Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I cannot complete Installation of a Program - Error 1632


  • Please log in to reply

#121
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,168 posts
  • MVP

What does oem63.inf say?

 

What happens if you open regedit , go to

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001]

right click and delete. Then reboot?  Do you still have two video adapters in Device Managers?


  • 0

Advertisements


#122
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

oem63.inf says:

 

;=============================================================================
;
; Copyright © Intel Corporation (2005).
;
; INTEL MAKES NO WARRANTY OF ANY KIND REGARDING THE CODE.  THIS CODE IS
; LICENSED ON AN "AS IS" BASIS AND INTEL WILL NOT PROVIDE ANY SUPPORT,
; ASSISTANCE, INSTALLATION, TRAINING OR OTHER SERVICES.  INTEL DOES NOT
; PROVIDE ANY UPDATES, ENHANCEMENTS OR EXTENSIONS.  INTEL SPECIFICALLY
; DISCLAIMS ANY WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR ANY
; PARTICULAR PURPOSE, OR ANY OTHER WARRANTY.  Intel disclaims all liability,
; including liability for infringement of any proprietary rights, relating to
; use of the code. No license, express or implied, by estoppel or otherwise,
; to any intellectual property rights is granted herein.
;
;=============================================================================

; Installation inf for the Intel Corporation graphics adapter.

[Version]
Signature="$WINDOWS NT$"
Provider=%Intel%
ClassGUID={4D36E968-E325-11CE-BFC1-08002BE10318}
Class=Display
CatalogFile=igfxnt5.cat

DriverVer=12/13/2005,6.14.10.4446

[DestinationDirs]
DefaultDestDir   = 11
ialm.Miniport  = 12  ; drivers
ialm.Display   = 11  ; system32
Copp.Copy   = 11  ; system32
CUI.Copy = 11
Uninstall_Copy = 11

OpenGL.Copy    = 11  ; OpenGL Drivers in System32

;
; Driver information
;

[Manufacturer]
%Intel%   = Intel.Mfg

[Intel.Mfg]
%iCLGD0% = i945GM0, PCI\VEN_8086&DEV_27A2&SUBSYS_01C21028
%iCLGD1% = i945GM1, PCI\VEN_8086&DEV_27A6&SUBSYS_01C21028
%iCLGD0% = i945GM0, PCI\VEN_8086&DEV_27A2&SUBSYS_01BD1028
%iCLGD1% = i945GM1, PCI\VEN_8086&DEV_27A6&SUBSYS_01BD1028
%iCLGD0% = i945GM0, PCI\VEN_8086&DEV_27A2&SUBSYS_01CC1028
%iCLGD1% = i945GM1, PCI\VEN_8086&DEV_27A6&SUBSYS_01CC1028
%iCLGD0% = i945GM0, PCI\VEN_8086&DEV_27A2&SUBSYS_01CD1028
%iCLGD1% = i945GM1, PCI\VEN_8086&DEV_27A6&SUBSYS_01CD1028
%iCLGD0% = i945GM0, PCI\VEN_8086&DEV_27A2&SUBSYS_01D81028
%iCLGD1% = i945GM1, PCI\VEN_8086&DEV_27A6&SUBSYS_01D81028
%iCLGD0% = i945GM0, PCI\VEN_8086&DEV_27A2&SUBSYS_01D71028
%iCLGD1% = i945GM1, PCI\VEN_8086&DEV_27A6&SUBSYS_01D71028
%iCLGD0% = i945GM0, PCI\VEN_8086&DEV_27A2&SUBSYS_01D61028
%iCLGD1% = i945GM1, PCI\VEN_8086&DEV_27A6&SUBSYS_01D61028
%iCLGD0% = i945GM0, PCI\VEN_8086&DEV_27A2&SUBSYS_01D41028
%iCLGD1% = i945GM1, PCI\VEN_8086&DEV_27A6&SUBSYS_01D41028

;
; General installation section
;

[i945GM0]
DelFiles=CUI.DelFiles, CUISDK.DelFiles
CopyFiles=ialm.Miniport, ialm.Display, Copp.Copy, CUI.Copy,Resource.Copy,CUISDK.Copy,Uninstall_Copy , OpenGL.Copy
AddReg = Driver.AddReg, CUI.AddReg,Uninstall945GM0_AddReg , OpenGL.AddReg ,Rotation.AddReg, Decode.AddReg, CUISDK.AddReg
DelReg =  PC.DelReg, Driver.DelReg, CUI.DelReg  ,Rotation.DelReg, Decode.DelReg, CUISDK.DelReg
;InstallINF = 0

DriverVer=12/13/2005,6.14.10.4446

[i945GM1]
DelFiles=CUI.DelFiles, CUISDK.DelFiles
CopyFiles=ialm.Miniport, ialm.Display, Copp.Copy, CUI.Copy,Resource.Copy,CUISDK.Copy,Uninstall_Copy , OpenGL.Copy
AddReg = Driver.AddReg, CUI.AddReg,Uninstall945GM1_AddReg , OpenGL.AddReg ,Rotation.AddReg, Decode.AddReg, CUISDK.AddReg
DelReg =  PC.DelReg, Driver.DelReg, CUI.DelReg  ,Rotation.DelReg, Decode.DelReg, CUISDK.DelReg
;InstallINF = 0

DriverVer=12/13/2005,6.14.10.4446

[i945GM0.CoInstallers]
AddReg = iAlmCoInst.AddReg
CopyFiles = iAlmCoInst.CopyFiles

[i945GM1.CoInstallers]
AddReg = iAlmCoInst.AddReg
CopyFiles = iAlmCoInst.CopyFiles

[iAlmCoInst.AddReg]

HKR,,CoInstallers32,0x10000,"iAlmCoIn_v4446.dll,iAlmMFCoInstaller"

[Rotation.AddReg]

[Rotation.DelReg]
HKLM, System\CurrentControlSet\Services\ialm\Device0, Display1_EnableRotation

[iAlmCoInst.CopyFiles]

iAlmCoIn_v4446.dll,iAlmCoIn.dll,,0x00000010

;
; File sections
;
[ialm.Miniport]
ialmnt5.sys

[ialm.Display]
ialmrnt5.dll
ialmdnt5.dll
ialmdev5.dll
ialmdd5.dll

[OpenGL.Copy]
iglicd32.dll
igldev32.dll

[UDlg.Copy]
ialmudlg.exe
ialmuARA.dll
ialmuARB.dll
ialmuCHS.dll
ialmuCHT.dll
ialmuCSY.dll
ialmuDAN.dll
ialmuDEU.dll
ialmuELL.dll
ialmuENG.dll
ialmuESP.dll
ialmuFIN.dll
ialmuFRA.dll
ialmuFRC.dll
ialmuHEB.dll
ialmuHUN.dll
ialmuITA.dll
ialmuJPN.dll
ialmuKOR.dll
ialmuNLD.dll
ialmuNOR.dll
ialmuPLK.dll
ialmuPTB.dll
ialmuPTG.dll
ialmuRUS.dll
ialmuSVE.dll
ialmuTHA.dll
ialmuTRK.dll

[Copp.Copy]
igxpxa32.cpa
igxpxa32.vp
igxpxk32.vp
igxpxs32.vp

[Uninstall_Copy]
ialmrem.dll

[CUI.DelFiles]
igfxres.dll,,,1
igfx.hlp,,,1
igfxdiag.exe,,,1
igfxdgps.dll,,,1
igfxhk.dll,,,1
igfxeud.dll,,,1

[OEM.Copy]
oemdspif.dll    

[CUI.Copy]
hccutils.dll
igfxsrvc.dll
igfxsrvc.exe
igfxpph.dll
igfxcpl.cpl
igfxcfg.exe
igfxdev.dll
igfxdo.dll

igfxtray.exe
igfxzoom.exe
hkcmd.exe
igfxress.dll         ; Generic language resource file
igfxpers.exe

[Resource.Copy]
igfxrara.lrc    ; Arabic language resource file
igfxrchs.lrc    ; Simplified Chinese language resource file
igfxrcht.lrc    ; Traiditional Chinese language resource file
igfxrdan.lrc    ; Danish language resource file
igfxrdeu.lrc    ; German language resource file
igfxrenu.lrc    ; American English language resource file
igfxresp.lrc    ; Spanish language resource file
igfxrfin.lrc    ; Finish language resource file
igfxrfra.lrc    ; French language resource file
igfxrheb.lrc    ; Hebrew Language Resource file
igfxrita.lrc    ; Italian language resource file
igfxrjpn.lrc    ; Japanese language resource file
igfxrkor.lrc    ; Korean language resource file
igfxrnld.lrc    ; Netherland language resource file
igfxrnor.lrc    ; Norwegian language resource file
igfxrplk.lrc    ; Polish language resource file
igfxrptb.lrc    ; Brazilian Portugese language resource file
igfxrptg.lrc    ; Portugese language resource file
igfxrrus.lrc    ; Russian language resource file
igfxrsve.lrc    ; Sweedish language resource file
igfxrtha.lrc    ; Thai language resource file
igfxrcsy.lrc    ; Czechoslovakian language resource file
igfxrell.lrc    ; Greek language resource file
igfxrhun.lrc    ; Hungarian language resource file
igfxrtrk.lrc    ; Turkish language resource file

[CUI.DelReg]
HKLM,%CUIDeviceIndependentKey%
HKLM,%DisplayKey%
; Delete old style cui/driver share key
HKLM,%CUIDriverOldShareKey%
; Delete old style cui keys which are device dependent
HKLM,Software\INTEL\igfxcui
HKR,igfxdiag
HKR,igfxeud
HKR,igfxcfg
HKR,igfxcpl
HKR,igfxpph
HKR,igfxsrvc
HKR,igfxhk
HKR,hkcmd
HKR,igfxtray
HKR,shellex\PropertySheetHandlers
;
; Delete the CUI registry entry which registers for winlogon events
;
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui"

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;CUIService

HKCR,"igfx.CUIService\CLSID"
HKCR,"igfx.CUIService\CurVer"
HKCR,"igfx.CUIService"
HKCR,"igfx.CUIService.1\CLSID"
HKCR,"igfx.CUIService.1"
HKCR,"CLSID\{0F195FA1-CCF0-11D2-8B20-00A0C93CB1F4}\InProcServer32\ThreadingModel"
HKCR,"CLSID\{0F195FA1-CCF0-11D2-8B20-00A0C93CB1F4}\InProcServer32"
HKCR,"CLSID\{0F195FA1-CCF0-11D2-8B20-00A0C93CB1F4}\ProgID"
HKCR,"CLSID\{0F195FA1-CCF0-11D2-8B20-00A0C93CB1F4}\Programmable"
HKCR,"CLSID\{0F195FA1-CCF0-11D2-8B20-00A0C93CB1F4}\VersionIndependentProgID"
HKCR,"CLSID\{0F195FA1-CCF0-11D2-8B20-00A0C93CB1F4}"

;CUITestConfig

HKCR,"igfx.CUITestConfig\CLSID"
HKCR,"igfx.CUITestConfig\CurVer"
HKCR,"igfx.CUITestConfig"
HKCR,"igfx.CUITestConfig.1\CLSID"
HKCR,"igfx.CUITestConfig.1"
HKCR,"CLSID\{97DC3661-693D-11d4-B561-00A0C92E6848}\InProcServer32\ThreadingModel"
HKCR,"CLSID\{97DC3661-693D-11d4-B561-00A0C92E6848}\InProcServer32"
HKCR,"CLSID\{97DC3661-693D-11d4-B561-00A0C92E6848}\ProgID"
HKCR,"CLSID\{97DC3661-693D-11d4-B561-00A0C92E6848}\Programmable"
HKCR,"CLSID\{97DC3661-693D-11d4-B561-00A0C92E6848}\VersionIndependentProgID"
HKCR,"CLSID\{97DC3661-693D-11d4-B561-00A0C92E6848}"

;igfxeud.EndUserShellExt

HKCR,"igfxeud.EndUserShellExt\CLSID"
HKCR,"igfxeud.EndUserShellExt\CurVer"
HKCR,"igfxeud.EndUserShellExt"
HKCR,"igfxeud.EndUserShellExt.1"
HKCR,"igfxeud.EndUserShellExt.1\CLSID"
HKCR,"CLSID\{3AB167A5-CCFF-11D2-8B20-00A0C93CB1F4}\InProcServer32\ThreadingModel"
HKCR,"CLSID\{3AB167A5-CCFF-11D2-8B20-00A0C93CB1F4}\InProcServer32"
HKCR,"CLSID\{3AB167A5-CCFF-11D2-8B20-00A0C93CB1F4}\ProgID"
HKCR,"CLSID\{3AB167A5-CCFF-11D2-8B20-00A0C93CB1F4}\Programmable"
HKCR,"CLSID\{3AB167A5-CCFF-11D2-8B20-00A0C93CB1F4}\VersionIndependentProgID"
HKCR,"CLSID\{3AB167A5-CCFF-11D2-8B20-00A0C93CB1F4}"

;igfxdiag.DiagServices

HKCR,"igfx.DiagServices\CLSID"
HKCR,"igfx.DiagServices\CurVer"
HKCR,"igfx.DiagServices"
HKCR,"igfx.DiagServices.1\CLSID"
HKCR,"igfx.DiagServices.1"
HKCR,"CLSID\{0EF91A8E-03D5-11D3-B995-00A0C9AD54B5}\LocalServer32"
HKCR,"CLSID\{0EF91A8E-03D5-11D3-B995-00A0C9AD54B5}\ProgID"
HKCR,"CLSID\{0EF91A8E-03D5-11D3-B995-00A0C9AD54B5}\VersionIndependentProgID"
HKCR,"CLSID\{0EF91A8E-03D5-11D3-B995-00A0C9AD54B5}"

;igfxdiag.ICUIAGP

HKCR, "Interface\{E0BA4EE2-03D5-11d3-B995-00A0C9AD54B5}\NumMethods"
HKCR, "Interface\{E0BA4EE2-03D5-11d3-B995-00A0C9AD54B5}\ProxyStubClsid32"
HKCR, "Interface\{E0BA4EE2-03D5-11d3-B995-00A0C9AD54B5}"

;igfxdiag.ICUIDiagController

HKCR,"Interface\{48E57D01-53BD-11D3-8EE0-00A0C984F371}\NumMethods"
HKCR,"Interface\{48E57D01-53BD-11D3-8EE0-00A0C984F371}\ProxyStubClsid32"
HKCR,"Interface\{48E57D01-53BD-11D3-8EE0-00A0C984F371}"

;igfxdiag.ICUIDriverInfo

HKCR, "Interface\{C562A581-4989-11D3-8EE0-00A0C984F371}\ProxyStubClsid32"
HKCR, "Interface\{C562A581-4989-11D3-8EE0-00A0C984F371}\NumMethods"
HKCR, "Interface\{C562A581-4989-11D3-8EE0-00A0C984F371}"

;igfxdiag.ICUIMonitor

HKCR,"Interface\{E0BA4EE3-03D5-11D3-B995-00A0C9AD54B5}\NumMethods"
HKCR,"Interface\{E0BA4EE3-03D5-11D3-B995-00A0C9AD54B5}ProxyStubClsid32"
HKCR,"Interface\{E0BA4EE3-03D5-11D3-B995-00A0C9AD54B5}"

;igfxdiag.ICUIMonitor2

HKCR,"Interface\{7D8A8461-25C2-11D4-ACA5-00A0C9AD5629}\ProxyStubClsid32"
HKCR,"Interface\{7D8A8461-25C2-11D4-ACA5-00A0C9AD5629}\NumMethods"
HKCR,"Interface\{7D8A8461-25C2-11D4-ACA5-00A0C9AD5629}"

;igfxdiag.ICUIPCI

HKCR,"Interface\{E0BA4EE1-03D5-11D3-B995-00A0C9AD54B5}\NumMethods"
HKCR,"Interface\{E0BA4EE1-03D5-11D3-B995-00A0C9AD54B5}\ProxyStubClsid32"
HKCR,"Interface\{E0BA4EE1-03D5-11D3-B995-00A0C9AD54B5}"

;igfxdiag.ICUIReport

HKCR,"Interface\{E0BA4EE5-03D5-11D3-B995-00A0C9AD54B5}\NumMethods"
HKCR,"Interface\{E0BA4EE5-03D5-11D3-B995-00A0C9AD54B5}ProxyStubClsid32"
HKCR,"Interface\{E0BA4EE5-03D5-11D3-B995-00A0C9AD54B5}"

;igfxdiag.ICUITests

HKCR,"Interface\{E0BA4EE4-03D5-11D3-B995-00A0C9AD54B5}\NumMethods"
HKCR,"Interface\{E0BA4EE4-03D5-11D3-B995-00A0C9AD54B5}ProxyStubClsid32"
HKCR,"Interface\{E0BA4EE4-03D5-11D3-B995-00A0C9AD54B5}"

;igfxdiag.IDiagServices

HKCR,"Interface\{0EF91A8D-03D5-11D3-B995-00A0C9AD54B5}\NumMethods"
HKCR,"Interface\{0EF91A8D-03D5-11D3-B995-00A0C9AD54B5}\ProxyStubClsid32"
HKCR,"Interface\{0EF91A8D-03D5-11D3-B995-00A0C9AD54B5}"

;igfxdiag.IDiagServices2

HKCR,"Interface\{1D775861-25C6-11D4-ACA5-00A0C9AD5629}\NumMethods"
HKCR,"Interface\{1D775861-25C6-11D4-ACA5-00A0C9AD5629}\ProxyStubClsid32"
HKCR,"Interface\{1D775861-25C6-11D4-ACA5-00A0C9AD5629}"

;igfxhk.Hotkey

HKCR,"igfxhk.HotKey\CLSID"
HKCR,"igfxhk.HotKey\CurVer"
HKCR,"igfxhk.HotKey"
HKCR,"igfxhk.HotKey.1\CLSID"
HKCR,"igfxhk.HotKey.1"
HKCR,"CLSID\{235CC099-CFB4-44D9-8228-270FEE479D8A}\InProcServer32\ThreadingModel"
HKCR,"CLSID\{235CC099-CFB4-44D9-8228-270FEE479D8A}\InProcServer32"
HKCR,"CLSID\{235CC099-CFB4-44D9-8228-270FEE479D8A}\ProgID"
HKCR,"CLSID\{235CC099-CFB4-44D9-8228-270FEE479D8A}\VersionIndependentProgID"
HKCR,"CLSID\{235CC099-CFB4-44D9-8228-270FEE479D8A}"

;igfxdgps.dll entry

HKCR,"CLSID\{48E57D01-53BD-11D3-8EE0-00A0C984F371}\InProcServer32\ThreadingModel"
HKCR,"CLSID\{48E57D01-53BD-11D3-8EE0-00A0C984F371}\InProcServer32"
HKCR,"CLSID\{48E57D01-53BD-11D3-8EE0-00A0C984F371}"

;Remove HKLM\Software\Microsoft\Windows\Currentversion\Run CUI entries
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run","HotKeysCmds"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run","Persistence"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run","igfxtray"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run","igfxhkcmd"
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run","igfxpers"

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;
; Service Installation
;

[i945GM0.Services]
AddService = ialm, 0x00000002, ialm_Service_Inst, ialm_EventLog_Inst

[i945GM1.Services]
AddService = ialm, 0x00000002, ialm_Service_Inst, ialm_EventLog_Inst

[ialm_Service_Inst]
ServiceType    = 1               ; SERVICE_KERNEL_DRIVER
StartType      = 3               ; SERVICE_DEMAND_START
ErrorControl   = 0                ; SERVICE_ERROR_IGNORE
LoadOrderGroup = Video
ServiceBinary  = %12%\ialmnt5.sys

[ialm_EventLog_Inst]
AddReg = ialm_EventLog_AddReg

[ialm_EventLog_AddReg]
HKR,,EventMessageFile,0x00020000,"%SystemRoot%"\System32\IoLogMsg.dll;%SystemRoot%"\System32\drivers\ialmnt5.sys"
HKR,,TypesSupported,0x00010001,7

;
; Software Installation
;

[i945GM0.SoftwareSettings]
AddReg = i945GM_SoftwareDeviceSettings
AddReg = Rotation_AddSwSettings
DelReg = Rotation_DelSwSettings
AddReg = OpenGL_AddSwSettings
DelReg = OpenGL_DelSwSettings
AddReg = PwrCons_AddSwSettings
DelReg = PwrCons_DelSwSettings
AddReg = IntTvOut_AddSwSettings
DelReg = IntTvOut_DelSwSettings
AddReg = General_AddSwSettings
DelReg = General_DelSwSettings
AddReg = PERF_AddSwSettings
DelReg = PERF_DelSwSettings

[i945GM1.SoftwareSettings]
AddReg =i945GM_SoftwareDeviceSettings
AddReg = Rotation_AddSwSettings
DelReg = Rotation_DelSwSettings
AddReg = OpenGL_AddSwSettings
DelReg = OpenGL_DelSwSettings
AddReg = PwrCons_AddSwSettings
DelReg = PwrCons_DelSwSettings
AddReg = IntTvOut_AddSwSettings
DelReg = IntTvOut_DelSwSettings
AddReg = General_AddSwSettings
DelReg = General_DelSwSettings
AddReg = PERF_AddSwSettings
DelReg = PERF_DelSwSettings

[PwrCons_AddSwSettings]
HKR,, FeatureTestControl,%REG_DWORD%, 0x6 ; Disables FBC and DFGT

[PwrCons_DelSwSettings]
HKR,, FeatureTestControl

[PERF_AddSwSettings]
HKR,, LogResumeTime,%REG_DWORD%, 0 ; Enables or Disables Resume analysis,  0 - disable 1 - enable
HKR,, MaxRuns,%REG_DWORD%, 9 ; The maximum number of runs after which old resumeTime values over-written.

[PERF_DelSwSettings]
HKR,, LogResumeTime ; Enables or Disables Resume analysis
HKR,, MaxRuns ; The maximum number of runs after which old resumeTime values over-written.

[IntTvOut_AddSwSettings]
HKR,, Display1_DisableIntTvOut,%REG_DWORD%, 0  ; 1 - Disable and 0 - Enable

[IntTvOut_DelSwSettings]
HKR,, Display1_DisableIntTvOut

[General_AddSwSettings]
HKR,, Display1_EnableNoPruneFlag,%REG_DWORD%, 1  ; 1 - Enable and 0 - Disable

[General_DelSwSettings]
HKR,, Display1_EnableNoPruneFlag

[HotPlug_AddSwSettings]
HKR,, Display1_DVIHotPlugWAFlag,%REG_DWORD%, 0  ; 1 - Enable and 0 - Disable

[HotPlug_DelSwSettings]
HKR,, Display1_DVIHotPlugWAFlag

[Rotation_AddSwSettings]

HKR,, Display1_RotationCaps,%REG_DWORD%, 7  ; Portrait, Inverted LandScape, Inverted Portrait
HKR,, Display2_RotationCaps,%REG_DWORD%, 7  ; Portrait, Inverted LandScape, Inverted Portrait
HKR,, Display1_RotationPolicy,%REG_DWORD%, 0  ; default policy
HKR,, Display2_RotationPolicy,%REG_DWORD%, 0  ; default policy
HKR,, Display1_RotationConfig,%REG_DWORD%, 0  ; default configuration
HKR,, Display2_RotationConfig,%REG_DWORD%, 0  ; default configuration

[Rotation_DelSwSettings]
HKR,, Display1_RotationCaps
HKR,, Display2_RotationCaps
HKR,, Display1_RotationPolicy
HKR,, Display2_RotationPolicy

[OpenGL_AddSwSettings]

HKR,, OpenGLInstalled,%REG_DWORD%, 1  ; Open GL drivers installed

[OpenGL_DelSwSettings]
HKR,, OpenGLInstalled

[i945GM_SoftwareDeviceSettings]
HKR,, InstalledDisplayDrivers,     %REG_MULTI_SZ%, ialmrnt5
HKR,, VgaCompatible,                 %REG_DWORD%,    0
;Enable Multifunction support
HKR,,MultifunctionSupported, %REG_DWORD%, 1
HKR,,NativeResolution, %REG_DWORD%, 1
HKR,,NativeBPP, %REG_DWORD%, 1
HKR,,ConfigID, %REG_DWORD%, 0

[i945GM0.GeneralConfigData]
MaximumNumberOfDevices = 2
MaximumDeviceMemoryConfiguration = 256

[i945GM1.GeneralConfigData]
MaximumNumberOfDevices = 2
MaximumDeviceMemoryConfiguration = 256

[OpenGL.AddReg]
HKLM,"Software\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers\Intel","dll",%REG_SZ%,"iglicd32"
HKLM,"Software\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers\Intel","Version",%REG_DWORD%,0x2
HKLM,"Software\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers\Intel","DriverVersion",%REG_DWORD%,0x1
HKLM,"Software\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers\Intel","Flags",%REG_DWORD%,0x3

[Decode.AddReg]
HKLM,"Software\Intel\Intel Graphics Accelerator\DXVA","SupportedDecodeMode",%REG_DWORD%,0x0; disabling VLD

[Decode.DelReg]
HKLM,"Software\Intel\Intel Graphics Accelerator"

[Sprite.AddReg]
HKLM,"Software\INTEL\Display","Sprite",%REG_DWORD%,0x1

;
; Source file information
;

[SourceDisksNames.x86]
1 = %DiskId%,,,""

[SourceDisksFiles]
ialmnt5.sys  = 1
iAlmCoIn.dll = 1

ialmrnt5.dll = 1

ialmdnt5.dll = 1
ialmdev5.dll = 1
ialmdd5.dll   = 1
iglicd32.dll = 1
igldev32.dll = 1

igxpxa32.cpa = 1
igxpxa32.vp  = 1
igxpxk32.vp  = 1
igxpxs32.vp  = 1

ialmrem.dll = 1
igfxress.dll=1    ; Generic language resource file
igfxrenu.lrc=1  ; American English language resource file
igfxrara.lrc=1    ; Arabic language resource file
igfxrchs.lrc=1  ; Simplified Chinese language resource file
igfxrcht.lrc=1  ; Traditional Chinese language resource file
igfxrdan.lrc=1  ; Danish language resource file
igfxrdeu.lrc=1  ; German language resource file
igfxresp.lrc=1  ; Spanish language resource file
igfxrfin.lrc=1  ; Finish language resource file
igfxrfra.lrc=1  ; French language resource file
igfxrheb.lrc=1    ; Hebrew Language Resource file
igfxrita.lrc=1  ; Italian language resource file
igfxrjpn.lrc=1  ; Japanese language resource file
igfxrkor.lrc=1  ; Korean language resource file
igfxrnld.lrc=1  ; Netherlands language resource file
igfxrnor.lrc=1  ; Norwegian language resource file
igfxrplk.lrc=1  ; Polish language resource file
igfxrptb.lrc=1  ; Brazilian Portugese language resource file
igfxrptg.lrc=1  ; Portugese language resource file
igfxrrus.lrc=1  ; Russian language resource file
igfxrsve.lrc=1  ; Sweedish language resource file
igfxrtha.lrc=1  ; Thai language resource file
igfxrcsy.lrc=1 ; Czechoslovakian language resource file
igfxrell.lrc=1 ; Greek language resource file
igfxrhun.lrc=1 ; Hungarian language resource file
igfxrtrk.lrc=1 ; Turkish language resource file
hccutils.dll=1
igfxsrvc.dll=1
igfxsrvc.exe=1
igfxpph.dll=1
;igfxeud.dll=1
igfxcpl.cpl=1
igfxcfg.exe=1
;igfxdiag.exe=1
igfxdgps.dll=1
igfxdev.dll=1
igfxdo.dll=1
igfxtray.exe=1
igfxzoom.exe=1
hkcmd.exe=1
oemdspif.dll=1
igfxext.exe=1
igfxexps.dll=1
igfxpers.exe=1

ialmudlg.exe=1
ialmuARA.dll=1
ialmuARB.dll=1
ialmuCHS.dll=1
ialmuCHT.dll=1
ialmuCSY.dll=1
ialmuDAN.dll=1
ialmuDEU.dll=1
ialmuELL.dll=1
ialmuENG.dll=1
ialmuESP.dll=1
ialmuFIN.dll=1
ialmuFRA.dll=1
ialmuFRC.dll=1
ialmuHEB.dll=1
ialmuHUN.dll=1
ialmuITA.dll=1
ialmuJPN.dll=1
ialmuKOR.dll=1
ialmuNLD.dll=1
ialmuNOR.dll=1
ialmuPLK.dll=1
ialmuPTB.dll=1
ialmuPTG.dll=1
ialmuRUS.dll=1
ialmuSVE.dll=1
ialmuTHA.dll=1
ialmuTRK.dll=1

;ialmnt5.cat

[Driver.AddReg]
HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "EDIDDefaultXX",%REG_DWORD%,0x400
HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "EDIDDefaultYY",%REG_DWORD%,0x300
HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "EDIDDefaultRR",%REG_DWORD%,0x3c
HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "EDIDDefaultBPP",%REG_DWORD%,0x20

HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "LegacyDefaultXX",%REG_DWORD%,0x400
HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "LegacyDefaultYY",%REG_DWORD%,0x300
HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "LegacyDefaultRR",%REG_DWORD%,0x3c
HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "LegacyDefaultBPP",%REG_DWORD%,0x20

[Driver.DelReg]
HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "EDIDDefaultXX"
HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "EDIDDefaultYY"
HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "EDIDDefaultRR"
HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "EDIDDefaultBPP"

HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "LegacyDefaultXX"
HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "LegacyDefaultYY"
HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "LegacyDefaultRR"
HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0", "LegacyDefaultBPP"

[PC.DelReg]
HKLM,"System\CurrentControlSet\SERVICES\IALM\DEVICE0","PC"

[CUI.AddReg]
;Add INTEL/CUI keys
HKLM,"Software\INTEL"
HKLM,%DisplayKey%
HKLM,%CUIDeviceIndependentKey%

; Device Independent registry location
HKCR,"CLSID\{280A8F40-E382-11D2-B561-00A0C92E6848}",,,%CUIDeviceIndependentKey%

; Add Diagnostic Pages with the rest of the pages
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\Display\shellex\PropertySheetHandlers\igfxcui",,,"{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
HKCR,"CLSID\{280A8F40-E382-11D2-B561-00A0C92E6848}\shellex\PropertyPageHandlers\igfxcfg\diagHandler",,,"{3AB167A5-CCFF-11D2-8B20-00A0C93CB1F4}"

; Store resource information under %CUIDeviceIndependentKey%
; as for 830M these all will come under device independent keys
; Control panel resource
HKLM,"%CUIDeviceIndependentKey%\igfxcpl\resources","468",,%11%"\igfxcfg.exe"
; static pages resource
HKLM,"%CUIDeviceIndependentKey%\igfxpph\resources","468",,%11%"\igfxcfg.exe"
; cfg resource
HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources","468",,%11%"\igfxcfg.exe"
HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources","829",,""
; service resource
HKLM,"%CUIDeviceIndependentKey%\igfxsrvc\resources","468",,%11%"\igfxcfg.exe"
HKLM,"%CUIDeviceIndependentKey%\igfxsrvc\TrayIcon","ShowTrayIcon",%REG_DWORD%,1
; tray resource
HKLM,"%CUIDeviceIndependentKey%\igfxtray\resources","468",,%11%"\igfxcfg.exe"
HKLM,"%CUIDeviceIndependentKey%\igfxtray\resources","467",,%11%"\igfxtray.exe"
; hotkey resource
HKLM,"%CUIDeviceIndependentKey%\hkcmd\resources","468",,%11%"\igfxcfg.exe"
;static pages resource
HKLM,"%CUIDeviceIndependentKey%\igfxpph\resources","467",,%11%"\igfxtray.exe"

;=============================================================================
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui"
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui","DLLName",%REG_SZ%,"igfxdev.dll"
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui","Asynchronous",%REG_DWORD%,1
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui","Impersonate",%REG_DWORD%,1
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui","Unlock",%REG_SZ%,"WinlogonUnlockEvent"
;=============================================================================

;DELL Scan code
HKLM,"%CUIDeviceIndependentKey%\hkcmd","ScanCode",%REG_DWORD%,1

; Class ID of the CUIDriver component.
HKR,"DEFAULT","CUIDriver",,"{9CEE304E-DC6C-11D2-B561-00A0C92E6848}"

; Context menu handler entry.
HKCR, "Directory\Background\shellex\ContextMenuHandlers\igfxcui",,,"{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
;
; Registration of CUI dll's:            These will not self-register through the have-disk install.
;                                       Does not register TypeLibs or Interfaces.
;
; igfxcfg.exe self registration entries
;
HKCR,"AppID\{3D62E9A1-D243-11D2-B561-00A0C92E6848}",,,"igfxcfg"
HKCR,"AppID\igfxcfg.EXE","AppID",,"{3D62E9A1-D243-11D2-B561-00A0C92E6848}"
HKCR,"CLSID\{A354BD60-4C0A-11d3-B561-00A0C92E6848}",,,"DataObject Class"
HKCR,"CLSID\{A354BD60-4C0A-11d3-B561-00A0C92E6848}","AppID",,"{3D62E9A1-D243-11D2-B561-00A0C92E6848}"
HKCR,"CLSID\{A354BD60-4C0A-11d3-B561-00A0C92E6848}\ProgID",,,"igfxcfg.DataObject.1"
HKCR,"CLSID\{A354BD60-4C0A-11d3-B561-00A0C92E6848}\VersionIndependentProgID",,,"igfxcfg.DataObject"
HKCR,"CLSID\{A354BD60-4C0A-11d3-B561-00A0C92E6848}\LocalServer32",,,%11%"\igfxcfg.exe"
HKCR,"CLSID\{EE2D6561-D63C-11D2-B561-00A0C92E6848}",,,"ShellExt Class"
HKCR,"CLSID\{EE2D6561-D63C-11D2-B561-00A0C92E6848}","AppID",,"{3D62E9A1-D243-11D2-B561-00A0C92E6848}"
HKCR,"CLSID\{EE2D6561-D63C-11D2-B561-00A0C92E6848}\ProgID",,,"igfxcfg.ShellExt.1"
HKCR,"CLSID\{EE2D6561-D63C-11D2-B561-00A0C92E6848}\VersionIndependentProgID",,,"igfxcfg.ShellExt"
HKCR,"CLSID\{EE2D6561-D63C-11D2-B561-00A0C92E6848}\Programmable",,,
HKCR,"CLSID\{EE2D6561-D63C-11D2-B561-00A0C92E6848}\LocalServer32",,,%11%"\igfxcfg.exe"
HKCR,"igfxcfg.DataObject.1",,,"DataObject Class"
HKCR,"igfxcfg.DataObject.1\CLSID",,,"{A354BD60-4C0A-11d3-B561-00A0C92E6848}"
HKCR,"igfxcfg.DataObject",,,"DataObject Class"
HKCR,"igfxcfg.DataObject\CurVer",,,"igfxcfg.DataObject.1"
HKCR,"igfxcfg.DataObject\CLSID",,,"{A354BD60-4C0A-11d3-B561-00A0C92E6848}"
HKCR,"igfxcfg.ShellExt.1",,,"ShellExt Class"
HKCR,"igfxcfg.ShellExt.1\CLSID",,,"{EE2D6561-D63C-11D2-B561-00A0C92E6848}"
HKCR,"igfxcfg.ShellExt",,,"ShellExt Class"
HKCR,"igfxcfg.ShellExt\CurVer",,,"igfxcfg.ShellExt.1"
HKCR,"igfxcfg.ShellExt\CLSID",,,"{EE2D6561-D63C-11D2-B561-00A0C92E6848}"
;
; igfxdev.dll self registration entries
;
HKCR,"igfxdev.CUIDriver",,,"CUIDriver Class"
HKCR,"igfxdev.CUIDriver\CLSID",,,"{9CEE304E-DC6C-11D2-B561-00A0C92E6848}"
HKCR,"igfxdev.CUIDriver\CurVer",,,"igfxdev.CUIDriver.1"
HKCR,"igfxdev.CUIDriver.1",,,"CUIDriver Class"
HKCR,"igfxdev.CUIDriver.1\CLSID",,,"{9CEE304E-DC6C-11D2-B561-00A0C92E6848}"
HKCR,"CLSID\{9CEE304E-DC6C-11D2-B561-00A0C92E6848}",,,"CUIDriver Class"
HKCR,"CLSID\{9CEE304E-DC6C-11D2-B561-00A0C92E6848}\InProcServer32",,,%11%"\igfxdev.dll"
HKCR,"CLSID\{9CEE304E-DC6C-11D2-B561-00A0C92E6848}\InProcServer32","ThreadingModel",,"Apartment"
HKCR,"CLSID\{9CEE304E-DC6C-11D2-B561-00A0C92E6848}\ProgID",,,"igfxdev.CUIDriver.1"
HKCR,"CLSID\{9CEE304E-DC6C-11D2-B561-00A0C92E6848}\VersionIndependentProgID",,,"igfxdev.CUIDriver"
;
; igfxsrvc.exe self registration entries
;
HKCR,"igfxsrvc.Settings\CLSID",,,"{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}"
HKCR,"igfxsrvc.Settings\CurVer",,,"igfxsrvc.Settings.1"
HKCR,"igfxsrvc.Settings.1\CLSID",,,"{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}"
HKCR,"CLSID\{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}",,,"Settings Class"
HKCR,"CLSID\{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}\LocalServer32",,,%11%"\igfxsrvc.exe"
HKCR,"CLSID\{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}\ProgID",,,"igfxsrvc.Settings.1"
HKCR,"CLSID\{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}\VersionIndependentProgID",,,"igfxsrvc.Settings"
HKCR,"Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}",,,"ISettings"

HKCR,"igfxsrvc.DisplayConfig\CLSID",,,"{C2BFE331-6739-4270-86C9-493D9A04CD38}"
HKCR,"igfxsrvc.DisplayConfig\CurVer",,,"igfxsrvc.DisplayConfig.1"
HKCR,"igfxsrvc.DispayConfig.1\CLSID",,,"{C2BFE331-6739-4270-86C9-493D9A04CD38}"
HKCR,"CLSID\{C2BFE331-6739-4270-86C9-493D9A04CD38}",,,"DisplayConfig Class"
HKCR,"CLSID\{C2BFE331-6739-4270-86C9-493D9A04CD38}\LocalServer32",,,%11%"\igfxsrvc.exe"
HKCR,"CLSID\{C2BFE331-6739-4270-86C9-493D9A04CD38}\ProgID",,,"igfxsrvc.DisplayConfig.1"
HKCR,"CLSID\{C2BFE331-6739-4270-86C9-493D9A04CD38}\VersionIndependentProgID",,,"igfxsrvc.DisplayConfig"
HKCR,"Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}",,,"IDisplayConfig"

HKCR,"igfxsrvc.EDID\CLSID",,,"{40CB6EA0-AB2A-45F8-BA45-2DC7756A7B49}"
HKCR,"igfxsrvc.EDID\CurVer",,,"igfxsrvc.EDID.1"
HKCR,"igfx.EDID.1\CLSID",,,"{40CB6EA0-AB2A-45F8-BA45-2DC7756A7B49}"
HKCR,"CLSID\{40CB6EA0-AB2A-45F8-BA45-2DC7756A7B49}",,,"EDID Class"
HKCR,"CLSID\{40CB6EA0-AB2A-45F8-BA45-2DC7756A7B49}\LocalServer32",,,%11%"\igfxsrvc.exe"
HKCR,"CLSID\{40CB6EA0-AB2A-45F8-BA45-2DC7756A7B49}\ProgID",,,"igfxsrvc.EDID.1"
HKCR,"CLSID\{40CB6EA0-AB2A-45F8-BA45-2DC7756A7B49}\VersionIndependentProgID",,,"igfxsrvc.EDID"
HKCR,"Interface\{B7C4F4C9-EE21-4042-9C11-BEA5E039B1F9}",,,"IEDID"

HKCR,"igfxsrvc.Color\CLSID",,,"{FE9617F6-E606-42AA-BECC-0E9CDA246D63}"
HKCR,"igfxsrvc.Color\CurVer",,,"igfxsrvc.Color.1"
HKCR,"igfx.Color.1\CLSID",,,"{FE9617F6-E606-42AA-BECC-0E9CDA246D63}"
HKCR,"CLSID\{FE9617F6-E606-42AA-BECC-0E9CDA246D63}",,,"Color Class"
HKCR,"CLSID\{FE9617F6-E606-42AA-BECC-0E9CDA246D63}\LocalServer32",,,%11%"\igfxsrvc.exe"
HKCR,"CLSID\{FE9617F6-E606-42AA-BECC-0E9CDA246D63}\ProgID",,,"igfxsrvc.Color.1"
HKCR,"CLSID\{FE9617F6-E606-42AA-BECC-0E9CDA246D63}\VersionIndependentProgID",,,"igfxsrvc.Color"
HKCR,"Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}",,,"IColor"

HKCR,"igfxsrvc.CUIPower\CLSID",,,"{C332C124-340D-4430-AA0D-C75602876FCC}"
HKCR,"igfxsrvc.CUIPower\CurVer",,,"igfxsrvc.CUIPower.1"
HKCR,"igfx.CUIPower.1\CLSID",,,"{C332C124-340D-4430-AA0D-C75602876FCC}"
HKCR,"CLSID\{C332C124-340D-4430-AA0D-C75602876FCC}",,,"CUIPower Class"
HKCR,"CLSID\{C332C124-340D-4430-AA0D-C75602876FCC}\LocalServer32",,,%11%"\igfxsrvc.exe"
HKCR,"CLSID\{C332C124-340D-4430-AA0D-C75602876FCC}\ProgID",,,"igfxsrvc.CUIPower.1"
HKCR,"CLSID\{C332C124-340D-4430-AA0D-C75602876FCC}\VersionIndependentProgID",,,"igfxsrvc.CUIPower"
HKCR,"Interface\{299D88F9-2CBD-4225-BF19-FCD164C54C3F}",,,"ICUIPower"

HKCR,"igfxsrvc.MCCS\CLSID",,,"{999276E0-DA71-4743-8F02-0AB0A2D65558}"
HKCR,"igfxsrvc.MCCS\CurVer",,,"igfxsrvc.MCCS.1"
HKCR,"igfx.MCCS.1\CLSID",,,"{999276E0-DA71-4743-8F02-0AB0A2D65558}"
HKCR,"CLSID\{999276E0-DA71-4743-8F02-0AB0A2D65558}",,,"MCCS Class"
HKCR,"CLSID\{999276E0-DA71-4743-8F02-0AB0A2D65558}\LocalServer32",,,%11%"\igfxsrvc.exe"
HKCR,"CLSID\{999276E0-DA71-4743-8F02-0AB0A2D65558}\ProgID",,,"igfxsrvc.MCCS.1"
HKCR,"CLSID\{999276E0-DA71-4743-8F02-0AB0A2D65558}\VersionIndependentProgID",,,"igfxsrvc.MCCS"
HKCR,"Interface\{D80D344A-0CCD-4B2F-B379-56DE3EC2C4D1}",,,"IMCCS"

HKCR,"igfxsrvc.OpenGL\CLSID",,,"{DCB2D492-5F4F-4378-8FF4-DA87062D42E3}"
HKCR,"igfxsrvc.OpenGL\CurVer",,,"igfxsrvc.OpenGL.1"
HKCR,"igfx.OpenGL.1\CLSID",,,"{DCB2D492-5F4F-4378-8FF4-DA87062D42E3}"
HKCR,"CLSID\{DCB2D492-5F4F-4378-8FF4-DA87062D42E3}",,,"OpenGL Class"
HKCR,"CLSID\{DCB2D492-5F4F-4378-8FF4-DA87062D42E3}\LocalServer32",,,%11%"\igfxsrvc.exe"
HKCR,"CLSID\{DCB2D492-5F4F-4378-8FF4-DA87062D42E3}\ProgID",,,"igfxsrvc.OpenGL.1"
HKCR,"CLSID\{DCB2D492-5F4F-4378-8FF4-DA87062D42E3}\VersionIndependentProgID",,,"igfxsrvc.OpenGL"
HKCR,"Interface\{965FD393-C149-45F1-863C-402C4E2E38C5}",,,"IOpenGL"

HKCR,"igfxsrvc.Overlay\CLSID",,,"{016B931D-8430-4988-8510-C69C214CFF32}"
HKCR,"igfxsrvc.Overlay\CurVer",,,"igfxsrvc.Overlay.1"
HKCR,"igfx.Overlay.1\CLSID",,,"{016B931D-8430-4988-8510-C69C214CFF32}"
HKCR,"CLSID\{016B931D-8430-4988-8510-C69C214CFF32}",,,"Overlay Class"
HKCR,"CLSID\{016B931D-8430-4988-8510-C69C214CFF32}\LocalServer32",,,%11%"\igfxsrvc.exe"
HKCR,"CLSID\{016B931D-8430-4988-8510-C69C214CFF32}\ProgID",,,"igfxsrvc.Overlay.1"
HKCR,"CLSID\{016B931D-8430-4988-8510-C69C214CFF32}\VersionIndependentProgID",,,"igfxsrvc.Overlay"
HKCR,"Interface\{25824158-68E7-4A6F-A2FD-F6AD1D6845D4}",,,"IOverlay"

HKCR,"igfxsrvc.Rotation\CLSID",,,"{9B908879-E03F-4D0C-ACB3-9065B1155460}"
HKCR,"igfxsrvc.Rotation\CurVer",,,"igfxsrvc.Rotation.1"
HKCR,"igfx.Rotation.1\CLSID",,,"{9B908879-E03F-4D0C-ACB3-9065B1155460}"
HKCR,"CLSID\{9B908879-E03F-4D0C-ACB3-9065B1155460}",,,"Rotation Class"
HKCR,"CLSID\{9B908879-E03F-4D0C-ACB3-9065B1155460}\LocalServer32",,,%11%"\igfxsrvc.exe"
HKCR,"CLSID\{9B908879-E03F-4D0C-ACB3-9065B1155460}\ProgID",,,"igfxsrvc.Rotation.1"
HKCR,"CLSID\{9B908879-E03F-4D0C-ACB3-9065B1155460}\VersionIndependentProgID",,,"igfxsrvc.Rotation"
HKCR,"Interface\{72DC5954-069D-43C4-9B8B-19B59269DC74}",,,"IRotation"

HKCR,"igfxsrvc.Scheme\CLSID",,,"{C071C982-2EB2-4D3A-9821-E4B31B0142C8}"
HKCR,"igfxsrvc.Scheme\CurVer",,,"igfxsrvc.Scheme.1"
HKCR,"igfx.Scheme.1\CLSID",,,"{C071C982-2EB2-4D3A-9821-E4B31B0142C8}"
HKCR,"CLSID\{C071C982-2EB2-4D3A-9821-E4B31B0142C8}",,,"Scheme Class"
HKCR,"CLSID\{C071C982-2EB2-4D3A-9821-E4B31B0142C8}\LocalServer32",,,%11%"\igfxsrvc.exe"
HKCR,"CLSID\{C071C982-2EB2-4D3A-9821-E4B31B0142C8}\ProgID",,,"igfxsrvc.Scheme.1"
HKCR,"CLSID\{C071C982-2EB2-4D3A-9821-E4B31B0142C8}\VersionIndependentProgID",,,"igfxsrvc.Scheme"
HKCR,"Interface\{D5393CA5-EF8F-49E0-B180-212C903C652C}",,,"IScheme"

HKCR,"igfxsrvc.TVParam\CLSID",,,"{12E3793C-7C3C-4C00-BC4E-C79849B3F430}"
HKCR,"igfxsrvc.TVParam\CurVer",,,"igfxsrvc.TVParam.1"
HKCR,"igfx.TVParam.1\CLSID",,,"{12E3793C-7C3C-4C00-BC4E-C79849B3F430}"
HKCR,"CLSID\{12E3793C-7C3C-4C00-BC4E-C79849B3F430}",,,"TVParam Class"
HKCR,"CLSID\{12E3793C-7C3C-4C00-BC4E-C79849B3F430}\LocalServer32",,,%11%"\igfxsrvc.exe"
HKCR,"CLSID\{12E3793C-7C3C-4C00-BC4E-C79849B3F430}\ProgID",,,"igfxsrvc.TVParam.1"
HKCR,"CLSID\{12E3793C-7C3C-4C00-BC4E-C79849B3F430}\VersionIndependentProgID",,,"igfxsrvc.TVParam"
HKCR,"Interface\{DDA11344-AB20-4AEC-94C4-6AA091574CD0}",,,"ITVParam"
;
;proxy stub for igfxsrvc.exe
;
HKCR,"CLSID\{DDA11344-AB20-4AEC-94C4-6AA091574CD0}",,,"PSFactoryBuffer"
HKCR,"CLSID\{DDA11344-AB20-4AEC-94C4-6AA091574CD0}\InProcServer32",,,%11%"\igfxsrvc.dll"
HKCR,"CLSID\{DDA11344-AB20-4AEC-94C4-6AA091574CD0}\InProcServer32","ThreadingModel",,"Both"

HKCR,"Interface\{DDA11344-AB20-4AEC-94C4-6AA091574CD0}",,,"ITVParam"
HKCR,"Interface\{DDA11344-AB20-4AEC-94C4-6AA091574CD0}\ProxyStubClsid32",,,"{DDA11344-AB20-4AEC-94C4-6AA091574CD0}"
HKCR,"Interface\{DDA11344-AB20-4AEC-94C4-6AA091574CD0}\NumMethods",,,"9"

HKCR,"Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}",,,"ISettings"
HKCR,"Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\ProxyStubClsid32",,,"{DDA11344-AB20-4AEC-94C4-6AA091574CD0}"
HKCR,"Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\NumMethods",,,"13"

HKCR,"Interface\{D5393CA5-EF8F-49E0-B180-212C903C652C}",,,"IScheme"
HKCR,"Interface\{D5393CA5-EF8F-49E0-B180-212C903C652C}\ProxyStubClsid32",,,"{DDA11344-AB20-4AEC-94C4-6AA091574CD0}"
HKCR,"Interface\{D5393CA5-EF8F-49E0-B180-212C903C652C}\NumMethods",,,"7"

HKCR,"Interface\{72DC5954-069D-43C4-9B8B-19B59269DC74}",,,"IRotation"
HKCR,"Interface\{72DC5954-069D-43C4-9B8B-19B59269DC74}\ProxyStubClsid32",,,"{DDA11344-AB20-4AEC-94C4-6AA091574CD0}"
HKCR,"Interface\{72DC5954-069D-43C4-9B8B-19B59269DC74}\NumMethods",,,"9"

HKCR,"Interface\{25824158-68E7-4A6F-A2FD-F6AD1D6845D4}",,,"IOverlay"
HKCR,"Interface\{25824158-68E7-4A6F-A2FD-F6AD1D6845D4}\ProxyStubClsid32",,,"{DDA11344-AB20-4AEC-94C4-6AA091574CD0}"
HKCR,"Interface\{25824158-68E7-4A6F-A2FD-F6AD1D6845D4}\NumMethods",,,"13"

HKCR,"Interface\{965FD393-C149-45F1-863C-402C4E2E38C5}",,,"IOpenGL"
HKCR,"Interface\{965FD393-C149-45F1-863C-402C4E2E38C5}\ProxyStubClsid32",,,"{DDA11344-AB20-4AEC-94C4-6AA091574CD0}"
HKCR,"Interface\{965FD393-C149-45F1-863C-402C4E2E38C5}\NumMethods",,,"7"

HKCR,"Interface\{D80D344A-0CCD-4B2F-B379-56DE3EC2C4D1}",,,"IMCCS"
HKCR,"Interface\{D80D344A-0CCD-4B2F-B379-56DE3EC2C4D1}\ProxyStubClsid32",,,"{DDA11344-AB20-4AEC-94C4-6AA091574CD0}"
HKCR,"Interface\{D80D344A-0CCD-4B2F-B379-56DE3EC2C4D1}\NumMethods",,,"9"

HKCR,"Interface\{B7C4F4C9-EE21-4042-9C11-BEA5E039B1F9}",,,"IEDID"
HKCR,"Interface\{B7C4F4C9-EE21-4042-9C11-BEA5E039B1F9}\ProxyStubClsid32",,,"{DDA11344-AB20-4AEC-94C4-6AA091574CD0}"
HKCR,"Interface\{B7C4F4C9-EE21-4042-9C11-BEA5E039B1F9}\NumMethods",,,"12"

HKCR,"Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}",,,"IDisplayConfig"
HKCR,"Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\ProxyStubClsid32",,,"{DDA11344-AB20-4AEC-94C4-6AA091574CD0}"
HKCR,"Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\NumMethods",,,"15"

HKCR,"Interface\{299D88F9-2CBD-4225-BF19-FCD164C54C3F}",,,"ICUIPower"
HKCR,"Interface\{299D88F9-2CBD-4225-BF19-FCD164C54C3F}\ProxyStubClsid32",,,"{DDA11344-AB20-4AEC-94C4-6AA091574CD0}"
HKCR,"Interface\{299D88F9-2CBD-4225-BF19-FCD164C54C3F}\NumMethods",,,"7"

HKCR,"Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}",,,"IColor"
HKCR,"Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\ProxyStubClsid32",,,"{DDA11344-AB20-4AEC-94C4-6AA091574CD0}"
HKCR,"Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\NumMethods",,,"14"
;
; igfxpph.dll self registration entries
;
HKCR,"igfxpph.GraphicsShellExt",,,"GraphicsShellExt Class"
HKCR,"igfxpph.GraphicsShellExt\CLSID",,,"{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
HKCR,"igfxpph.GraphicsShellExt\CurVer",,,"igfxpph.GraphicsShellExt.1"
HKCR,"igfxpph.GraphicsShellExt.1",,,"GraphicsShellExt Class"
HKCR,"igfxpph.GraphicsShellExt.1\CLSID",,,"{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
HKCR,"CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}",,,"GraphicsShellExt Class"
HKCR,"CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}\InProcServer32",,,%11%"\igfxpph.dll"
HKCR,"CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}\InProcServer32","ThreadingModel",,"Apartment"
HKCR,"CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}\ProgID",,,"igfxpph.GraphicsShellExt.1"
HKCR,"CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}\VersionIndependentProgID",,,"igfxpph.GraphicsShellExt"
HKCR,"CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}\Programmable",,,

; Igfxdo.dll self registration entries
;
HKCR,"Igfxdo.DataObject",,,"DataObject Class"
HKCR,"Igfxdo.DataObject\CLSID",,,"{D4FA3D4E-BE69-11D4-AA30-00902704C6BF}"
HKCR,"Igfxdo.DataObject\CurVer",,,"Igfxdo.DataObject.1"
HKCR,"Igfxdo.DataObject.1",,,"DataObject Class"
HKCR,"Igfxdo.DataObject.1\CLSID",,,"{D4FA3D4E-BE69-11D4-AA30-00902704C6BF}"
HKCR,"CLSID\{D4FA3D4E-BE69-11D4-AA30-00902704C6BF}",,,"DataObject Class"
HKCR,"CLSID\{D4FA3D4E-BE69-11D4-AA30-00902704C6BF}\InProcServer32",,,%11%"\igfxdo.dll"
HKCR,"CLSID\{D4FA3D4E-BE69-11D4-AA30-00902704C6BF}\InProcServer32","ThreadingModel",,"Apartment"
HKCR,"CLSID\{D4FA3D4E-BE69-11D4-AA30-00902704C6BF}\ProgID",,,"Igfxdo.DataObject.1"
HKCR,"CLSID\{D4FA3D4E-BE69-11D4-AA30-00902704C6BF}\VersionIndependentProgID",,,"Igfxdo.DataObject"
HKCR,"CLSID\{D4FA3D4E-BE69-11D4-AA30-00902704C6BF}\Programmable",,,

HKCR,"Igfxdo.DataObjectInit",,,"DataObjectInit Class"
HKCR,"Igfxdo.DataObjectInit\CLSID",,,"{4501A903-BF07-11D4-AA30-00902704C6BF}"
HKCR,"Igfxdo.DataObjectInit\CurVer",,,"Igfxdo.DataObjectInit.1"
HKCR,"Igfxdo.DataObjectInit.1",,,"DataObjectInit Class"
HKCR,"Igfxdo.DataObjectInit.1\CLSID",,,"{4501A903-BF07-11D4-AA30-00902704C6BF}"
HKCR,"CLSID\{4501A903-BF07-11D4-AA30-00902704C6BF}",,,"DataObjectInit Class"
HKCR,"CLSID\{4501A903-BF07-11D4-AA30-00902704C6BF}\InProcServer32",,,%11%"\igfxdo.dll"
HKCR,"CLSID\{4501A903-BF07-11D4-AA30-00902704C6BF}\InProcServer32","ThreadingModel",,"Apartment"
HKCR,"CLSID\{4501A903-BF07-11D4-AA30-00902704C6BF}\ProgID",,,"Igfxdo.DataObjectInit.1"
HKCR,"CLSID\{4501A903-BF07-11D4-AA30-00902704C6BF}\VersionIndependentProgID",,,"Igfxdo.DataObjectInit"
HKCR,"CLSID\{4501A903-BF07-11D4-AA30-00902704C6BF}\Programmable",,,
;
; igfx executables on startup
;
HKLM,Software\Microsoft\Windows\CurrentVersion\Run,igfxtray,,%11%"\igfxtray.exe"
HKLM,Software\Microsoft\Windows\CurrentVersion\Run,igfxhkcmd,,%11%"\hkcmd.exe"
HKLM,Software\Microsoft\Windows\CurrentVersion\Run,igfxpers,,%11%"\igfxpers.exe"
;
;
; Entries for receiving winlogon unlock event
;
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui","DLLName",%REG_SZ%,"igfxdev.dll"
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui","Asynchronous",%REG_DWORD%,1
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui","Impersonate",%REG_DWORD%,1
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui","Unlock",%REG_SZ%,"WinlogonUnlockEvent"

; Remove CUI Zoom page option
;HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources\2610","469",,"exclude"

; Remove CUI Zoom Menu option
;HKLM,"%CUIDeviceIndependentKey%\igfxpph\resources","2621",,"None"

; To hide the entry of Enable/Disable Zoom in the hotkeys page
;HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources","2611",,""

; Disable Hot Key action
;HKLM,"%CUIDeviceIndependentKey%\igfxsrvc\resources","2658",,"Disable"

    ;Dell customization
    ;Hide Graphic Option from right click menu
    ;HKLM,"%CUIDeviceIndependentKey%\igfxpph\resources","3058",,"None"
    ;remove tray icon
    HKLM,"%CUIDeviceIndependentKey%\igfxtray\TrayIcon","ShowTrayIcon",%REG_DWORD%,0
    ;disable hotkey by default
    ;HKLM,"software\Intel\Display\igfxcui\HotKeys","Enable",0
    ;Remove Hot keys enable/disable from right click menu
    HKLM,"%CUIDeviceIndependentKey%\igfxpph\resources","3077",
    ;Remove Tray Icon enable/disable from right click menu  
    HKLM,"%CUIDeviceIndependentKey%\igfxpph\resources","3078",
    ;Remove schemes from CUI
    HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources","4519",
    ;Remove zoom utility from CUI  
    HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources","4515",
    ;Remove support tab from CUI->Information pop-up window  
    HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources","2951",
    ;Remove Center Desktop from CUI Display Settings
    ;HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources","555",
    ;Remove overlay settings from CUI
    HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources","4517",
    ;Remove 3D settings from CUI  
    HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources","4518",
    ;Remove Color Settings from CUI   
    HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources","4505",
    ;Remove hot key page from CUI
    ;HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources","4504",
    ;Hide "advance setting button"
    ;HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources","2909",  
 
    ;Remove Panel fit
    HKLM,"%CUIDeviceIndependentKey%\igfxpph\resources","3076",,"None"
       
    ;Disable Dynamic Hotkeys
    HKLM,"software\Intel\Display\igfxcui\igfxcfg\resources","7038",,
    HKLM,"software\Intel\Display\igfxcui\igfxcfg\resources","4714",,
 
    ;Disable ALS slider
    HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources","4662",
 
    ;Hide scaling options
    ;HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources","555",

    ;Hide DFGT option
    HKLM,"%CUIDeviceIndependentKey%\igfxcfg\resources","4660",%REG_SZ%,""  
 
[Uninstall945GM0_AddReg]
HKLM,"Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}","UninstallString",,"RUNDLL32.EXE %11%\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}","DisplayName",,"Intel® Graphics Media Accelerator Driver"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}","ModifyPath",,"FALSE"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}","NoModify",%REG_DWORD%,0x1
HKLM,"Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}","DisplayVersion",,"6.14.10.4446"

[Uninstall945GM1_AddReg]
HKLM,"Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}","UninstallString",,"RUNDLL32.EXE %11%\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}","DisplayName",,"Intel® Graphics Media Accelerator Driver"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}","ModifyPath",,"FALSE"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}","NoModify",%REG_DWORD%,0x1
HKLM,"Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}","DisplayVersion",,"6.14.10.4446"

;
; Begin of CUISDK Sections
;

[CUISDK.Copy]
igfxext.exe    ; CUI SDK
igfxexps.dll  ; CUI SDK proxy stub

[CUISDK.DelFiles]

[CUISDK.AddReg]
;
; igfxext.exe self registration entries
;
HKCR,"IgfxExt.CUIExternal\CLSID",,,"{7160A13D-73DA-4CEA-95B9-37356478588A}"
HKCR,"IgfxExt.CUIExternal\CurVer",,,"IgfxExt.CUIExternal.1"
HKCR,"IgfxExt.CUIExternal.1\CLSID",,,"{7160A13D-73DA-4CEA-95B9-37356478588A}"
HKCR,"CLSID\{7160A13D-73DA-4CEA-95B9-37356478588A}",,,"CUIExternal Class"
HKCR,"CLSID\{7160A13D-73DA-4CEA-95B9-37356478588A}\LocalServer32",,,%11%"\igfxext.exe"
HKCR,"CLSID\{7160A13D-73DA-4CEA-95B9-37356478588A}\ProgID",,,"IgfxExt.CUIExternal.1"
HKCR,"CLSID\{7160A13D-73DA-4CEA-95B9-37356478588A}\VersionIndependentProgID",,,"IgfxExt.CUIExternal"
;

;
;proxy stub for igfxext.exe (igfxexps.dll)
;
HKCR,"CLSID\{27E7234F-429F-4787-AC8F-8AADDED01355}",,,"PSFactoryBuffer"
HKCR,"CLSID\{27E7234F-429F-4787-AC8F-8AADDED01355}\InProcServer32",,,%11%"\IGFXEXPS.DLL"
HKCR,"CLSID\{27E7234F-429F-4787-AC8F-8AADDED01355}\InProcServer32","ThreadingModel",,"Both"

HKCR,"Interface\{F4C4B98D-F59E-4a0c-AEE9-801E0CDB671E}",,,"ICUIExtClientNotify"
HKCR,"Interface\{F4C4B98D-F59E-4a0c-AEE9-801E0CDB671E}\ProxyStubClsid32",,,"{27E7234F-429F-4787-AC8F-8AADDED01355}"
HKCR,"Interface\{F4C4B98D-F59E-4a0c-AEE9-801E0CDB671E}\NumMethods",,,"1"

HKCR,"Interface\{27E7234F-429F-4787-AC8F-8AADDED01355}",,,"ICUIExternal2"
HKCR,"Interface\{27E7234F-429F-4787-AC8F-8AADDED01355}\ProxyStubClsid32",,,"{27E7234F-429F-4787-AC8F-8AADDED01355}"
HKCR,"Interface\{27E7234F-429F-4787-AC8F-8AADDED01355}\NumMethods",,,"8"

HKCR,"Interface\{70F8C65F-06AA-443b-9E6B-7C73808F07E5}",,,"ICUIExternal3"
HKCR,"Interface\{70F8C65F-06AA-443b-9E6B-7C73808F07E5}\ProxyStubClsid32",,,"{27E7234F-429F-4787-AC8F-8AADDED01355}"
HKCR,"Interface\{70F8C65F-06AA-443b-9E6B-7C73808F07E5}\NumMethods",,,"2"

HKCR,"Interface\{3473E05A-3317-4df5-9098-E5387C94D1B0}",,,"ICUIExternalDual"
HKCR,"Interface\{3473E05A-3317-4df5-9098-E5387C94D1B0}\ProxyStubClsid32",,,"{27E7234F-429F-4787-AC8F-8AADDED01355}"
HKCR,"Interface\{3473E05A-3317-4df5-9098-E5387C94D1B0}\NumMethods",,,"0"

HKCR,"Interface\{5DC5B31E-0C28-4679-B8D8-32CF2F9BACED}",,,"ICUIExternal4"
HKCR,"Interface\{5DC5B31E-0C28-4679-B8D8-32CF2F9BACED}\ProxyStubClsid32",,,"{27E7234F-429F-4787-AC8F-8AADDED01355}"
HKCR,"Interface\{5DC5B31E-0C28-4679-B8D8-32CF2F9BACED}\NumMethods",,,"7"

HKCR,"Interface\{A05C525D-B4CB-4108-BFF7-1ACF1A14F00A}",,,"ICUIExternal5"
HKCR,"Interface\{A05C525D-B4CB-4108-BFF7-1ACF1A14F00A}\ProxyStubClsid32",,,"{27E7234F-429F-4787-AC8F-8AADDED01355}"
HKCR,"Interface\{A05C525D-B4CB-4108-BFF7-1ACF1A14F00A}\NumMethods",,,"5"

HKCR,"Interface\{AFB6489F-4515-44AA-8DF7-ED28EA46283C}",,,"ICUIExternal6"
HKCR,"Interface\{AFB6489F-4515-44AA-8DF7-ED28EA46283C}\ProxyStubClsid32",,,"{27E7234F-429F-4787-AC8F-8AADDED01355}"
HKCR,"Interface\{AFB6489F-4515-44AA-8DF7-ED28EA46283C}\NumMethods",,,"12"

[CUISDK.DelReg]
HKR,Igfxext

;
; End of CUISDK Sections
;
[Strings]
;
; Customizable Strings
;
CUIDeviceIndependentKey="Software\Intel\Display\igfxcui"
DisplayKey="Software\Intel\Display"
CUIDriverOldShareKey="Software\Intel\CUI"

;
; Non-Localizable Strings
;

REG_SZ         = 0x00000000
REG_MULTI_SZ   = 0x00010000
REG_DWORD      = 0x00010001
SERVICEROOT    = "System\CurrentControlSet\Services"

;
; Localizable Strings
;

DiskId        = "Intel® Graphics Media Accelerator Driver"
Intel           = "Intel Corporation"
iCLGD0     = "Mobile Intel® 945GM Express Chipset Family"
iCLGD1     = "Mobile Intel® 945GM Express Chipset Family"

I haven't been able to delete the key. Everytime I try I get "Cannot delete {    }: Error while deleting key"

 

Any suggestions?


  • 0

#123
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,168 posts
  • MVP

Did we do this already?

 

Windows Repair all in one

http://www.tweaking....all_in_one.html

Download it and save it then run it.

You can skip to step 4 or 5 where it gives you the same picture as in the above link.

Make sure all of these are checked before hitting Start:

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Remove Temp Files
Unhide Non System Files

Reboot when done

 

If you still can't remove the registry entry then try in Safe Mode.

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode.  Login with Administrator instead of your usual login.  (No password just hit Enter))

 

If you are able to remove the entry also go into Device Manager and Uninstall the 2nd display adapter.
 


  • 0

#124
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Good afternoon Ron,

 

I have a problem at the moment, I can't get the old laptop to start properly. I can see the Dell and Win XP splash screens but then the screen blanks and although the HDD light runs indicating some activity nothing happens. I have got it to open in safe mode and used regedit to see if anything had happened to the Key that you asked me to remove, it's still there.

 

I tried the last known good option but that just produced the same symptom so I am now trying the System Reset back to the 9th. It has just finished after a long time, I guess about 20min. It seems to have worked and has gone back to the instalation of XP Wdf01009, which I don't regognise.

 

I shall now try the things you have asked for. I don't regognise the program, so no we haven't done it before.

 

I got to Step 5, which asked me to back up the registry and make a system restore point. the Sys rest was OK, but the reg back up failed and as the program cautions against running it without a back up I thought I should check with you before running it. I tried to get at the error log but I can't see anyway to copy it. So I shall wait to hear from you before proceeding.


  • 0

#125
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,168 posts
  • MVP

Not sure why the reg backup failed but it should be OK to run anyway if you have a good restore point.

 

Don't try to delete the key after AllInOne.  Just

 

make a new FRST scan with Addition.txt checked so we know where we are.

 

Is it still slow booting?


  • 0

#126
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

OK I ran the Allinone and then FRST, here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by Philip (administrator) on ENILLION (11-04-2018 21:26:36)
Running from C:\Documents and Settings\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Philip & Biggles & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
() C:\WINDOWS\system32\UAService7.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastUI.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\avast software\avast\aswidsagent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-09] (AVAST Software)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1407248 2012-04-24] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2012-04-24] (Intel® Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2009-11-03] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2005-12-13] (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
SecurityProviders: digest.dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 12 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 13 %windir%\system32\vsocklib.dll => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4E6EE061-C7E0-45E8-A1C8-4121A2A500B7}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {7a085852-6757-4e38-8874-40baece5c3ae} URL =
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {31D37273-C478-446F-B06A-59B0A6C73E72} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-03-07] (AVAST Software)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Sunbird\Profiles\oy1oewzm.default [2008-09-01]
FF Extension: (No Name) - C:\Program Files\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2008-10-24] [not signed]
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078 [2018-04-11]
FF Extension: (Avast SafePrice) - C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\Extensions\[email protected] [2018-04-09]
FF Extension: (Avast Online Security) - C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\Extensions\[email protected] [2018-03-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-14] [Legacy] [not signed]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2006-03-22] (Zylom)
FF Plugin HKU\S-1-5-21-1184402194-1185109317-1466214600-1005: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fooihgffjknjfdidhkpgeibbipkjlhpn] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5947256 2018-04-09] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-09] (AVAST Software)
S2 gupdate1c996655bba3304; C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2016-08-04] (Google Inc.)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [919824 2012-04-24] (Intel® Corporation)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider) [File not signed]
R2 UserAccess7; C:\WINDOWS\system32\UAService7.exe [126976 2008-12-15] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S4 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 ARCSOFTVIRTUALCAPTURE; C:\WINDOWS\System32\DRIVERS\ArcSoftVirtualCapture.sys [15104 2006-12-07] (ArcSoft, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167040 2018-04-09] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [185432 2018-03-07] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157368 2018-03-07] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276688 2018-03-07] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50336 2018-03-07] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [180984 2018-04-09] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-04-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124392 2018-04-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70576 2018-04-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70816 2018-04-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783600 2018-04-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [391856 2018-04-09] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205352 2018-04-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-04-09] (AVAST Software)
R0 bdisk; C:\WINDOWS\System32\drivers\bdisk.sys [69216 2010-01-07] ()
S4 CBUfs; C:\WINDOWS\System32\DRIVERS\CBUFS.sys [120960 2010-01-07] (COMODO Security Solutions Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2014-12-25] (Windows ® Win 7 DDK provider)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209536 2009-07-29] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2009-07-29] (Conexant Systems, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2018-04-11] (Malwarebytes)
S3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [33816 2016-08-01] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1711104 2006-10-17] (Intel® Corporation)
S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-08] (Intel Corporation)
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
S4 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
S4 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47104 2005-11-21] (TOSHIBA Corporation) [File not signed]
S4 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-01-20] (TOSHIBA CORPORATION) [File not signed]
S4 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [36480 2005-09-15] (TOSHIBA Corporation) [File not signed]
S4 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
S4 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-01-11] (TOSHIBA Corporation.) [File not signed]
S4 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-05] (TOSHIBA Corporation.) [File not signed]
S4 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [50048 2005-04-05] (TOSHIBA Corporation) [File not signed]
S4 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [39936 2006-02-09] (TOSHIBA CORPORATION) [File not signed]
R3 ubohci; C:\WINDOWS\System32\DRIVERS\ubohci.sys [116736 2012-10-05] (Unibrain)
R2 ubsbm; C:\WINDOWS\System32\DRIVERS\ubsbm.sys [17408 2016-12-24] (Unibrain)
R2 ubumapi; C:\WINDOWS\System32\DRIVERS\ubumapi.sys [46592 2016-12-24] (Unibrain)
S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1429632 2006-04-27] (Intel® Corporation)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S4 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [X]
S4 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S4 UIUSys; no ImagePath
S4 wanatw; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-11 21:26 - 2018-04-11 21:27 - 000018551 _____ C:\Documents and Settings\Philip\Desktop\FRST.txt
2018-04-11 20:36 - 2018-04-11 20:36 - 000000000 __HDC C:\Program Files\WindowsUpdate
2018-04-11 20:05 - 2018-04-11 20:05 - 000000000 ____D C:\RegBackup
2018-04-11 16:10 - 2018-04-11 20:52 - 000000550 ____C C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2018-04-11 16:10 - 2018-04-11 16:10 - 000001812 _____ C:\Documents and Settings\Philip\Desktop\Tweaking.com - Windows Repair.lnk
2018-04-11 16:09 - 2018-04-11 16:09 - 000000000 ___DC C:\Program Files\Tweaking.com
2018-04-11 16:09 - 2018-04-11 16:09 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2018-04-11 16:08 - 2018-04-09 15:58 - 000320728 ____C (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-04-11 16:07 - 2018-04-11 20:03 - 000188727 ____C C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2018-04-11 16:06 - 2018-04-11 15:13 - 038504856 _____ (Tweaking.com) C:\Documents and Settings\Philip\Desktop\tweaking.com_windows_repair_aio_setup.exe
2018-04-11 15:53 - 2018-04-11 15:53 - 000000000 ____D C:\a0a38d90b200f7819d
2018-04-11 15:16 - 2018-04-11 15:45 - 000271586 ____C C:\WINDOWS\ntbtlog.txt
2018-04-10 16:17 - 2018-04-10 16:17 - 000010140 _____ C:\Documents and Settings\Philip\Desktop\video.reg
2018-04-09 14:12 - 2018-04-09 22:03 - 000005505 _____ C:\Documents and Settings\Philip\Desktop\SearchReg.txt
2018-04-09 14:04 - 2018-04-09 14:05 - 001764352 _____ (Farbar) C:\Documents and Settings\Philip\Desktop\FRST.exe
2018-04-09 07:47 - 2005-12-13 17:40 - 000135168 ____C (Intel Corporation) C:\WINDOWS\system32\igfxres.dll
2018-04-04 12:53 - 2018-04-04 12:53 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\CrystalIdea Software
2018-04-03 20:50 - 2018-04-07 22:32 - 000262144 _____ C:\WINDOWS\system32\default_user_class.dat
2018-04-03 19:57 - 2018-04-03 19:57 - 000000000 ___DC C:\Program Files\UPHClean
2018-04-03 00:08 - 2018-04-05 21:33 - 000000356 _____ C:\VEW.txt
2018-04-02 22:38 - 2018-04-02 22:38 - 000061440 _____ ( ) C:\Documents and Settings\Philip\Desktop\VEW(1).exe
2018-03-30 22:01 - 2018-04-11 21:27 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\temp
2018-03-30 22:01 - 2018-04-11 13:49 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2018-03-30 22:01 - 2018-03-30 22:01 - 000012303 _____ C:\ComboFix.txt
2018-03-30 22:01 - 2018-03-30 22:01 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2018-03-30 22:01 - 2018-03-30 22:01 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2018-03-30 14:54 - 2018-03-30 21:20 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2018-03-13 11:29 - 2011-06-26 08:45 - 000256000 ____C C:\WINDOWS\PEV.exe
2018-03-13 11:29 - 2010-11-07 19:20 - 000208896 ____C C:\WINDOWS\MBR.exe
2018-03-13 11:29 - 2009-04-20 06:56 - 000060416 ____C (NirSoft) C:\WINDOWS\NIRCMD.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000518144 ____C (SteelWerX) C:\WINDOWS\SWREG.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000406528 ____C (SteelWerX) C:\WINDOWS\SWSC.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000212480 ____C (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000098816 ____C C:\WINDOWS\sed.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000080412 ____C C:\WINDOWS\grep.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000068096 ____C C:\WINDOWS\zip.exe
2018-03-13 11:28 - 2018-03-30 22:01 - 000000000 ____D C:\Qoobox
2018-03-13 11:22 - 2018-03-30 15:07 - 005659794 ____R (Swearware) C:\Documents and Settings\Philip\Desktop\ComboFix.exe
2018-03-13 11:05 - 2018-03-13 11:05 - 001543360 _____ (COMODO) C:\Documents and Settings\Philip\Desktop\ciscleanuptool_x86.exe
2018-03-12 22:22 - 2018-03-12 22:22 - 003480040 _____ (McAfee, Inc.) C:\Documents and Settings\Philip\Desktop\MCPR.exe
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\NetworkService\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\LocalService\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\Default User\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Intel
2018-03-12 12:14 - 2018-03-12 12:14 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Intel
2018-03-12 12:13 - 2018-03-12 12:23 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless
2018-03-12 12:13 - 2010-10-07 05:11 - 006609920 ____C (Intel Corporation) C:\WINDOWS\system32\Drivers\NETwLx32.sys
2018-03-12 12:13 - 2010-02-24 17:39 - 000675840 ____C (Intel Corporation) C:\WINDOWS\system32\NETwLc32.dll
2018-03-12 12:13 - 2010-02-24 17:37 - 002756608 ____C (Intel Corporation) C:\WINDOWS\system32\NETwLr32.dll
2018-03-12 12:12 - 2018-03-12 12:12 - 000000000 ___DC C:\Program Files\Common Files\Intel
2018-03-12 08:41 - 2007-05-10 11:22 - 000405504 ____C (SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
2018-03-12 08:40 - 2007-08-21 10:58 - 000146944 ____C (IDT, Inc.) C:\WINDOWS\system32\st325602.dll
2018-03-12 08:39 - 2018-03-12 08:39 - 000000000 ___DC C:\Program Files\Sigmatel
2018-03-12 08:39 - 2007-05-10 11:23 - 004952064 ____C (SigmaTel, Inc.) C:\WINDOWS\system32\stacgui.cpl
2018-03-12 08:39 - 2007-04-10 18:02 - 001601536 ____C (SigmaTel, Inc.) C:\WINDOWS\system32\stlang.dll
2018-03-12 07:58 - 2018-04-11 20:55 - 000000330 ___HC C:\WINDOWS\Tasks\MP Scheduled Scan.job
2018-03-12 07:37 - 2018-04-11 20:45 - 000023392 ____C C:\WINDOWS\system32\nscompat.tlb
2018-03-12 07:37 - 2018-04-11 20:45 - 000016832 ____C C:\WINDOWS\system32\amcompat.tlb

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-11 21:26 - 2018-02-05 00:00 - 000000000 ____D C:\FRST
2018-04-11 21:13 - 2004-08-11 18:00 - 000002206 ____C C:\WINDOWS\system32\wpa.dbl
2018-04-11 20:57 - 2004-08-11 18:07 - 000539720 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-11 20:52 - 2018-03-07 13:47 - 000000358 ___HC C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-04-11 20:51 - 2018-03-10 21:52 - 000326704 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-11 20:51 - 2017-11-27 16:04 - 000221112 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-04-11 20:51 - 2004-08-11 18:20 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2018-04-11 20:51 - 2004-08-11 18:20 - 000000000 __SHD C:\Documents and Settings\LocalService
2018-04-11 20:50 - 2006-07-22 00:50 - 000000278 ___SH C:\Documents and Settings\Philip\ntuser.ini
2018-04-11 20:05 - 2004-08-11 18:00 - 000000195 __RSH C:\boot.ini
2018-04-11 19:46 - 2013-01-27 18:01 - 000032540 ____C C:\WINDOWS\SchedLgU.Txt
2018-04-11 19:45 - 2006-07-22 00:50 - 000000000 ____D C:\Documents and Settings\Philip
2018-04-11 16:12 - 2018-03-07 13:49 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2018-04-11 16:03 - 2004-08-11 18:02 - 000000000 __HDC C:\WINDOWS\inf
2018-04-11 15:58 - 2006-07-22 22:54 - 000000000 __SHD C:\WINDOWS\CSC
2018-04-11 15:56 - 2004-08-11 18:20 - 000000000 __SHD C:\Documents and Settings\NetworkService
2018-04-11 15:56 - 2004-08-11 18:20 - 000000000 ____D C:\Documents and Settings\Administrator
2018-04-11 15:54 - 2004-08-11 18:11 - 000000000 ___DC C:\WINDOWS\Registration
2018-04-09 15:58 - 2018-03-07 13:46 - 000391856 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000310784 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000205352 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000167040 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000124392 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000070816 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000070576 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000042808 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-04-09 15:57 - 2018-03-07 13:46 - 000783600 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-04-09 15:57 - 2018-03-07 13:46 - 000180984 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-04-09 07:48 - 2006-06-29 15:05 - 000000000 ___DC C:\WINDOWS\system32\ReinstallBackups
2018-04-04 12:52 - 2018-01-08 21:09 - 001682344 _____ (SpeedyFox) C:\Documents and Settings\Philip\Desktop\speedyfox.exe
2018-03-30 21:57 - 2004-08-11 18:00 - 000000227 _____ C:\WINDOWS\system.ini
2018-03-30 21:20 - 2013-02-09 17:50 - 000000000 ___DC C:\Program Files\Mozilla Maintenance Service
2018-03-30 20:34 - 2004-08-11 18:00 - 000000027 ____C C:\WINDOWS\system32\Drivers\etc\hosts_bak_257
2018-03-30 15:37 - 2009-02-03 11:46 - 000000000 ___DC C:\WINDOWS\ERDNT
2018-03-13 10:51 - 2007-04-29 19:06 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\McAfee
2018-03-12 12:12 - 2006-06-29 15:23 - 000000000 ___DC C:\Program Files\Intel
2018-03-12 09:10 - 2008-10-24 21:36 - 000000000 ___DC C:\Program Files\Microsoft SQL Server
2018-03-12 08:41 - 2004-08-11 18:02 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2018-03-12 08:35 - 2006-06-29 15:21 - 000000000 ___DC C:\Program Files\Dell
2018-03-12 08:31 - 2018-02-05 18:16 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2018-03-12 07:37 - 2017-01-08 21:31 - 000000792 ____C C:\Documents and Settings\Philip\Start Menu\Programs\Windows Media Player.lnk
2018-03-12 07:37 - 2008-10-24 17:23 - 000000000 ___DC C:\Program Files\Windows Desktop Search
2018-03-12 07:37 - 2004-08-11 18:00 - 000000765 ____C C:\WINDOWS\win.ini

==================== Files in the root of some directories =======

2006-07-22 05:46 - 2000-03-14 01:00 - 000249856 ____C (Microsoft Corporation) C:\Program Files\SETUP1.EXE
2008-10-27 20:20 - 2008-10-27 20:20 - 000002528 ____C () C:\Documents and Settings\Philip\Application Data\$_hpcst$.hpc
2008-11-25 17:42 - 2009-01-28 21:48 - 000000082 ____C () C:\Documents and Settings\Philip\Application Data\AVSDVDPlayer.m3u
2010-12-08 17:18 - 2015-02-22 16:21 - 000028790 _____ () C:\Documents and Settings\Philip\Application Data\Comma Separated Values (Windows).ADR
2006-07-25 19:38 - 2010-03-30 19:45 - 000014848 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-24 21:30 - 2006-07-24 21:30 - 000000129 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\fusioncache.dat
2007-11-29 10:18 - 2007-11-29 10:18 - 000000032 ____C () C:\Documents and Settings\All Users\Application Data\ezsid.dat
2009-05-24 18:19 - 2017-01-02 22:56 - 000004136 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-07-12 21:16 - 2012-08-28 21:32 - 000000193 ____C () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2006-11-14 17:52 - 2009-04-20 18:07 - 000000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2006-06-29 15:21 - 2006-06-29 15:21 - 000000004 ___HC () C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by Philip (11-04-2018 21:28:49)
Running from C:\Documents and Settings\Philip\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-07-21 22:50:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1184402194-1185109317-1466214600-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Biggles (S-1-5-21-1184402194-1185109317-1466214600-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Biggles
Guest (S-1-5-21-1184402194-1185109317-1466214600-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1184402194-1185109317-1466214600-1004 - Limited - Disabled)
Philip (S-1-5-21-1184402194-1185109317-1466214600-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Philip
SUPPORT_388945a0 (S-1-5-21-1184402194-1185109317-1466214600-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{47ECCB1F-2811-49C0-B6A7-26778639ABA0}) (Version: 3.1.1 - Hewlett-Packard) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
C4580 (HKLM\...\{403E07CF-040C-4653-85C6-1053B992CA53}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: 7.63.00.50 - Conexant)
Copy (HKLM\...\{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Destination Component (HKLM\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DownloadX ActiveX Download Control 1.6.8 (HKLM\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version:  - Genesis Mobile)
GNU Backgammon (MAIN branch, 20081113 code) (HKLM\...\GNU Backgammon_is1) (Version:  - Free Software Foundation)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
InstaCodecs (HKLM\...\InstaCodecs_is1) (Version: 1.0 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4446 - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{954B463D-FC19-4855-B9FA-92A136AE7BB7}) (Version: 15.03.0000 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MCU (HKLM\...\{D2988E9B-C73F-422C-AD4B-A66EBE257120}) (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Web Apps Browser Plugin (HKLM\...\{95140000-1148-0409-0000-0000000FF1CE}) (Version: 14.0.5568.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.7.3 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.7.3 ESR (x86 en-GB)) (Version: 52.7.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.7.3.6655 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Network (HKLM\...\{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Oxford Spanish Dictionary (HKLM\...\Oxford Spanish Dictionary) (Version:  - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.208.0 - Tracker Software Products Ltd)
PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.199.0 - Tracker Software Products Ltd)
PDF-XChange Viewer (HKLM\...\{D652ACB5-5443-43FA-B25C-259AFF394D8D}) (Version: 2.0.44.0 - Tracker Software Products Ltd.)
PS_AIO_04_C4580_Software_Min (HKLM\...\{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Recuva (remove only) (HKLM\...\Recuva) (Version:  - )
Scan (HKLM\...\{9CCCFD9C-248F-47FE-9496-1680E3E5C163}) (Version: 12.0.0.0 - Hewlett-Packard) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SmartWebPrinting (HKLM\...\{800E784D-53E3-4948-B491-9E7FA5EACBDC}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Sonic Audio module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.98 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sound Blaster ADVANCED MB Drivers (HKLM\...\SAMB_ADVMB_FILTER_DRV) (Version:  - )
Status (HKLM\...\{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Toolbox (HKLM\...\{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{4D304678-738E-42a0-931A-2B022F49DEB8}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 4.0.16 - Tweaking.com)
UnloadSupport (HKLM\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Webcam 1200 (HKLM\...\{66D475AE-F18B-43A0-8BAF-61AF4403E339}) (Version: 1.0.0.0 - Logitech)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.14 - Microsoft Corporation)
Windows Driver Package - Conexant (winachsf) Modem  (03/22/2007 7.63.00.50) (HKLM\...\BC9093B69A2F23E789D7F05A3770E314C8D0F44E) (Version: 03/22/2007 7.63.00.50 - Conexant)
Windows Driver Package - Dell Inc (omci) system  (05/26/2009 7.7.0.830) (HKLM\...\B2A4CCA33ED18F8364EBC488FB0B7A4B87B9F00D) (Version: 05/26/2009 7.7.0.830 - Dell Inc)
Windows Driver Package - Intel hdc  (07/25/2013 9.1.9.1005) (HKLM\...\0FC89EF25B8E7EB4E6DEC68AAB6FC08D970018E8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/09/2013 9.1.9.1004) (HKLM\...\737C68EDD1AFCD5D42AE3A1B12CD1455500F0EA2) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\FFD5BD6AF8B693FED8D50E12A23F30056D22A864) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB  (07/09/2013 9.1.9.1004) (HKLM\...\7FE3091A683E1D79B336ED7A5D69467CDFFB7A5E) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device  (12/22/2017 6.2.84.276) (HKLM\...\5904AD65D5DEFFD8294BF5DB998020688E567249) (Version: 12/22/2017 6.2.84.276 - IVT Corporation)
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Driver Package - Ricoh Company (risdptsk) hdc  (09/02/2008 6.03.02.22) (HKLM\...\37F6DB1FE70CA0A966E15DBD0B314B56D7A92A5B) (Version: 09/02/2008 6.03.02.22 - Ricoh Company)
Windows Driver Package - Ricoh Company MMC Host Controller (03/07/2011 6.00.03.05) (HKLM\...\07A14B7D240AEA7F81B3C2FE99BFE33F46642538) (Version: 03/07/2011 6.00.03.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (03/07/2011 6.00.01.11) (HKLM\...\0BFE5FCDE57FA0AF01CA8E6EA54F614A15083EBF) (Version: 03/07/2011 6.00.01.11 - Ricoh Company)
Windows Driver Package - Ricoh Company xD Host Controller (03/07/2011 6.00.01.13) (HKLM\...\7624569EEDBF62171F717E0F02EAF2547B81FFAF) (Version: 03/07/2011 6.00.01.13 - Ricoh Company)
Windows Driver Package - SigmaTel MEDIA  (02/15/2008 6.10.0.5866) (HKLM\...\0C327E80B04D91ACEF343253C80A5CAEDF25AF73) (Version: 02/15/2008 6.10.0.5866 - SigmaTel)
Windows Driver Package - Unibrain (ubohci) UB1394  (10/05/2012 6.0) (HKLM\...\E2CB89A0476213170E58E955F4C2024F6879C877) (Version: 10/05/2012 6.0 - Unibrain)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Connect (HKLM\...\WMCSetup) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2005-12-13] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Philip\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2018-04-09 15:58 - 2018-04-09 15:58 - 000349912 ____C () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000295640 ____C () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000282840 ____C () C:\Program Files\avast software\avast\tasks_core.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000763608 ____C () C:\Program Files\avast software\avast\ffl2.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000888536 ____C () C:\Program Files\avast software\avast\anen.dll
2018-04-09 15:57 - 2018-04-09 15:57 - 000172760 ____C () C:\Program Files\avast software\avast\hns_tools.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000969944 ____C () C:\Program Files\avast software\avast\shepherdsync.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000501464 ____C () C:\Program Files\avast software\avast\gui_cache.dll
2018-04-11 21:00 - 2018-04-11 21:00 - 005815952 ____C () C:\Program Files\AVAST Software\Avast\defs\18041106\algo.dll
2017-11-27 16:03 - 2018-01-14 21:51 - 001934792 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2008-12-15 17:17 - 2008-12-15 17:17 - 000126976 _____ () C:\WINDOWS\system32\UAService7.exe
2018-03-07 13:45 - 2018-03-07 13:45 - 048936448 ____C () C:\Program Files\avast software\avast\libcef.dll
2018-04-09 15:57 - 2018-04-09 15:57 - 000624856 ____C () c:\Program Files\avast software\avast\vaarclient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:SummaryInformation [43]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com

There are 5486 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 18:00 - 2018-04-11 20:45 - 000000855 ____C C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\msiexec.exe] => Generic Host Process
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
DomainProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
DomainProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
DomainProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
DomainProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
StandardProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
StandardProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
StandardProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017

==================== Restore Points =========================

11-04-2018 14:31:34 System Checkpoint
11-04-2018 14:32:01 Software Distribution Service 3.0
11-04-2018 15:46:21 Restore Operation
11-04-2018 16:03:43 Installed Windows XP Wdf01009.
11-04-2018 16:14:48 Tweaking.com - Windows Repair 2018

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 350 Bluetooth Internal Card
Description: Dell Wireless 350 Bluetooth Internal Card
Class Guid: {9B21FD3A-B1AB-4EB9-956F-E56ACFE78BCE}
Manufacturer: Toshiba
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2018 08:47:50 PM) (Source: COM+) (EventID: 4689) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (04/11/2018 08:47:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Error: (04/11/2018 08:47:43 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (04/11/2018 08:47:42 PM) (Source: VSS) (EventID: 4101) (User: )
Description: Volume Shadow Copy Service error: Cannot obtain the collection 'Applications' from the COM+ catalog [0x8007043c].

Error: (04/11/2018 08:47:24 PM) (Source: COM+) (EventID: 4689) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (04/11/2018 08:47:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Error: (04/11/2018 08:47:16 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (04/11/2018 08:47:16 PM) (Source: VSS) (EventID: 4101) (User: )
Description: Volume Shadow Copy Service error: Cannot obtain the collection 'Applications' from the COM+ catalog [0x8007043c].


System errors:
=============
Error: (04/11/2018 08:51:43 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/11/2018 08:50:08 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/11/2018 08:49:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Tweaking Run As System 0033 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/11/2018 08:49:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Tweaking Run As System 0033 service to connect.

Error: (04/11/2018 08:49:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Tweaking Run As System 0032 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/11/2018 08:49:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Tweaking Run As System 0032 service to connect.

Error: (04/11/2018 08:48:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Tweaking Run As System 0031 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/11/2018 08:48:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Tweaking Run As System 0031 service to connect.


==================== Memory info ===========================

Processor: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of memory in use: 58%
Total physical RAM: 1014.37 MB
Available physical RAM: 423.55 MB
Total Virtual: 2440.99 MB
Available Virtual: 1689.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:51.39 GB) (Free:26.94 GB) NTFS ==>[drive with boot components (Windows XP)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 54.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=51.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End of Addition.txt ============================

 

Over to you Ron


  • 0

#127
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

I just did a reboot, starting from all windows closed and it was 3min 9sec, so not too slow. :-)


  • 0

#128
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,168 posts
  • MVP

Uninstall

Tweaking.com

(Windows Repair All in One)

 

Start, All Programs, Accessories, Command Prompt

 

Type:

vssadmin  delete  shadows  /all

and hit Enter.

 

Now type:

vssadmin list writers

and hit Enter

 

do you get any errors?

 

    eral FunctionalityEvent ID 4609


You can verify that your component is working properly by running the Component Services administrative tool and ensuring that the required properties for the component are set.

To perform these procedures, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To open Component Services and verify that the component's required properties are set:

    Click Start, and then click Run.
    Type comexp.msc, and then click OK. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    To locate your application, click Component Services, click Computers, click My Computer, and then click COM+ Applications. (Sometimes you will get one or more popups asking if you want it to fix something.  Tell it Yes or OK)
    Right-click the component name, and then click Properties.
    In the component properties dialog box, click each tab to verify that the required properties are set.

In addition, you can verify that the COM+ operating system component is installed and working properly.

To verify that COM+ is working properly:

    In the console tree of Component Services, click Services (Local).
    Scroll through the list of service names to find the following services: COM+ Event System, COM+ System Application, DCOM Server Process Launcher, and Remote Procedure Call (RPC).
    Confirm that the status of each service is Started.

 

 

Download the attached fixlist.txt to the same location as FRST
Attached File  fixlist.txt   6.72KB   86 downloads


Run FRST and press Fix
A fix log will be generated please post that


Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Time a reboot now.

 

 

 


  • 0

#129
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

OK Tweaking has gone and yes I got an error from vss 0x8000ffff

 

I tried the Run comexp.msc, but got Run can't find comexp.msc. So, i did a search and founs 2 copies of comexp.msc, one in C:\i386 and the other in C:\Windows\system32\Com

 

So I started to follow your instructions and realised that I didn't understand what componet it was that i had to check...! So I stopped on that thread and went to your other check on COM+ I confirmed that all of your listed bits were started; however ther are 2 RPCs The first one (RPC) is automatic and started  the second (RPC) Locator is manual and is not started.

 

Just lost the 3 logs so here we go again:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by Philip (12-04-2018 19:54:13) Run:3
Running from C:\Documents and Settings\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Philip & Biggles & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 13 %windir%\system32\vsocklib.dll => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {7a085852-6757-4e38-8874-40baece5c3ae} URL =
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {31D37273-C478-446F-B06A-59B0A6C73E72} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
FF Extension: (No Name) - C:\Program Files\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2008-10-24] [not signed]
S4 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]
S4 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
S4 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47104 2005-11-21] (TOSHIBA Corporation) [File not signed]
S4 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-01-20] (TOSHIBA CORPORATION) [File not signed]
S4 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [36480 2005-09-15] (TOSHIBA Corporation) [File not signed]
S4 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
S4 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-01-11] (TOSHIBA Corporation.) [File not signed]
S4 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-05] (TOSHIBA Corporation.) [File not signed]
S4 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [50048 2005-04-05] (TOSHIBA Corporation) [File not signed]
S4 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [39936 2006-02-09] (TOSHIBA CORPORATION) [File not signed]
S4 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [X]
S4 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
S4 UIUSys; no ImagePath
S4 wanatw; no ImagePath
CMD: cmd: netsh winsock reset
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
EmptyTemp:















*****************

"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013" => removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31D37273-C478-446F-B06A-59B0A6C73E72}" => removed successfully.
HKLM\Software\Classes\CLSID\{31D37273-C478-446F-B06A-59B0A6C73E72} => not found
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0E5F0222-96B9-11D3-8997-00104BD12D94}" => removed successfully.
"HKLM\Software\Classes\CLSID\{0E5F0222-96B9-11D3-8997-00104BD12D94}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}" => removed successfully.
HKLM\Software\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} => not found
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => removed successfully.
HKLM\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => not found
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" => removed successfully.
HKLM\Software\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => not found
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{94E5218F-9737-4FC2-8457-567B1FF23DC0}" => removed successfully.
"HKLM\Software\Classes\CLSID\{94E5218F-9737-4FC2-8457-567B1FF23DC0}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A553720A-BFED-4EA4-A71F-7EFCA690A1F7}" => removed successfully.
"HKLM\Software\Classes\CLSID\{A553720A-BFED-4EA4-A71F-7EFCA690A1F7}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B479199A-1242-4E3C-AD81-7F0DF801B4AE}" => removed successfully.
HKLM\Software\Classes\CLSID\{B479199A-1242-4E3C-AD81-7F0DF801B4AE} => not found
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}" => removed successfully.
HKLM\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} => not found
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => removed successfully.
HKLM\Software\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => not found
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}" => removed successfully.
HKLM\Software\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} => not found
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" => removed successfully.
HKLM\Software\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => not found
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FFB3A759-98B1-446F-BDA9-909C6EB18CC7}" => removed successfully.
"HKLM\Software\Classes\CLSID\{FFB3A759-98B1-446F-BDA9-909C6EB18CC7}" => removed successfully.
C:\Program Files\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} => moved successfully
C:\Program Files\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} => path removed successfully.
"HKLM\System\CurrentControlSet\Services\hpqcxs08" => removed successfully.
hpqcxs08 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\hpqddsvc" => removed successfully.
hpqddsvc => service removed successfully.
"HKLM\System\CurrentControlSet\Services\HPSLPSVC" => removed successfully.
HPSLPSVC => service removed successfully.
"HKLM\System\CurrentControlSet\Services\toshidpt" => removed successfully.
toshidpt => service removed successfully.
"HKLM\System\CurrentControlSet\Services\tosporte" => removed successfully.
tosporte => service removed successfully.
"HKLM\System\CurrentControlSet\Services\Tosrfbd" => removed successfully.
Tosrfbd => service removed successfully.
"HKLM\System\CurrentControlSet\Services\Tosrfbnp" => removed successfully.
Tosrfbnp => service removed successfully.
"HKLM\System\CurrentControlSet\Services\Tosrfcom" => removed successfully.
Tosrfcom => service removed successfully.
"HKLM\System\CurrentControlSet\Services\Tosrfhid" => removed successfully.
Tosrfhid => service removed successfully.
"HKLM\System\CurrentControlSet\Services\tosrfnds" => removed successfully.
tosrfnds => service removed successfully.
"HKLM\System\CurrentControlSet\Services\TosRfSnd" => removed successfully.
TosRfSnd => service removed successfully.
"HKLM\System\CurrentControlSet\Services\Tosrfusb" => removed successfully.
Tosrfusb => service removed successfully.
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully.
catchme => service removed successfully.
"HKLM\System\CurrentControlSet\Services\cpuz135" => removed successfully.
cpuz135 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\cpuz136" => removed successfully.
cpuz136 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\UIUSys" => removed successfully.
UIUSys => service removed successfully.
"HKLM\System\CurrentControlSet\Services\wanatw" => removed successfully.
wanatw => service removed successfully.

========= cmd: netsh winsock reset =========

'cmd:' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9319 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 56514 B
Java, Flash, Steam htmlcache => 1451096 B
Windows/system/dllcache/drivers => 325053 B
Edge => 0 B
Chrome => 0 B
Firefox => 106050159 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 33208 B
All Users => 0 B
systemprofile => 98680 B
LocalService => 361226 B
NetworkService => 329854 B
Philip => 686779 B
Biggles => 0 B
Administrator => 82360 B

RecycleBin => 0 B
EmptyTemp: => 104.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:56:16 ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by Philip (administrator) on ENILLION (12-04-2018 20:29:05)
Running from C:\Documents and Settings\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Philip & Biggles & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastUI.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
() C:\WINDOWS\system32\UAService7.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-09] (AVAST Software)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1407248 2012-04-24] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2012-04-24] (Intel® Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2009-11-03] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2005-12-13] (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
SecurityProviders: digest.dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4E6EE061-C7E0-45E8-A1C8-4121A2A500B7}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-03-07] (AVAST Software)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Sunbird\Profiles\oy1oewzm.default [2008-09-01]
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078 [2018-04-12]
FF Extension: (Avast SafePrice) - C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\Extensions\[email protected] [2018-04-09]
FF Extension: (Avast Online Security) - C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078\Extensions\[email protected] [2018-03-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-14] [Legacy] [not signed]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2006-03-22] (Zylom)
FF Plugin HKU\S-1-5-21-1184402194-1185109317-1466214600-1005: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fooihgffjknjfdidhkpgeibbipkjlhpn] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5947256 2018-04-09] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-09] (AVAST Software)
S2 gupdate1c996655bba3304; C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2016-08-04] (Google Inc.)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [919824 2012-04-24] (Intel® Corporation)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider) [File not signed]
R2 UserAccess7; C:\WINDOWS\system32\UAService7.exe [126976 2008-12-15] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 ARCSOFTVIRTUALCAPTURE; C:\WINDOWS\System32\DRIVERS\ArcSoftVirtualCapture.sys [15104 2006-12-07] (ArcSoft, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167040 2018-04-09] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [185432 2018-03-07] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157368 2018-03-07] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276688 2018-03-07] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50336 2018-03-07] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [180984 2018-04-09] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-04-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124392 2018-04-12] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70576 2018-04-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70816 2018-04-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783600 2018-04-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [391856 2018-04-09] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205352 2018-04-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-04-09] (AVAST Software)
R0 bdisk; C:\WINDOWS\System32\drivers\bdisk.sys [69216 2010-01-07] ()
S4 CBUfs; C:\WINDOWS\System32\DRIVERS\CBUFS.sys [120960 2010-01-07] (COMODO Security Solutions Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2014-12-25] (Windows ® Win 7 DDK provider)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209536 2009-07-29] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2009-07-29] (Conexant Systems, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2018-04-12] (Malwarebytes)
S3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [33816 2016-08-01] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1711104 2006-10-17] (Intel® Corporation)
S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-08] (Intel Corporation)
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
R3 ubohci; C:\WINDOWS\System32\DRIVERS\ubohci.sys [116736 2012-10-05] (Unibrain)
R2 ubsbm; C:\WINDOWS\System32\DRIVERS\ubsbm.sys [17408 2016-12-24] (Unibrain)
R2 ubumapi; C:\WINDOWS\System32\DRIVERS\ubumapi.sys [46592 2016-12-24] (Unibrain)
S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1429632 2006-04-27] (Intel® Corporation)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-12 20:27 - 2018-04-12 20:27 - 001764352 _____ (Farbar) C:\Documents and Settings\Philip\Desktop\FRST.exe
2018-04-12 19:54 - 2018-04-12 19:56 - 000010382 _____ C:\Documents and Settings\Philip\Desktop\Fixlog.txt
2018-04-11 21:28 - 2018-04-11 21:31 - 000037256 _____ C:\Documents and Settings\Philip\Desktop\Addition.txt
2018-04-11 21:26 - 2018-04-12 20:30 - 000015328 _____ C:\Documents and Settings\Philip\Desktop\FRST.txt
2018-04-11 20:36 - 2018-04-11 20:36 - 000000000 __HDC C:\Program Files\WindowsUpdate
2018-04-11 20:05 - 2018-04-11 20:05 - 000000000 ____D C:\RegBackup
2018-04-11 16:10 - 2018-04-12 19:59 - 000000550 ____C C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2018-04-11 16:09 - 2018-04-11 16:09 - 000000000 ___DC C:\Program Files\Tweaking.com
2018-04-11 16:08 - 2018-04-09 15:58 - 000320728 ____C (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-04-11 16:07 - 2018-04-12 20:18 - 000190329 ____C C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2018-04-11 15:53 - 2018-04-11 15:53 - 000000000 ____D C:\a0a38d90b200f7819d
2018-04-11 15:16 - 2018-04-11 15:45 - 000271586 ____C C:\WINDOWS\ntbtlog.txt
2018-04-10 16:17 - 2018-04-10 16:17 - 000010140 _____ C:\Documents and Settings\Philip\Desktop\video.reg
2018-04-09 14:12 - 2018-04-09 22:03 - 000005505 _____ C:\Documents and Settings\Philip\Desktop\SearchReg.txt
2018-04-09 07:47 - 2005-12-13 17:40 - 000135168 ____C (Intel Corporation) C:\WINDOWS\system32\igfxres.dll
2018-04-04 12:53 - 2018-04-04 12:53 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\CrystalIdea Software
2018-04-03 20:50 - 2018-04-07 22:32 - 000262144 _____ C:\WINDOWS\system32\default_user_class.dat
2018-04-03 19:57 - 2018-04-03 19:57 - 000000000 ___DC C:\Program Files\UPHClean
2018-04-03 00:08 - 2018-04-05 21:33 - 000000356 _____ C:\VEW.txt
2018-04-02 22:38 - 2018-04-02 22:38 - 000061440 _____ ( ) C:\Documents and Settings\Philip\Desktop\VEW(1).exe
2018-03-30 22:01 - 2018-04-12 20:30 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\temp
2018-03-30 22:01 - 2018-04-12 20:19 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2018-03-30 22:01 - 2018-03-30 22:01 - 000012303 _____ C:\ComboFix.txt
2018-03-30 22:01 - 2018-03-30 22:01 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2018-03-30 22:01 - 2018-03-30 22:01 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2018-03-30 14:54 - 2018-03-30 21:20 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2018-03-13 11:29 - 2011-06-26 08:45 - 000256000 ____C C:\WINDOWS\PEV.exe
2018-03-13 11:29 - 2010-11-07 19:20 - 000208896 ____C C:\WINDOWS\MBR.exe
2018-03-13 11:29 - 2009-04-20 06:56 - 000060416 ____C (NirSoft) C:\WINDOWS\NIRCMD.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000518144 ____C (SteelWerX) C:\WINDOWS\SWREG.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000406528 ____C (SteelWerX) C:\WINDOWS\SWSC.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000212480 ____C (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000098816 ____C C:\WINDOWS\sed.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000080412 ____C C:\WINDOWS\grep.exe
2018-03-13 11:29 - 2000-08-31 02:00 - 000068096 ____C C:\WINDOWS\zip.exe
2018-03-13 11:28 - 2018-03-30 22:01 - 000000000 ____D C:\Qoobox
2018-03-13 11:22 - 2018-03-30 15:07 - 005659794 ____R (Swearware) C:\Documents and Settings\Philip\Desktop\ComboFix.exe
2018-03-13 11:05 - 2018-03-13 11:05 - 001543360 _____ (COMODO) C:\Documents and Settings\Philip\Desktop\ciscleanuptool_x86.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-12 20:29 - 2018-02-05 00:00 - 000000000 ____D C:\FRST
2018-04-12 20:20 - 2004-08-11 18:00 - 000002206 ____C C:\WINDOWS\system32\wpa.dbl
2018-04-12 20:10 - 2018-03-07 13:47 - 000000358 ___HC C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-04-12 20:05 - 2004-08-11 18:07 - 000539720 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-12 20:02 - 2018-03-12 07:58 - 000000330 ___HC C:\WINDOWS\Tasks\MP Scheduled Scan.job
2018-04-12 19:59 - 2017-11-27 16:04 - 000221112 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-04-12 19:59 - 2004-08-11 18:20 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2018-04-12 19:57 - 2013-01-27 18:01 - 000032540 ____C C:\WINDOWS\SchedLgU.Txt
2018-04-12 19:57 - 2006-07-22 00:50 - 000000278 ___SH C:\Documents and Settings\Philip\ntuser.ini
2018-04-12 19:57 - 2006-07-22 00:50 - 000000000 ____D C:\Documents and Settings\Philip
2018-04-12 19:55 - 2004-08-11 18:11 - 000000000 ___DC C:\WINDOWS\Registration
2018-04-12 19:08 - 2018-03-07 13:46 - 000124392 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-04-12 18:25 - 2018-03-10 21:53 - 000085752 _____ C:\Documents and Settings\Philip\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2018-04-11 20:51 - 2018-03-10 21:52 - 000326704 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-11 20:51 - 2004-08-11 18:20 - 000000000 __SHD C:\Documents and Settings\LocalService
2018-04-11 20:45 - 2018-03-12 07:37 - 000023392 ____C C:\WINDOWS\system32\nscompat.tlb
2018-04-11 20:45 - 2018-03-12 07:37 - 000016832 ____C C:\WINDOWS\system32\amcompat.tlb
2018-04-11 20:05 - 2004-08-11 18:00 - 000000195 __RSH C:\boot.ini
2018-04-11 16:12 - 2018-03-07 13:49 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2018-04-11 16:03 - 2004-08-11 18:02 - 000000000 __HDC C:\WINDOWS\inf
2018-04-11 15:58 - 2006-07-22 22:54 - 000000000 __SHD C:\WINDOWS\CSC
2018-04-11 15:56 - 2004-08-11 18:20 - 000000000 __SHD C:\Documents and Settings\NetworkService
2018-04-11 15:56 - 2004-08-11 18:20 - 000000000 ____D C:\Documents and Settings\Administrator
2018-04-09 15:58 - 2018-03-07 13:46 - 000391856 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000310784 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000205352 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000167040 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000070816 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000070576 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-04-09 15:58 - 2018-03-07 13:46 - 000042808 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-04-09 15:57 - 2018-03-07 13:46 - 000783600 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-04-09 15:57 - 2018-03-07 13:46 - 000180984 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-04-09 07:48 - 2006-06-29 15:05 - 000000000 ___DC C:\WINDOWS\system32\ReinstallBackups
2018-04-04 12:52 - 2018-01-08 21:09 - 001682344 _____ (SpeedyFox) C:\Documents and Settings\Philip\Desktop\speedyfox.exe
2018-03-30 21:57 - 2004-08-11 18:00 - 000000227 _____ C:\WINDOWS\system.ini
2018-03-30 21:20 - 2013-02-09 17:50 - 000000000 ___DC C:\Program Files\Mozilla Maintenance Service
2018-03-30 20:34 - 2004-08-11 18:00 - 000000027 ____C C:\WINDOWS\system32\Drivers\etc\hosts_bak_257
2018-03-30 15:37 - 2009-02-03 11:46 - 000000000 ___DC C:\WINDOWS\ERDNT
2018-03-13 10:51 - 2007-04-29 19:06 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\McAfee

==================== Files in the root of some directories =======

2006-07-22 05:46 - 2000-03-14 01:00 - 000249856 ____C (Microsoft Corporation) C:\Program Files\SETUP1.EXE
2008-10-27 20:20 - 2008-10-27 20:20 - 000002528 ____C () C:\Documents and Settings\Philip\Application Data\$_hpcst$.hpc
2008-11-25 17:42 - 2009-01-28 21:48 - 000000082 ____C () C:\Documents and Settings\Philip\Application Data\AVSDVDPlayer.m3u
2010-12-08 17:18 - 2015-02-22 16:21 - 000028790 _____ () C:\Documents and Settings\Philip\Application Data\Comma Separated Values (Windows).ADR
2006-07-25 19:38 - 2010-03-30 19:45 - 000014848 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-24 21:30 - 2006-07-24 21:30 - 000000129 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\fusioncache.dat
2007-11-29 10:18 - 2007-11-29 10:18 - 000000032 ____C () C:\Documents and Settings\All Users\Application Data\ezsid.dat
2009-05-24 18:19 - 2017-01-02 22:56 - 000004136 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-07-12 21:16 - 2012-08-28 21:32 - 000000193 ____C () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2006-11-14 17:52 - 2009-04-20 18:07 - 000000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2006-06-29 15:21 - 2006-06-29 15:21 - 000000004 ___HC () C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by Philip (12-04-2018 20:31:09)
Running from C:\Documents and Settings\Philip\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-07-21 22:50:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1184402194-1185109317-1466214600-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Biggles (S-1-5-21-1184402194-1185109317-1466214600-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Biggles
Guest (S-1-5-21-1184402194-1185109317-1466214600-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1184402194-1185109317-1466214600-1004 - Limited - Disabled)
Philip (S-1-5-21-1184402194-1185109317-1466214600-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Philip
SUPPORT_388945a0 (S-1-5-21-1184402194-1185109317-1466214600-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{47ECCB1F-2811-49C0-B6A7-26778639ABA0}) (Version: 3.1.1 - Hewlett-Packard) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
C4580 (HKLM\...\{403E07CF-040C-4653-85C6-1053B992CA53}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: 7.63.00.50 - Conexant)
Copy (HKLM\...\{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Destination Component (HKLM\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DownloadX ActiveX Download Control 1.6.8 (HKLM\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version:  - Genesis Mobile)
GNU Backgammon (MAIN branch, 20081113 code) (HKLM\...\GNU Backgammon_is1) (Version:  - Free Software Foundation)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
InstaCodecs (HKLM\...\InstaCodecs_is1) (Version: 1.0 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4446 - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{954B463D-FC19-4855-B9FA-92A136AE7BB7}) (Version: 15.03.0000 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MCU (HKLM\...\{D2988E9B-C73F-422C-AD4B-A66EBE257120}) (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Web Apps Browser Plugin (HKLM\...\{95140000-1148-0409-0000-0000000FF1CE}) (Version: 14.0.5568.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.7.3 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.7.3 ESR (x86 en-GB)) (Version: 52.7.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.7.3.6655 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Network (HKLM\...\{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Oxford Spanish Dictionary (HKLM\...\Oxford Spanish Dictionary) (Version:  - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.208.0 - Tracker Software Products Ltd)
PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.199.0 - Tracker Software Products Ltd)
PDF-XChange Viewer (HKLM\...\{D652ACB5-5443-43FA-B25C-259AFF394D8D}) (Version: 2.0.44.0 - Tracker Software Products Ltd.)
PS_AIO_04_C4580_Software_Min (HKLM\...\{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Recuva (remove only) (HKLM\...\Recuva) (Version:  - )
Scan (HKLM\...\{9CCCFD9C-248F-47FE-9496-1680E3E5C163}) (Version: 12.0.0.0 - Hewlett-Packard) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SmartWebPrinting (HKLM\...\{800E784D-53E3-4948-B491-9E7FA5EACBDC}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Sonic Audio module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.98 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sound Blaster ADVANCED MB Drivers (HKLM\...\SAMB_ADVMB_FILTER_DRV) (Version:  - )
Status (HKLM\...\{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Toolbox (HKLM\...\{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{4D304678-738E-42a0-931A-2B022F49DEB8}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Webcam 1200 (HKLM\...\{66D475AE-F18B-43A0-8BAF-61AF4403E339}) (Version: 1.0.0.0 - Logitech)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.14 - Microsoft Corporation)
Windows Driver Package - Conexant (winachsf) Modem  (03/22/2007 7.63.00.50) (HKLM\...\BC9093B69A2F23E789D7F05A3770E314C8D0F44E) (Version: 03/22/2007 7.63.00.50 - Conexant)
Windows Driver Package - Dell Inc (omci) system  (05/26/2009 7.7.0.830) (HKLM\...\B2A4CCA33ED18F8364EBC488FB0B7A4B87B9F00D) (Version: 05/26/2009 7.7.0.830 - Dell Inc)
Windows Driver Package - Intel hdc  (07/25/2013 9.1.9.1005) (HKLM\...\0FC89EF25B8E7EB4E6DEC68AAB6FC08D970018E8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/09/2013 9.1.9.1004) (HKLM\...\737C68EDD1AFCD5D42AE3A1B12CD1455500F0EA2) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\FFD5BD6AF8B693FED8D50E12A23F30056D22A864) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB  (07/09/2013 9.1.9.1004) (HKLM\...\7FE3091A683E1D79B336ED7A5D69467CDFFB7A5E) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device  (12/22/2017 6.2.84.276) (HKLM\...\5904AD65D5DEFFD8294BF5DB998020688E567249) (Version: 12/22/2017 6.2.84.276 - IVT Corporation)
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Driver Package - Ricoh Company (risdptsk) hdc  (09/02/2008 6.03.02.22) (HKLM\...\37F6DB1FE70CA0A966E15DBD0B314B56D7A92A5B) (Version: 09/02/2008 6.03.02.22 - Ricoh Company)
Windows Driver Package - Ricoh Company MMC Host Controller (03/07/2011 6.00.03.05) (HKLM\...\07A14B7D240AEA7F81B3C2FE99BFE33F46642538) (Version: 03/07/2011 6.00.03.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (03/07/2011 6.00.01.11) (HKLM\...\0BFE5FCDE57FA0AF01CA8E6EA54F614A15083EBF) (Version: 03/07/2011 6.00.01.11 - Ricoh Company)
Windows Driver Package - Ricoh Company xD Host Controller (03/07/2011 6.00.01.13) (HKLM\...\7624569EEDBF62171F717E0F02EAF2547B81FFAF) (Version: 03/07/2011 6.00.01.13 - Ricoh Company)
Windows Driver Package - SigmaTel MEDIA  (02/15/2008 6.10.0.5866) (HKLM\...\0C327E80B04D91ACEF343253C80A5CAEDF25AF73) (Version: 02/15/2008 6.10.0.5866 - SigmaTel)
Windows Driver Package - Unibrain (ubohci) UB1394  (10/05/2012 6.0) (HKLM\...\E2CB89A0476213170E58E955F4C2024F6879C877) (Version: 10/05/2012 6.0 - Unibrain)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Connect (HKLM\...\WMCSetup) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2005-12-13] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Philip\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2018-04-09 15:58 - 2018-04-09 15:58 - 000349912 ____C () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000295640 ____C () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000282840 ____C () C:\Program Files\avast software\avast\tasks_core.dll
2018-04-12 18:17 - 2018-04-12 18:17 - 005817488 ____C () C:\Program Files\AVAST Software\Avast\defs\18041202\algo.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000763608 ____C () C:\Program Files\avast software\avast\ffl2.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000888536 ____C () C:\Program Files\avast software\avast\anen.dll
2018-04-09 15:57 - 2018-04-09 15:57 - 000172760 ____C () C:\Program Files\avast software\avast\hns_tools.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000969944 ____C () C:\Program Files\avast software\avast\shepherdsync.dll
2018-04-09 15:58 - 2018-04-09 15:58 - 000501464 ____C () C:\Program Files\avast software\avast\gui_cache.dll
2008-12-15 17:17 - 2008-12-15 17:17 - 000090112 ____C () C:\WINDOWS\system32\CmdLineExt.dll
2018-03-07 13:45 - 2018-03-07 13:45 - 048936448 ____C () C:\Program Files\avast software\avast\libcef.dll
2017-11-27 16:03 - 2018-01-14 21:51 - 001934792 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2008-12-15 17:17 - 2008-12-15 17:17 - 000126976 _____ () C:\WINDOWS\system32\UAService7.exe
2004-08-11 18:00 - 2013-01-02 08:49 - 001292288 ____C () C:\WINDOWS\System32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:SummaryInformation [43]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com

There are 5486 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 18:00 - 2018-04-11 20:45 - 000000855 ____C C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\msiexec.exe] => Generic Host Process
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
DomainProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
DomainProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
DomainProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
DomainProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
StandardProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
StandardProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
StandardProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017

==================== Restore Points =========================

11-04-2018 15:46:21 Restore Operation
11-04-2018 16:03:43 Installed Windows XP Wdf01009.
11-04-2018 16:14:48 Tweaking.com - Windows Repair 2018

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 350 Bluetooth Internal Card
Description: Dell Wireless 350 Bluetooth Internal Card
Class Guid: {9B21FD3A-B1AB-4EB9-956F-E56ACFE78BCE}
Manufacturer: Toshiba
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2018 06:46:10 PM) (Source: COM+) (EventID: 4689) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070005: InitEventCollector failed

Error: (04/12/2018 06:29:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154.

Error: (04/11/2018 08:47:50 PM) (Source: COM+) (EventID: 4689) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (04/11/2018 08:47:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Error: (04/11/2018 08:47:43 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (04/11/2018 08:47:42 PM) (Source: VSS) (EventID: 4101) (User: )
Description: Volume Shadow Copy Service error: Cannot obtain the collection 'Applications' from the COM+ catalog [0x8007043c].

Error: (04/11/2018 08:47:24 PM) (Source: COM+) (EventID: 4689) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed

Error: (04/11/2018 08:47:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.


System errors:
=============
Error: (04/12/2018 07:59:14 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/12/2018 07:55:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (04/11/2018 08:51:43 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/11/2018 08:50:08 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/11/2018 08:49:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Tweaking Run As System 0033 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/11/2018 08:49:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Tweaking Run As System 0033 service to connect.

Error: (04/11/2018 08:49:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Tweaking Run As System 0032 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/11/2018 08:49:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Tweaking Run As System 0032 service to connect.


==================== Memory info ===========================

Processor: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of memory in use: 70%
Total physical RAM: 1014.37 MB
Available physical RAM: 300.59 MB
Total Virtual: 2440.74 MB
Available Virtual: 1504.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:51.39 GB) (Free:27.11 GB) NTFS ==>[drive with boot components (Windows XP)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 54.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=51.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End of Addition.txt ============================

 

A reboot just took 3min 16sec.


  • 0

#130
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,168 posts
  • MVP

Follow the manual steps on

https://support.micr...mmand-on-a-wind

 

I know it says for 2003 but it should be the same for XP.  Export the key before you delete anything so you can put it back if something goes wrong.


  • 0

Advertisements


#131
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Had a busy day, so only just got the time to do this, but it seems to have worked at the cmd prompt I got a list of 3 writers.

 

So, where do we go next?


  • 0

#132
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,168 posts
  • MVP

Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Time a reboot.

 

Run VEW as before and post both logs.
 


  • 0

#133
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Reboot 3min 06 sec of which 1min 02  sec was the shut down.

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 14/04/2018 18:06:15

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 14/04/2018 18:07:28

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/04/2018 17:54:51
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ENILLION\Philip registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

 


  • 0

#134
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,168 posts
  • MVP

Confirm that UPHClean is installed and running, click Start, and then click Run.
    In Open box, type the following text, and then click OK:

    services.msc
    In Services, in the Name column, locate User Profile Hive Cleanup. In the Status column, confirm that the User Profile Hive Cleanup service is Started.

 

If you don't see it reinstall it:

 

http://www.majorgeek...up_service.html

 

If you have to reinstall it then clear the events and reboot then run VEW again.

 

Let's also check Process Explorer:

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 


  • 0

#135
PhilipW97

PhilipW97

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Yes UPHClean was running.

 

Here is the VEW log:

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    98.44    0 K    28 K    0            
procexp.exe    1.56    16,084 K    23,648 K    796    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    
Interrupts    < 0.01    0 K    0 K    n/a    Hardware Interrupts and DPCs        
ZCfgSvc.exe        10,888 K    16,312 K    1948    Intel® PROSet/Wireless Zero Config Service    Intel® Corporation    
wscntfy.exe        520 K    2,188 K    2448    Windows Security Center Notification App    Microsoft Corporation    
wmiprvse.exe        3,684 K    8,128 K    2712    WMI    Microsoft Corporation    
winlogon.exe        6,724 K    4,748 K    672    Windows NT Logon Application    Microsoft Corporation    
uphclean.exe        588 K    1,528 K    2248    User Profile Hive Cleanup Service    Windows ® Codename Longhorn DDK provider    
unsecapp.exe        2,224 K    3,980 K    2568    WMI    Microsoft Corporation    
unsecapp.exe        2,256 K    4,288 K    3020    WMI    Microsoft Corporation    
unsecapp.exe        1,744 K    4,160 K    2784    WMI    Microsoft Corporation    
UAService7.exe        240 K    1,052 K    2268            
System        0 K    256 K    4            
svchost.exe        14,972 K    25,384 K    1036    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        1,320 K    3,564 K    908    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        1,912 K    4,416 K    956    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        2,384 K    3,340 K    1076    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        1,356 K    3,652 K    1220    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        1,160 K    3,092 K    1276    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        1,332 K    3,840 K    632    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        1,040 K    2,972 K    1284    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        1,032 K    2,940 K    1884    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        2,448 K    4,336 K    2168    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        2,876 K    4,636 K    2224    Generic Host Process for Win32 Services    Microsoft Corporation    
stsystra.exe        4,608 K    8,240 K    1940    Sigmatel Audio system tray application    SigmaTel, Inc.    
spoolsv.exe        4,136 K    6,392 K    492    Spooler SubSystem App    Microsoft Corporation    
smss.exe        172 K    440 K    588    Windows NT Session Manager    Microsoft Corporation    
services.exe        1,952 K    3,632 K    716    Services and Controller app    Microsoft Corporation    
S24EvMon.exe        11,580 K    17,480 K    1148    Intel® Wireless Management Service    Intel® Corporation    
RegSrvc.exe        948 K    3,524 K    2100    Intel® PROSet/Wireless Registry Service    Intel® Corporation    
MsMpEng.exe        44,304 K    51,052 K    996    Service Executable    Microsoft Corporation    
lsass.exe        7,140 K    10,156 K    728    LSA Shell (Export Version)    Microsoft Corporation    
igfxsrvc.exe        1,232 K    3,412 K    2012    igfxsrvc Module    Intel Corporation    
igfxpers.exe        680 K    2,888 K    1984    persistence Module    Intel Corporation    
iFrmewrk.exe        13,792 K    19,000 K    1956    Intel® PROSet/Wireless Framework    Intel® Corporation    
hkcmd.exe        692 K    2,776 K    1976    hkcmd Module    Intel Corporation    
GrooveMonitor.exe        1,772 K    5,372 K    1932    GrooveMonitor Utility    Microsoft Corporation    
explorer.exe        30,732 K    45,440 K    1644    Windows Explorer    Microsoft Corporation    
EvtEng.exe        14,080 K    17,968 K    1436    Intel® PROSet/Wireless Event Log Service    Intel® Corporation    
ctfmon.exe        924 K    3,240 K    1992    CTF Loader    Microsoft Corporation    
csrss.exe        1,964 K    6,700 K    648    Client Server Runtime Process    Microsoft Corporation    
AvastUI.exe        85,016 K    19,200 K    2756    Avast Antivirus    AVAST Software    
AvastUI.exe        146,096 K    156,268 K    1912    Avast Antivirus    AVAST Software    
AvastSvc.exe        115,108 K    40,964 K    1480    Avast Service    AVAST Software    
aswidsagent.exe        20,204 K    29,748 K    1500    Avast Behavior Shield    AVAST Software    
alg.exe        1,084 K    3,264 K    3116    Application Layer Gateway Service    Microsoft Corporation    

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP