001601536 ____C (SigmaTel, Inc.) C:\WINDOWS\system32\stlang.dll
2018-03-12 07:58 - 2018-04-04 21:13 - 000000330 ___HC C:\WINDOWS\Tasks\MP Scheduled Scan.job
2018-03-12 07:46 - 2018-03-30 21:30 - 000004411 _____ C:\Documents and Settings\Philip\Desktop\Fixlog.txt
2018-03-12 07:37 - 2018-03-12 07:37 - 000023392 ____C C:\WINDOWS\system32\nscompat.tlb
2018-03-12 07:37 - 2018-03-12 07:37 - 000016832 ____C C:\WINDOWS\system32\amcompat.tlb
2018-03-11 21:16 - 2018-03-11 21:16 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\LHService
2018-03-11 12:38 - 2018-03-12 07:46 - 000000000 ____D C:\Documents and Settings\Philip\Desktop\FRST-OlderVersion
2018-03-10 23:14 - 2018-03-10 23:58 - 000000000 ____D C:\Documents and Settings\Philip\My Documents\Old Firefox Data
2018-03-10 22:58 - 2018-03-10 22:58 - 000002821 _____ C:\Documents and Settings\Philip\Desktop\Hardware Interrupts and DPCs.txt
2018-03-10 22:53 - 2018-03-10 22:53 - 000002895 _____ C:\Documents and Settings\Philip\My Documents\Hardware Interrupts and DPCs.txt
2018-03-10 22:39 - 2018-03-31 18:39 - 000035517 _____ C:\Documents and Settings\Philip\Desktop\Addition.txt
2018-03-10 22:36 - 2018-04-04 21:21 - 000017984 _____ C:\Documents and Settings\Philip\Desktop\FRST.txt
2018-03-10 22:28 - 2018-03-10 22:28 - 000002105 _____ C:\Documents and Settings\Philip\Desktop\JRT.txt
2018-03-10 21:53 - 2018-03-10 21:53 - 000085752 _____ C:\Documents and Settings\Philip\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2018-03-10 21:52 - 2018-03-10 21:52 - 000326704 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-10 21:22 - 2018-03-10 21:22 - 000396616 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2018-03-10 20:52 - 2018-03-10 20:52 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Philip\Desktop\JRT.exe
2018-03-10 20:32 - 2018-03-10 20:34 - 000194863 _____ C:\Documents and Settings\Philip\Desktop\ENILLION.txt
2018-03-10 20:24 - 2018-03-10 20:24 - 006299336 _____ (Piriform Ltd) C:\Documents and Settings\Philip\Desktop\spsetup131.exe
2018-03-10 20:15 - 2018-03-10 20:15 - 000004562 _____ C:\junk.txt
2018-03-10 20:10 - 2018-03-10 21:52 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2018-03-10 20:06 - 2018-03-10 20:06 - 000004052 _____ C:\Documents and Settings\Philip\Desktop\System Idle Process.txt
2018-03-10 19:47 - 2018-03-10 19:47 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Philip\Desktop\procexp.exe
2018-03-07 13:49 - 2018-03-07 13:49 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2018-03-07 13:49 - 2018-03-07 13:49 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2018-03-07 13:47 - 2018-04-04 21:11 - 000000358 ___HC C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-03-07 13:46 - 2018-03-07 13:45 - 000391856 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000310784 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000205344 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000167040 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000124392 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000070816 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000070576 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000042808 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000783608 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000276688 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000185432 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000169536 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000157368 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000050336 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2018-03-07 13:45 - 2018-03-07 13:45 - 000319392 ____C (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-04 21:19 - 2018-02-05 00:00 - 000000000 ____D C:\FRST
2018-04-04 21:10 - 2004-08-11 18:20 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2018-04-04 21:10 - 2004-08-11 18:00 - 000002206 ____C C:\WINDOWS\system32\wpa.dbl
2018-04-04 15:39 - 2013-01-27 18:01 - 000032654 ____C C:\WINDOWS\SchedLgU.Txt
2018-04-04 15:39 - 2006-07-22 00:50 - 000000278 ___SH C:\Documents and Settings\Philip\ntuser.ini
2018-04-04 15:39 - 2006-07-22 00:50 - 000000000 ____D C:\Documents and Settings\Philip
2018-04-03 20:57 - 2006-07-22 22:54 - 000000000 __SHD C:\WINDOWS\CSC
2018-04-03 00:10 - 2004-08-11 18:07 - 000539720 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-30 21:57 - 2004-08-11 18:00 - 000000227 _____ C:\WINDOWS\system.ini
2018-03-30 21:20 - 2013-02-09 17:50 - 000000000 ___DC C:\Program Files\Mozilla Maintenance Service
2018-03-30 15:37 - 2009-02-03 11:46 - 000000000 ___DC C:\WINDOWS\ERDNT
2018-03-13 11:55 - 2004-08-11 18:20 - 000000000 __SHD C:\Documents and Settings\LocalService
2018-03-13 10:51 - 2007-04-29 19:06 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\McAfee
2018-03-12 12:24 - 2006-06-29 15:05 - 000000000 ___DC C:\WINDOWS\system32\ReinstallBackups
2018-03-12 12:14 - 2004-08-11 18:02 - 000000000 __HDC C:\WINDOWS\inf
2018-03-12 12:12 - 2006-06-29 15:23 - 000000000 ___DC C:\Program Files\Intel
2018-03-12 09:28 - 2004-08-11 18:11 - 000000000 ___DC C:\WINDOWS\Registration
2018-03-12 09:10 - 2008-10-24 21:36 - 000000000 ___DC C:\Program Files\Microsoft SQL Server
2018-03-12 08:41 - 2004-08-11 18:02 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2018-03-12 08:35 - 2006-06-29 15:21 - 000000000 ___DC C:\Program Files\Dell
2018-03-12 08:31 - 2018-02-05 18:16 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2018-03-12 07:46 - 2018-02-04 23:45 - 001763328 _____ (Farbar) C:\Documents and Settings\Philip\Desktop\FRST.exe
2018-03-12 07:37 - 2017-01-08 21:31 - 000000792 ____C C:\Documents and Settings\Philip\Start Menu\Programs\Windows Media Player.lnk
2018-03-12 07:37 - 2008-10-24 17:23 - 000000000 ___DC C:\Program Files\Windows Desktop Search
2018-03-12 07:37 - 2004-08-11 18:00 - 000000765 ____C C:\WINDOWS\win.ini
2018-03-11 21:16 - 2016-12-28 22:16 - 000000000 ___DC C:\Program Files\LockHunter
2018-03-11 21:08 - 2006-06-29 15:21 - 000000000 __HDC C:\Program Files\InstallShield Installation Information
2018-03-11 21:03 - 2006-07-29 09:44 - 000000000 ___DC C:\Program Files\Windows Media Connect 2
2018-03-11 21:03 - 2004-08-11 18:02 - 000000000 ___DC C:\WINDOWS\Help
2018-03-11 21:00 - 2018-01-18 19:28 - 000000000 ___DC C:\Program Files\Belarc
2018-03-11 20:59 - 2013-11-01 15:30 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2018-03-11 20:59 - 2013-11-01 15:29 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2018-03-11 20:18 - 2004-08-11 18:00 - 000000211 ___SH C:\boot.ini
2018-03-11 11:35 - 2009-02-05 10:15 - 000000000 ___DC C:\WINDOWS\pss
2018-03-10 22:26 - 2004-08-11 18:06 - 000000000 ____D C:\Documents and Settings\All Users
2018-03-10 20:14 - 2014-03-01 10:48 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\Skype
2018-03-10 20:13 - 2007-06-04 22:16 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2018-03-10 20:06 - 2016-08-04 22:02 - 000000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2018-03-09 00:29 - 2004-08-11 18:02 - 000000000 ___DC C:\WINDOWS\security
2018-03-08 23:42 - 2006-06-29 15:16 - 000000000 ___DC C:\Program Files\Common Files\Java
2018-03-08 22:10 - 2010-11-20 20:25 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\PCDr
2018-03-08 10:33 - 2011-02-20 20:34 - 000001324 ____C C:\WINDOWS\system32\d3d9caps.dat
2018-03-08 01:27 - 2004-08-11 18:20 - 000000178 __SHC C:\Documents and Settings\LocalService\ntuser.ini

==================== Files in the root of some directories =======

2006-07-22 05:46 - 2000-03-14 01:00 - 000249856 ____C (Microsoft Corporation) C:\Program Files\SETUP1.EXE
2008-10-27 20:20 - 2008-10-27 20:20 - 000002528 ____C () C:\Documents and Settings\Philip\Application Data\$_hpcst$.hpc
2008-11-25 17:42 - 2009-01-28 21:48 - 000000082 ____C () C:\Documents and Settings\Philip\Application Data\AVSDVDPlayer.m3u
2010-12-08 17:18 - 2015-02-22 16:21 - 000028790 _____ () C:\Documents and Settings\Philip\Application Data\Comma Separated Values (Windows).ADR
2006-07-25 19:38 - 2010-03-30 19:45 - 000014848 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-24 21:30 - 2006-07-24 21:30 - 000000129 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\fusioncache.dat
2007-11-29 10:18 - 2007-11-29 10:18 - 000000032 ____C () C:\Documents and Settings\All Users\Application Data\ezsid.dat
2009-05-24 18:19 - 2017-01-02 22:56 - 000004136 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-07-12 21:16 - 2012-08-28 21:32 - 000000193 ____C () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2006-11-14 17:52 - 2009-04-20 18:07 - 000000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2006-06-29 15:21 - 2006-06-29 15:21 - 000000004 ___HC () C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11.03.2018 01
Ran by Philip (04-04-2018 21:23:26)
Running from C:\Documents and Settings\Philip\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-07-21 22:50:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1184402194-1185109317-1466214600-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Biggles (S-1-5-21-1184402194-1185109317-1466214600-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Biggles
Guest (S-1-5-21-1184402194-1185109317-1466214600-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1184402194-1185109317-1466214600-1004 - Limited - Disabled)
Philip (S-1-5-21-1184402194-1185109317-1466214600-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Philip
SUPPORT_388945a0 (S-1-5-21-1184402194-1185109317-1466214600-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{47ECCB1F-2811-49C0-B6A7-26778639ABA0}) (Version: 3.1.1 - Hewlett-Packard) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
C4580 (HKLM\...\{403E07CF-040C-4653-85C6-1053B992CA53}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: 7.63.00.50 - Conexant)
Copy (HKLM\...\{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Destination Component (HKLM\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DownloadX ActiveX Download Control 1.6.8 (HKLM\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version:  - Genesis Mobile)
GNU Backgammon (MAIN branch, 20081113 code) (HKLM\...\GNU Backgammon_is1) (Version:  - Free Software Foundation)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
InstaCodecs (HKLM\...\InstaCodecs_is1) (Version: 1.0 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{954B463D-FC19-4855-B9FA-92A136AE7BB7}) (Version: 15.03.0000 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MCU (HKLM\...\{D2988E9B-C73F-422C-AD4B-A66EBE257120}) (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Web Apps Browser Plugin (HKLM\...\{95140000-1148-0409-0000-0000000FF1CE}) (Version: 14.0.5568.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.7.3 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.7.3 ESR (x86 en-GB)) (Version: 52.7.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.7.3.6655 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Network (HKLM\...\{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Oxford Spanish Dictionary (HKLM\...\Oxford Spanish Dictionary) (Version:  - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.208.0 - Tracker Software Products Ltd)
PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.199.0 - Tracker Software Products Ltd)
PDF-XChange Viewer (HKLM\...\{D652ACB5-5443-43FA-B25C-259AFF394D8D}) (Version: 2.0.44.0 - Tracker Software Products Ltd.)
PS_AIO_04_C4580_Software_Min (HKLM\...\{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Recuva (remove only) (HKLM\...\Recuva) (Version:  - )
Scan (HKLM\...\{9CCCFD9C-248F-47FE-9496-1680E3E5C163}) (Version: 12.0.0.0 - Hewlett-Packard) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SmartWebPrinting (HKLM\...\{800E784D-53E3-4948-B491-9E7FA5EACBDC}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Sonic Audio module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.98 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sound Blaster ADVANCED MB Drivers (HKLM\...\SAMB_ADVMB_FILTER_DRV) (Version:  - )
Status (HKLM\...\{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Toolbox (HKLM\...\{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{4D304678-738E-42a0-931A-2B022F49DEB8}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Webcam 1200 (HKLM\...\{66D475AE-F18B-43A0-8BAF-61AF4403E339}) (Version: 1.0.0.0 - Logitech)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.14 - Microsoft Corporation)
Windows Driver Package - Conexant (winachsf) Modem  (03/22/2007 7.63.00.50) (HKLM\...\BC9093B69A2F23E789D7F05A3770E314C8D0F44E) (Version: 03/22/2007 7.63.00.50 - Conexant)
Windows Driver Package - Dell Inc (omci) system  (05/26/2009 7.7.0.830) (HKLM\...\B2A4CCA33ED18F8364EBC488FB0B7A4B87B9F00D) (Version: 05/26/2009 7.7.0.830 - Dell Inc)
Windows Driver Package - Intel hdc  (07/25/2013 9.1.9.1005) (HKLM\...\0FC89EF25B8E7EB4E6DEC68AAB6FC08D970018E8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/09/2013 9.1.9.1004) (HKLM\...\737C68EDD1AFCD5D42AE3A1B12CD1455500F0EA2) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\FFD5BD6AF8B693FED8D50E12A23F30056D22A864) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB  (07/09/2013 9.1.9.1004) (HKLM\...\7FE3091A683E1D79B336ED7A5D69467CDFFB7A5E) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device  (12/22/2017 6.2.84.276) (HKLM\...\5904AD65D5DEFFD8294BF5DB998020688E567249) (Version: 12/22/2017 6.2.84.276 - IVT Corporation)
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Driver Package - Ricoh Company (risdptsk) hdc  (09/02/2008 6.03.02.22) (HKLM\...\37F6DB1FE70CA0A966E15DBD0B314B56D7A92A5B) (Version: 09/02/2008 6.03.02.22 - Ricoh Company)
Windows Driver Package - Ricoh Company MMC Host Controller (03/07/2011 6.00.03.05) (HKLM\...\07A14B7D240AEA7F81B3C2FE99BFE33F46642538) (Version: 03/07/2011 6.00.03.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (03/07/2011 6.00.01.11) (HKLM\...\0BFE5FCDE57FA0AF01CA8E6EA54F614A15083EBF) (Version: 03/07/2011 6.00.01.11 - Ricoh Company)
Windows Driver Package - Ricoh Company xD Host Controller (03/07/2011 6.00.01.13) (HKLM\...\7624569EEDBF62171F717E0F02EAF2547B81FFAF) (Version: 03/07/2011 6.00.01.13 - Ricoh Company)
Windows Driver Package - SigmaTel MEDIA  (02/15/2008 6.10.0.5866) (HKLM\...\0C327E80B04D91ACEF343253C80A5CAEDF25AF73) (Version: 02/15/2008 6.10.0.5866 - SigmaTel)
Windows Driver Package - Unibrain (ubohci) UB1394  (10/05/2012 6.0) (HKLM\...\E2CB89A0476213170E58E955F4C2024F6879C877) (Version: 10/05/2012 6.0 - Unibrain)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Connect (HKLM\...\WMCSetup) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2007-03-30] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Philip\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2018-03-07 13:45 - 2018-03-07 13:45 - 000287960 ____C () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-07 13:45 - 2018-03-07 13:45 - 000280280 ____C () C:\Program Files\avast software\avast\tasks_core.dll
2018-04-04 15:15 - 2018-04-04 15:15 - 005810832 ____C () C:\Program Files\AVAST Software\Avast\defs\18040406\algo.dll
2018-03-07 13:45 - 2018-03-07 13:45 - 000756952 ____C () C:\Program Files\avast software\avast\ffl2.dll
2018-03-07 13:44 - 2018-03-07 13:44 - 000172760 ____C () C:\Program Files\avast software\avast\hns_tools.dll
2018-03-07 13:45 - 2018-03-07 13:45 - 000964824 ____C () C:\Program Files\avast software\avast\shepherdsync.dll
2018-03-07 13:45 - 2018-03-07 13:45 - 000475352 ____C () C:\Program Files\avast software\avast\gui_cache.dll
2018-04-04 21:17 - 2018-04-04 21:17 - 005810832 ____C () C:\Program Files\AVAST Software\Avast\defs\18040408\algo.dll
2017-11-27 16:03 - 2018-01-14 21:51 - 001934792 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2008-12-15 17:17 - 2008-12-15 17:17 - 000126976 _____ () C:\WINDOWS\system32\UAService7.exe
2018-03-07 13:45 - 2018-03-07 13:45 - 048936448 ____C () C:\Program Files\avast software\avast\libcef.dll
2018-03-07 13:44 - 2018-03-07 13:44 - 000618200 ____C () c:\Program Files\avast software\avast\vaarclient.dll
2004-08-11 18:00 - 2013-01-02 08:49 - 001292288 ____C () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:SummaryInformation [43]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com

There are 5486 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\1-2005-search.com -> www.1-2005-search.com

There are 10342 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 18:00 - 2018-03-30 20:34 - 000000027 ____C C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\msiexec.exe] => Generic Host Process
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
DomainProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
DomainProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
DomainProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
DomainProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
StandardProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
StandardProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
StandardProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017

==================== Restore Points =========================

30-03-2018 15:05:20 Software Distribution Service 3.0
03-04-2018 00:39:56 System Checkpoint
03-04-2018 19:57:07 Installed User Profile Hive Cleanup Service

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 350 Bluetooth Internal Card
Description: Dell Wireless 350 Bluetooth Internal Card
Class Guid: {9B21FD3A-B1AB-4EB9-956F-E56ACFE78BCE}
Manufacturer: Toshiba
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (04/04/2018 03:10:59 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/03/2018 07:44:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (04/03/2018 08:26:09 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (04/03/2018 07:31:03 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (04/03/2018 01:08:31 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.104 for the Network Card with network address 0013028835CC has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (04/03/2018 12:05:47 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.


==================== Memory info ===========================

Processor: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of memory in use: 83%
Total physical RAM: 1014.37 MB
Available physical RAM: 168.15 MB
Total Virtual: 2440.37 MB
Available Virtual: 1610.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:51.39 GB) (Free:27.17 GB) NTFS ==>[drive with boot components (Windows XP)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 54.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=51.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End of Addition.txt ============================


  • 0

#102
RKinner
Posted 04 April 2018 - 09:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Uninstall IPV6:

 

https://malwaretips....windows-xp.413/

 

Get deldomains.inf from http://www.deldomains.com/

 

Save it and then right click and Install.  On my Win 10 it insists on tacking on a .txt to the file name so you may need to right click and rename it if you don't get the install option.

 

Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.
 

Run VEW again as before and post both logs.


  • 0

#103
PhilipW97
Posted 05 April 2018 - 01:37 PM

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Good evening Ron,

 

Before the logs, which look remarkably clean, I should tell you that on both reboots the process hung on the Windows XP splash screen and I had to force the shut down and then perform a normal boot.

 

Here are the logs:

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 05/04/2018 21:32:21

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 05/04/2018 21:33:45

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Regards,

 

Philip


  • 0

#104
RKinner
Posted 05 April 2018 - 07:18 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

OK.  Let's look at the FRST scan with Addition.txt checked.  Post both logs.


  • 0

#105
PhilipW97
Posted 06 April 2018 - 09:12 AM

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

OK here they are:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11.03.2018 01
Ran by Philip (administrator) on ENILLION (06-04-2018 16:59:43)
Running from C:\Documents and Settings\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Philip & Biggles & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
() C:\WINDOWS\system32\UAService7.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastUI.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\avast software\avast\aswidsagent.exe
(AVAST Software) C:\Program Files\avast software\avast\setup\instup.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-07] (AVAST Software)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [138008 2007-03-30] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [162584 2007-03-30] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1407248 2012-04-24] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2012-04-24] (Intel® Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
SecurityProviders:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {7a085852-6757-4e38-8874-40baece5c3ae} URL =
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {31D37273-C478-446F-B06A-59B0A6C73E72} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-03-07] (AVAST Software)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Sunbird\Profiles\oy1oewzm.default [2008-09-01]
FF Extension: (No Name) - C:\Program Files\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2008-10-24] [not signed]
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078 [2018-04-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-14] [Legacy] [not signed]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2006-03-22] (Zylom)
FF Plugin HKU\S-1-5-21-1184402194-1185109317-1466214600-1005: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fooihgffjknjfdidhkpgeibbipkjlhpn] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888 2018-03-07] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-07] (AVAST Software)
S2 gupdate1c996655bba3304; C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2016-08-04] (Google Inc.)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [919824 2012-04-24] (Intel® Corporation)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider) [File not signed]
R2 UserAccess7; C:\WINDOWS\system32\UAService7.exe [126976 2008-12-15] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S4 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 ARCSOFTVIRTUALCAPTURE; C:\WINDOWS\System32\DRIVERS\ArcSoftVirtualCapture.sys [15104 2006-12-07] (ArcSoft, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167040 2018-03-07] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [185432 2018-03-07] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157368 2018-03-07] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276688 2018-03-07] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50336 2018-03-07] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [169536 2018-03-07] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-03-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124392 2018-03-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70576 2018-03-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70816 2018-03-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783608 2018-03-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [391856 2018-03-07] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205344 2018-03-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-03-07] (AVAST Software)
R0 bdisk; C:\WINDOWS\System32\drivers\bdisk.sys [69216 2010-01-07] ()
S4 CBUfs; C:\WINDOWS\System32\DRIVERS\CBUFS.sys [120960 2010-01-07] (COMODO Security Solutions Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2014-12-25] (Windows ® Win 7 DDK provider)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209536 2009-07-29] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2009-07-29] (Conexant Systems, Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [221112 2018-01-28] (Malwarebytes)
S3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [33816 2016-08-01] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1711104 2006-10-17] (Intel® Corporation)
S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-08] (Intel Corporation)
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
S4 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
S4 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47104 2005-11-21] (TOSHIBA Corporation) [File not signed]
S4 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-01-20] (TOSHIBA CORPORATION) [File not signed]
S4 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [36480 2005-09-15] (TOSHIBA Corporation) [File not signed]
S4 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
S4 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-01-11] (TOSHIBA Corporation.) [File not signed]
S4 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-05] (TOSHIBA Corporation.) [File not signed]
S4 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [50048 2005-04-05] (TOSHIBA Corporation) [File not signed]
S4 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [39936 2006-02-09] (TOSHIBA CORPORATION) [File not signed]
R3 ubohci; C:\WINDOWS\System32\DRIVERS\ubohci.sys [116736 2012-10-05] (Unibrain)
R2 ubsbm; C:\WINDOWS\System32\DRIVERS\ubsbm.sys [17408 2016-12-24] (Unibrain)
R2 ubumapi; C:\WINDOWS\System32\DRIVERS\ubumapi.sys [46592 2016-12-24] (Unibrain)
S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1429632 2006-04-27] (Intel® Corporation)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S4 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [X]
S4 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S4 UIUSys; no ImagePath
S4 wanatw; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-04 12:53 - 2018-04-04 12:53 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\CrystalIdea Software
2018-04-03 21:13 - 2018-04-03 21:13 - 000000716 _____ C:\Documents and Settings\Philip\Desktop\SearchReg.txt
2018-04-03 20:50 - 2018-04-03 20:50 - 000000000 _____ C:\WINDOWS\system32\default_user_class.dat
2018-04-03 19:57 - 2018-04-03 19:57 - 000000000 ___DC C:\Program Files\UPHClean
2018-04-03 00:08 - 2018-04-05 21:33 - 000000356 _____ C:\VEW.txt
2018-04-02 22:38 - 2018-04-02 22:38 - 000061440 _____ ( ) C:\Documents and Settings\Philip\Desktop\VEW(1).exe
2018-03-30 22:01 - 2018-04-06 17:01 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\temp
2018-03-30 22:01 - 2018-04-05 21:19 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2018-03-30 22:01 - 2018-03-30 22:01 - 000012303 _____ C:\ComboFix.txt
2018-03-30 22:01 - 2018-03-30 22:01 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2018-03-30 22:01 - 2018-03-30 22:01 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2018-03-30 14:54 - 2018-03-30 21:20 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2018-03-13 11:29 - 2011-06-26 08:45 - 000256000 ____C C:\WINDOWS\PEV.exe
2018-03-13 11:29 - 2010-11-07 19:20 - 000208896 ____C C:\WINDOWS\MBR.exe
2018-03-13 11:29 - 2009-04-20 06:56 - 000060416 ____C (NirSoft) C:\WINDOWS\NIRCMD.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000518144 ____C (SteelWerX) C:\WINDOWS\SWREG.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000406528 ____C (SteelWerX) C:\WINDOWS\SWSC.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000212480 ____C (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000098816 ____C C:\WINDOWS\sed.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000080412 ____C C:\WINDOWS\grep.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000068096 ____C C:\WINDOWS\zip.exe
2018-03-13 11:28 - 2018-03-30 22:01 - 000000000 ____D C:\Qoobox
2018-03-13 11:22 - 2018-03-30 15:07 - 005659794 ____R (Swearware) C:\Documents and Settings\Philip\Desktop\ComboFix.exe
2018-03-13 11:05 - 2018-03-13 11:05 - 001543360 _____ (COMODO) C:\Documents and Settings\Philip\Desktop\ciscleanuptool_x86.exe
2018-03-12 22:22 - 2018-03-12 22:22 - 003480040 _____ (McAfee, Inc.) C:\Documents and Settings\Philip\Desktop\MCPR.exe
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\NetworkService\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\LocalService\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\Default User\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Intel
2018-03-12 12:13 - 2018-03-12 12:23 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless
2018-03-12 12:13 - 2010-10-07 05:11 - 006609920 ____C (Intel Corporation) C:\WINDOWS\system32\Drivers\NETwLx32.sys
2018-03-12 12:13 - 2010-02-24 17:39 - 000675840 ____C (Intel Corporation) C:\WINDOWS\system32\NETwLc32.dll
2018-03-12 12:13 - 2010-02-24 17:37 - 002756608 ____C (Intel Corporation) C:\WINDOWS\system32\NETwLr32.dll
2018-03-12 12:12 - 2018-03-12 12:12 - 000000000 ___DC C:\Program Files\Common Files\Intel
2018-03-12 08:41 - 2007-05-10 11:22 - 000405504 ____C (SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
2018-03-12 08:40 - 2007-08-21 10:58 - 000146944 ____C (IDT, Inc.) C:\WINDOWS\system32\st325602.dll
2018-03-12 08:39 - 2018-03-12 08:39 - 000000000 ___DC C:\Program Files\Sigmatel
2018-03-12 08:39 - 2007-05-10 11:23 - 004952064 ____C (SigmaTel, Inc.) C:\WINDOWS\system32\stacgui.cpl
2018-03-12 08:39 - 2007-04-10 18:02 - 001601536 ____C (SigmaTel, Inc.) C:\WINDOWS\system32\stlang.dll
2018-03-12 07:58 - 2018-04-06 16:59 - 000000330 ___HC C:\WINDOWS\Tasks\MP Scheduled Scan.job
2018-03-12 07:46 - 2018-03-30 21:30 - 000004411 _____ C:\Documents and Settings\Philip\Desktop\Fixlog.txt
2018-03-12 07:37 - 2018-03-12 07:37 - 000023392 ____C C:\WINDOWS\system32\nscompat.tlb
2018-03-12 07:37 - 2018-03-12 07:37 - 000016832 ____C C:\WINDOWS\system32\amcompat.tlb
2018-03-11 21:16 - 2018-03-11 21:16 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\LHService
2018-03-11 12:38 - 2018-03-12 07:46 - 000000000 ____D C:\Documents and Settings\Philip\Desktop\FRST-OlderVersion
2018-03-10 23:14 - 2018-03-10 23:58 - 000000000 ____D C:\Documents and Settings\Philip\My Documents\Old Firefox Data
2018-03-10 22:58 - 2018-03-10 22:58 - 000002821 _____ C:\Documents and Settings\Philip\Desktop\Hardware Interrupts and DPCs.txt
2018-03-10 22:53 - 2018-03-10 22:53 - 000002895 _____ C:\Documents and Settings\Philip\My Documents\Hardware Interrupts and DPCs.txt
2018-03-10 22:39 - 2018-04-04 21:28 - 000033257 _____ C:\Documents and Settings\Philip\Desktop\Addition.txt
2018-03-10 22:36 - 2018-04-06 17:01 - 000017908 _____ C:\Documents and Settings\Philip\Desktop\FRST.txt
2018-03-10 22:28 - 2018-03-10 22:28 - 000002105 _____ C:\Documents and Settings\Philip\Desktop\JRT.txt
2018-03-10 21:53 - 2018-03-10 21:53 - 000085752 _____ C:\Documents and Settings\Philip\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2018-03-10 21:52 - 2018-03-10 21:52 - 000326704 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-10 21:22 - 2018-03-10 21:22 - 000396616 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2018-03-10 20:52 - 2018-03-10 20:52 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Philip\Desktop\JRT.exe
2018-03-10 20:32 - 2018-03-10 20:34 - 000194863 _____ C:\Documents and Settings\Philip\Desktop\ENILLION.txt
2018-03-10 20:24 - 2018-03-10 20:24 - 006299336 _____ (Piriform Ltd) C:\Documents and Settings\Philip\Desktop\spsetup131.exe
2018-03-10 20:15 - 2018-03-10 20:15 - 000004562 _____ C:\junk.txt
2018-03-10 20:10 - 2018-03-10 21:52 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2018-03-10 20:06 - 2018-03-10 20:06 - 000004052 _____ C:\Documents and Settings\Philip\Desktop\System Idle Process.txt
2018-03-10 19:47 - 2018-03-10 19:47 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Philip\Desktop\procexp.exe
2018-03-07 13:49 - 2018-03-07 13:49 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2018-03-07 13:49 - 2018-03-07 13:49 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2018-03-07 13:47 - 2018-04-06 16:57 - 000000358 ___HC C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-03-07 13:46 - 2018-03-07 13:45 - 000391856 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000310784 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000205344 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000167040 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000124392 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000070816 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000070576 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-03-07 13:46 - 2018-03-07 13:45 - 000042808 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000783608 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000276688 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000185432 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000169536 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000157368 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2018-03-07 13:46 - 2018-03-07 13:44 - 000050336 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2018-03-07 13:45 - 2018-03-07 13:45 - 000319392 ____C (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-06 16:59 - 2018-02-05 00:00 - 000000000 ____D C:\FRST
2018-04-06 16:56 - 2004-08-11 18:20 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2018-04-06 16:56 - 2004-08-11 18:00 - 000002206 ____C C:\WINDOWS\system32\wpa.dbl
2018-04-05 22:20 - 2013-01-27 18:01 - 000032654 ____C C:\WINDOWS\SchedLgU.Txt
2018-04-05 22:20 - 2006-07-22 00:50 - 000000278 ___SH C:\Documents and Settings\Philip\ntuser.ini
2018-04-05 22:20 - 2006-07-22 00:50 - 000000000 ____D C:\Documents and Settings\Philip
2018-04-05 21:25 - 2006-07-22 22:54 - 000000000 __SHD C:\WINDOWS\CSC
2018-04-04 12:52 - 2018-01-08 21:09 - 001682344 _____ (SpeedyFox) C:\Documents and Settings\Philip\Desktop\speedyfox.exe
2018-04-03 00:10 - 2004-08-11 18:07 - 000539720 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-30 21:57 - 2004-08-11 18:00 - 000000227 _____ C:\WINDOWS\system.ini
2018-03-30 21:20 - 2013-02-09 17:50 - 000000000 ___DC C:\Program Files\Mozilla Maintenance Service
2018-03-30 15:37 - 2009-02-03 11:46 - 000000000 ___DC C:\WINDOWS\ERDNT
2018-03-13 11:55 - 2004-08-11 18:20 - 000000000 __SHD C:\Documents and Settings\LocalService
2018-03-13 10:51 - 2007-04-29 19:06 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\McAfee
2018-03-12 12:24 - 2006-06-29 15:05 - 000000000 ___DC C:\WINDOWS\system32\ReinstallBackups
2018-03-12 12:14 - 2004-08-11 18:02 - 000000000 __HDC C:\WINDOWS\inf
2018-03-12 12:12 - 2006-06-29 15:23 - 000000000 ___DC C:\Program Files\Intel
2018-03-12 09:28 - 2004-08-11 18:11 - 000000000 ___DC C:\WINDOWS\Registration
2018-03-12 09:10 - 2008-10-24 21:36 - 000000000 ___DC C:\Program Files\Microsoft SQL Server
2018-03-12 08:41 - 2004-08-11 18:02 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2018-03-12 08:35 - 2006-06-29 15:21 - 000000000 ___DC C:\Program Files\Dell
2018-03-12 08:31 - 2018-02-05 18:16 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2018-03-12 07:46 - 2018-02-04 23:45 - 001763328 _____ (Farbar) C:\Documents and Settings\Philip\Desktop\FRST.exe
2018-03-12 07:37 - 2017-01-08 21:31 - 000000792 ____C C:\Documents and Settings\Philip\Start Menu\Programs\Windows Media Player.lnk
2018-03-12 07:37 - 2008-10-24 17:23 - 000000000 ___DC C:\Program Files\Windows Desktop Search
2018-03-12 07:37 - 2004-08-11 18:00 - 000000765 ____C C:\WINDOWS\win.ini
2018-03-11 21:16 - 2016-12-28 22:16 - 000000000 ___DC C:\Program Files\LockHunter
2018-03-11 21:08 - 2006-06-29 15:21 - 000000000 __HDC C:\Program Files\InstallShield Installation Information
2018-03-11 21:03 - 2006-07-29 09:44 - 000000000 ___DC C:\Program Files\Windows Media Connect 2
2018-03-11 21:03 - 2004-08-11 18:02 - 000000000 ___DC C:\WINDOWS\Help
2018-03-11 21:00 - 2018-01-18 19:28 - 000000000 ___DC C:\Program Files\Belarc
2018-03-11 20:59 - 2013-11-01 15:30 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2018-03-11 20:59 - 2013-11-01 15:29 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2018-03-11 20:18 - 2004-08-11 18:00 - 000000211 ___SH C:\boot.ini
2018-03-11 11:35 - 2009-02-05 10:15 - 000000000 ___DC C:\WINDOWS\pss
2018-03-10 22:26 - 2004-08-11 18:06 - 000000000 ____D C:\Documents and Settings\All Users
2018-03-10 20:14 - 2014-03-01 10:48 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\Skype
2018-03-10 20:13 - 2007-06-04 22:16 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2018-03-10 20:06 - 2016-08-04 22:02 - 000000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2018-03-09 00:29 - 2004-08-11 18:02 - 000000000 ___DC C:\WINDOWS\security
2018-03-08 23:42 - 2006-06-29 15:16 - 000000000 ___DC C:\Program Files\Common Files\Java
2018-03-08 22:10 - 2010-11-20 20:25 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\PCDr
2018-03-08 10:33 - 2011-02-20 20:34 - 000001324 ____C C:\WINDOWS\system32\d3d9caps.dat
2018-03-08 01:27 - 2004-08-11 18:20 - 000000178 __SHC C:\Documents and Settings\LocalService\ntuser.ini

==================== Files in the root of some directories =======

2006-07-22 05:46 - 2000-03-14 01:00 - 000249856 ____C (Microsoft Corporation) C:\Program Files\SETUP1.EXE
2008-10-27 20:20 - 2008-10-27 20:20 - 000002528 ____C () C:\Documents and Settings\Philip\Application Data\$_hpcst$.hpc
2008-11-25 17:42 - 2009-01-28 21:48 - 000000082 ____C () C:\Documents and Settings\Philip\Application Data\AVSDVDPlayer.m3u
2010-12-08 17:18 - 2015-02-22 16:21 - 000028790 _____ () C:\Documents and Settings\Philip\Application Data\Comma Separated Values (Windows).ADR
2006-07-25 19:38 - 2010-03-30 19:45 - 000014848 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-24 21:30 - 2006-07-24 21:30 - 000000129 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\fusioncache.dat
2007-11-29 10:18 - 2007-11-29 10:18 - 000000032 ____C () C:\Documents and Settings\All Users\Application Data\ezsid.dat
2009-05-24 18:19 - 2017-01-02 22:56 - 000004136 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-07-12 21:16 - 2012-08-28 21:32 - 000000193 ____C () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2006-11-14 17:52 - 2009-04-20 18:07 - 000000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2006-06-29 15:21 - 2006-06-29 15:21 - 000000004 ___HC () C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11.03.2018 01
Ran by Philip (06-04-2018 17:02:14)
Running from C:\Documents and Settings\Philip\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-07-21 22:50:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1184402194-1185109317-1466214600-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Biggles (S-1-5-21-1184402194-1185109317-1466214600-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Biggles
Guest (S-1-5-21-1184402194-1185109317-1466214600-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1184402194-1185109317-1466214600-1004 - Limited - Disabled)
Philip (S-1-5-21-1184402194-1185109317-1466214600-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Philip
SUPPORT_388945a0 (S-1-5-21-1184402194-1185109317-1466214600-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{47ECCB1F-2811-49C0-B6A7-26778639ABA0}) (Version: 3.1.1 - Hewlett-Packard) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
C4580 (HKLM\...\{403E07CF-040C-4653-85C6-1053B992CA53}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: 7.63.00.50 - Conexant)
Copy (HKLM\...\{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Destination Component (HKLM\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DownloadX ActiveX Download Control 1.6.8 (HKLM\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version:  - Genesis Mobile)
GNU Backgammon (MAIN branch, 20081113 code) (HKLM\...\GNU Backgammon_is1) (Version:  - Free Software Foundation)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
InstaCodecs (HKLM\...\InstaCodecs_is1) (Version: 1.0 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{954B463D-FC19-4855-B9FA-92A136AE7BB7}) (Version: 15.03.0000 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MCU (HKLM\...\{D2988E9B-C73F-422C-AD4B-A66EBE257120}) (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Web Apps Browser Plugin (HKLM\...\{95140000-1148-0409-0000-0000000FF1CE}) (Version: 14.0.5568.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.7.3 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.7.3 ESR (x86 en-GB)) (Version: 52.7.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.7.3.6655 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Network (HKLM\...\{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Oxford Spanish Dictionary (HKLM\...\Oxford Spanish Dictionary) (Version:  - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.208.0 - Tracker Software Products Ltd)
PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.199.0 - Tracker Software Products Ltd)
PDF-XChange Viewer (HKLM\...\{D652ACB5-5443-43FA-B25C-259AFF394D8D}) (Version: 2.0.44.0 - Tracker Software Products Ltd.)
PS_AIO_04_C4580_Software_Min (HKLM\...\{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Recuva (remove only) (HKLM\...\Recuva) (Version:  - )
Scan (HKLM\...\{9CCCFD9C-248F-47FE-9496-1680E3E5C163}) (Version: 12.0.0.0 - Hewlett-Packard) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SmartWebPrinting (HKLM\...\{800E784D-53E3-4948-B491-9E7FA5EACBDC}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Sonic Audio module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.98 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sound Blaster ADVANCED MB Drivers (HKLM\...\SAMB_ADVMB_FILTER_DRV) (Version:  - )
Status (HKLM\...\{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Toolbox (HKLM\...\{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{4D304678-738E-42a0-931A-2B022F49DEB8}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Webcam 1200 (HKLM\...\{66D475AE-F18B-43A0-8BAF-61AF4403E339}) (Version: 1.0.0.0 - Logitech)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.14 - Microsoft Corporation)
Windows Driver Package - Conexant (winachsf) Modem  (03/22/2007 7.63.00.50) (HKLM\...\BC9093B69A2F23E789D7F05A3770E314C8D0F44E) (Version: 03/22/2007 7.63.00.50 - Conexant)
Windows Driver Package - Dell Inc (omci) system  (05/26/2009 7.7.0.830) (HKLM\...\B2A4CCA33ED18F8364EBC488FB0B7A4B87B9F00D) (Version: 05/26/2009 7.7.0.830 - Dell Inc)
Windows Driver Package - Intel hdc  (07/25/2013 9.1.9.1005) (HKLM\...\0FC89EF25B8E7EB4E6DEC68AAB6FC08D970018E8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/09/2013 9.1.9.1004) (HKLM\...\737C68EDD1AFCD5D42AE3A1B12CD1455500F0EA2) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\FFD5BD6AF8B693FED8D50E12A23F30056D22A864) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB  (07/09/2013 9.1.9.1004) (HKLM\...\7FE3091A683E1D79B336ED7A5D69467CDFFB7A5E) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device  (12/22/2017 6.2.84.276) (HKLM\...\5904AD65D5DEFFD8294BF5DB998020688E567249) (Version: 12/22/2017 6.2.84.276 - IVT Corporation)
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Driver Package - Ricoh Company (risdptsk) hdc  (09/02/2008 6.03.02.22) (HKLM\...\37F6DB1FE70CA0A966E15DBD0B314B56D7A92A5B) (Version: 09/02/2008 6.03.02.22 - Ricoh Company)
Windows Driver Package - Ricoh Company MMC Host Controller (03/07/2011 6.00.03.05) (HKLM\...\07A14B7D240AEA7F81B3C2FE99BFE33F46642538) (Version: 03/07/2011 6.00.03.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (03/07/2011 6.00.01.11) (HKLM\...\0BFE5FCDE57FA0AF01CA8E6EA54F614A15083EBF) (Version: 03/07/2011 6.00.01.11 - Ricoh Company)
Windows Driver Package - Ricoh Company xD Host Controller (03/07/2011 6.00.01.13) (HKLM\...\7624569EEDBF62171F717E0F02EAF2547B81FFAF) (Version: 03/07/2011 6.00.01.13 - Ricoh Company)
Windows Driver Package - SigmaTel MEDIA  (02/15/2008 6.10.0.5866) (HKLM\...\0C327E80B04D91ACEF343253C80A5CAEDF25AF73) (Version: 02/15/2008 6.10.0.5866 - SigmaTel)
Windows Driver Package - Unibrain (ubohci) UB1394  (10/05/2012 6.0) (HKLM\...\E2CB89A0476213170E58E955F4C2024F6879C877) (Version: 10/05/2012 6.0 - Unibrain)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Connect (HKLM\...\WMCSetup) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2007-03-30] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Philip\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2018-03-07 13:45 - 2018-03-07 13:45 - 000287960 ____C () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-07 13:45 - 2018-03-07 13:45 - 000280280 ____C () C:\Program Files\avast software\avast\tasks_core.dll
2018-04-05 20:44 - 2018-04-05 20:44 - 005813392 ____C () C:\Program Files\AVAST Software\Avast\defs\18040510\algo.dll
2018-03-07 13:45 - 2018-03-07 13:45 - 000756952 ____C () C:\Program Files\avast software\avast\ffl2.dll
2018-03-07 13:44 - 2018-03-07 13:44 - 000172760 ____C () C:\Program Files\avast software\avast\hns_tools.dll
2018-03-07 13:45 - 2018-03-07 13:45 - 000964824 ____C () C:\Program Files\avast software\avast\shepherdsync.dll
2018-03-07 13:45 - 2018-03-07 13:45 - 000475352 ____C () C:\Program Files\avast software\avast\gui_cache.dll
2017-11-27 16:03 - 2018-01-14 21:51 - 001934792 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2008-12-15 17:17 - 2008-12-15 17:17 - 000126976 _____ () C:\WINDOWS\system32\UAService7.exe
2018-03-07 13:45 - 2018-03-07 13:45 - 048936448 ____C () C:\Program Files\avast software\avast\libcef.dll
2018-03-07 13:44 - 2018-03-07 13:44 - 000618200 ____C () c:\Program Files\avast software\avast\vaarclient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:SummaryInformation [43]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com

There are 5486 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 18:00 - 2018-03-30 20:34 - 000000027 ____C C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\msiexec.exe] => Generic Host Process
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
DomainProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
DomainProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
DomainProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
DomainProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
StandardProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
StandardProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
StandardProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017

==================== Restore Points =========================

03-04-2018 00:39:56 System Checkpoint
03-04-2018 19:57:07 Installed User Profile Hive Cleanup Service
05-04-2018 21:16:08 Software Distribution Service 3.0

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 350 Bluetooth Internal Card
Description: Dell Wireless 350 Bluetooth Internal Card
Class Guid: {9B21FD3A-B1AB-4EB9-956F-E56ACFE78BCE}
Manufacturer: Toshiba
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

==================== Memory info ===========================

Processor: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of memory in use: 72%
Total physical RAM: 1014.37 MB
Available physical RAM: 276.53 MB
Total Virtual: 2440.37 MB
Available Virtual: 1862.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:51.39 GB) (Free:27.48 GB) NTFS ==>[drive with boot components (Windows XP)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 54.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=51.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End of Addition.txt ============================

 

Philip


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP