Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need My Computer Checked for Malware [Solved]

Started by Chimiti , Feb 22 2019 04:38 PM

  • This topic is locked This topic is locked

#1
Chimiti
Posted 22 February 2019 - 04:38 PM

Chimiti

    Member

  • Member
  • PipPipPip
  • 169 posts

I have a Dell Optiplex 780 with Windows XP Pro SP3.  I have avast 12.3.2280.  I have that version because that is the last / highest version that works on my computer.  I am using Maxthon MX5 5.2.6.1000 and NetZero Dial Up.

On and off since back around November / December 2018 my computer has acted up.  The main symptom is that suddenly, while my NetZero IS connected to the Net, I just cannot bring up any websites.  I'll just get the error that would typically get displayed when not connected to the Net ... but, I AM connected.

At the bottom of my Maxthon MX5 browser it'll just keep saying "Resolving Host."

 

Sometimes when leaving my browser up and running for a while without any interaction from me, I'll come back and things are locked up and the Task Manager will indicate around 50% Mem Usage.  It'll usually be one Maxthon task causing that.  That didn't use to happen.  (Same Maxthon version as when this didn't used to happen.)

On the Task Manager, when avast is updating the Virus Definitions, instead of the instup task indicating around 100,000 plus Mem Usage like normal ... it'll instead indicate around 30,000 or so and take a lot longer to update.

Sometimes also the Dell Blue Progress Bar at bootup takes way longer to complete and disappear.  And there'll be an indication of "Keyboard not recognized."  And System Restore will cease to work.

I'll also sometimes get an Access Error when accessing my PortableApps.com platform on my flash drive.

Bottom line ... eventually, in one way or another, after arduous troubleshooting and work, the problem will usually be made to go away by avast being reinstalled.  So, it's almost as if avast keeps mysteriously breaking after a while.  An avast Repair attempt actually made things worse.

I ran MBAM and 0 threats were detected.  SAS has never found anything either.  avast scans have also never found anything either.

Here are my FRST and Addition files:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2019

Ran by Administrator (administrator) on PC1994-03 (22-02-2019 15:17:13)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Documents and Settings\Administrator\Application Data\Maxthon MX5 Portable 5.2.6.1000\MaxthonPortable\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NetZero, Inc.) C:\Program Files\NetZero\exec.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIPBE.EXE
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\StartupManager.exe
(NetZero, Inc.) C:\Program Files\NetZero\exec.exe
(NetZero, Inc.) C:\Program Files\NetZero\qsacc\X1Exec.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Maxthon International ltd.) C:\Documents and Settings\Administrator\Application Data\Maxthon MX5 Portable 5.2.6.1000\MaxthonPortable\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Documents and Settings\Administrator\Application Data\Maxthon MX5 Portable 5.2.6.1000\MaxthonPortable\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Documents and Settings\Administrator\Application Data\Maxthon MX5 Portable 5.2.6.1000\MaxthonPortable\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Documents and Settings\Administrator\Application Data\Maxthon MX5 Portable 5.2.6.1000\MaxthonPortable\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Documents and Settings\Administrator\Application Data\Maxthon MX5 Portable 5.2.6.1000\MaxthonPortable\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Documents and Settings\Administrator\Application Data\Maxthon MX5 Portable 5.2.6.1000\MaxthonPortable\Bin\Maxthon.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2019-02-15] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-137174479-2924842710-3575905866-500\...\Run: [NetZero_uoltray] => C:\Program Files\NetZero\exec.exe [1797632 2012-04-26] (NetZero, Inc.)
HKU\S-1-5-21-137174479-2924842710-3575905866-500\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIPBE.EXE [380400 2014-11-13] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-137174479-2924842710-3575905866-500\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [44024 2019-01-25] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-137174479-2924842710-3575905866-500\...\Policies\Explorer: [Intellimenus] 1
HKLM\...\Drivers32: [msacm.trspch] => C:\WINDOWS\system32\tssoft32.acm [8192 2008-04-14] (Microsoft Windows Component Publisher -> DSP GROUP, INC.)
HKLM\...\Drivers32: [vidc.I420] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.iv31] => C:\WINDOWS\system32\ir32_32.dll [199168 2008-04-14] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [vidc.iv32] => C:\WINDOWS\system32\ir32_32.dll [199168 2008-04-14] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [vidc.iv41] => C:\WINDOWS\system32\ir41_32.ax [848384 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [msacm.msg723] => C:\WINDOWS\system32\msg723.acm [118784 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M263] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M261] => C:\WINDOWS\system32\msh261.drv [188416 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.msaudio1] => C:\WINDOWS\system32\msaud32.acm [282654 2009-09-01] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.sl_anet] => C:\WINDOWS\system32\sl_anet.acm [86016 2008-04-14] (Microsoft Windows Component Publisher -> Sipro Lab Telecom Inc.)
HKLM\...\Drivers32: [msacm.iac2] => C:\WINDOWS\system32\iac25_32.ax [199680 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [vidc.iv50] => C:\WINDOWS\system32\ir50_32.dll [755200 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] -> C:\WINDOWS\system32\ieudinit.exe [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\inf\unregmp2.exe [2007-06-26] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] -> C:\WINDOWS\system32\shmgrate.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] -> 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] -> C:\WINDOWS\system32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{5945c046-1e7d-11d1-bc44-00c04fd912be}] -> C:\WINDOWS\system32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\system32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7790769C-0471-11d2-AF11-00C04FA35D02}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8b15971b-5355-4c82-8c07-7e181ea07608}] -> C:\WINDOWS\system32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{94de52c8-2d59-4f1b-883e-79663d2d9a8c}] -> C:\WINDOWS\system32\Setup\FxsOcm.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{C631DF4C-088F-4156-B058-4375F0853CD8}] -> C:\WINDOWS\System32\cscui.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SUPERAntiSpyware.com -> SuperAdBlocker.com)
BootExecute: autocheck autochk *  
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{A493FDB9-03AD-48CF-8D97-FF2AE1019BAB}: [NameServer] 64.136.44.74 64.136.52.74
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USREL/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-137174479-2924842710-3575905866-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USREL/1
HKU\S-1-5-21-137174479-2924842710-3575905866-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://my.netzero.net/s/search?r=minisearch
URLSearchHook: [S-1-5-21-137174479-2924842710-3575905866-500] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-137174479-2924842710-3575905866-500 - (No Name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} -  No File
SearchScopes: HKU\S-1-5-21-137174479-2924842710-3575905866-500 -> {88BA080D-DF1A-45D2-8CE2-8461E30FBFFE} URL = hxxp://search.netzero.net/search?action=search&source=browserboxapp_isp&query={searchTerms}
SearchScopes: HKU\S-1-5-21-137174479-2924842710-3575905866-500 -> {B6FB0255-6DC7-4333-B44C-ABEB1DBC2649} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
BHO: NetZero Toolbar Helper -> {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} -> C:\Program Files\NetZero\ucreg.dll [2012-04-26] (NetZero Inc -> NetZero, Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262707538406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-03] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-04-07] [Legacy] [not signed]
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2010-07-17] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
 
Opera: 
=======
OPR Extension: (No Name) - C:\Program Files\Opera 36.0.2130.65\36.0.2130.65\resources\addons_portal_app []
OPR Extension: (No Name) - C:\Program Files\Opera 36.0.2130.65\36.0.2130.65\resources\history []
OPR Extension: (No Name) - C:\Program Files\Opera 36.0.2130.65\36.0.2130.65\resources\downloads []
OPR Extension: (No Name) - C:\Program Files\Opera 36.0.2130.65\36.0.2130.65\resources\docs_minimal_app []
OPR Extension: (No Name) - C:\Program Files\Opera 36.0.2130.65\36.0.2130.65\resources\activity []
OPR Extension: (No Name) - C:\Program Files\Opera 36.0.2130.65\36.0.2130.65\resources\bookmark_manager []
OPR Extension: (No Name) - C:\Program Files\Opera 36.0.2130.65\36.0.2130.65\resources\pdf []
OPR Extension: (No Name) - C:\Program Files\Opera 36.0.2130.65\36.0.2130.65\resources\hangout_services []
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera 36.0.2130.65\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-07-25] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2019-02-15] (AVAST Software a.s. -> AVAST Software)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [126128 2012-05-16] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S4 Intel PDS; C:\WINDOWS\system32\CBA\pds.exe [32825 2014-06-19] (LANDesk Software Ltd.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-07-17] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{EF84A5AC-F9DF-447C-B814-EDFA54E23E80} [5120 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
S3 WiseBootAssistant; J:\PortableApps\Wise Care 365\BootTime.exe [658600 2018-12-06] (Lespeed Technology Ltd. -> WiseCleaner.com)
S2 MxService; C:\Program Files\Maxthon5\Bin\MxService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Windows Component Publisher -> Microsoft Corporation)
R3 ADIHdAudAddService; C:\WINDOWS\System32\drivers\ADIHdAud.sys [339456 2009-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.)
S4 AliIde; C:\WINDOWS\system32\DRIVERS\aliide.sys [5248 2001-08-17] (Microsoft Windows Component Publisher -> Acer Laboratories Inc.)
S4 asc; C:\WINDOWS\system32\DRIVERS\asc.sys [26496 2001-08-17] (Microsoft Windows Component Publisher -> Advanced System Products, Inc.)
S4 asc3550; C:\WINDOWS\system32\DRIVERS\asc3550.sys [14848 2001-08-17] (Microsoft Windows Component Publisher -> Advanced System Products, Inc.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2019-02-15] (AVAST Software a.s. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2019-02-15] (AVAST Software a.s. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2019-02-15] (AVAST Software a.s. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [60424 2019-02-15] (AVAST Software a.s. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2019-02-15] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433768 2019-02-15] (AVAST Software s.r.o. -> AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184592 2019-02-15] (AVAST Software a.s. -> AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [66688 2019-02-15] (AVAST Software a.s. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224752 2019-02-15] (AVAST Software s.r.o. -> AVAST Software)
S4 CmdIde; C:\WINDOWS\system32\DRIVERS\cmdide.sys [6656 2001-08-17] (Microsoft Windows Component Publisher -> CMD Technology, Inc.)
S4 dac2w2k; C:\WINDOWS\system32\DRIVERS\dac2w2k.sys [179584 2001-08-17] (Microsoft Windows Component Publisher -> Mylex Corporation)
R2 DgiVecp; C:\WINDOWS\System32\Drivers\DgiVecp.sys [40448 2003-07-29] (DeviceGuys, Inc.) [File not signed]
R3 e1kexpress; C:\WINDOWS\System32\DRIVERS\e1k5132.sys [192168 2011-05-04] (Intel Corporation -> Intel Corporation)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [25864 2019-02-20] (Glarysoft LTD -> Glarysoft Ltd)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2008-04-13] (Microsoft Windows Component Publisher -> Conexant Systems, Inc.)
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Microsoft Windows Component Publisher -> Conexant Systems, Inc.)
R3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [6316160 2009-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 ldblank; C:\WINDOWS\System32\DRIVERS\ldblank.sys [14848 2014-06-19] (Microsoft Windows Hardware Compatibility Publisher -> LANDesk Software, Inc. and its affiliates.)
R3 ldmirror; C:\WINDOWS\System32\DRIVERS\ldmirror.sys [5120 2014-06-19] (Microsoft Windows Hardware Compatibility Publisher -> LANDesk Software, Inc. and its affiliates.)
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [11868 2008-04-13] (Microsoft Windows Component Publisher -> Conexant)
R3 mirrorflt; C:\WINDOWS\System32\DRIVERS\mirrorflt.sys [6656 2014-06-19] (Microsoft Windows Hardware Compatibility Publisher -> LANDesk Software, Inc. and its affiliates.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30368 2011-04-15] (Intel Corporation -> Intel Corporation )
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
S4 ql1080; C:\WINDOWS\system32\DRIVERS\ql1080.sys [40320 2001-08-17] (Microsoft Windows Component Publisher -> QLogic Corporation)
S4 ql12160; C:\WINDOWS\system32\DRIVERS\ql12160.sys [45312 2001-08-17] (Microsoft Windows Component Publisher -> QLogic Corporation)
S4 ql1280; C:\WINDOWS\system32\DRIVERS\ql1280.sys [49024 2001-08-17] (Microsoft Windows Component Publisher -> QLogic Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Microsoft Windows Component Publisher -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Sonic Focus, Inc)
S4 symc810; C:\WINDOWS\system32\DRIVERS\symc810.sys [16256 2001-08-17] (Microsoft Windows Component Publisher -> Symbios Logic Inc.)
S4 symc8xx; C:\WINDOWS\system32\DRIVERS\symc8xx.sys [32640 2001-08-17] (Microsoft Windows Component Publisher -> LSI Logic)
S4 sym_hi; C:\WINDOWS\system32\DRIVERS\sym_hi.sys [28384 2001-08-17] (Microsoft Windows Component Publisher -> LSI Logic)
S4 sym_u3; C:\WINDOWS\system32\DRIVERS\sym_u3.sys [30688 2001-08-17] (Microsoft Windows Component Publisher -> LSI Logic)
S4 ultra; C:\WINDOWS\system32\DRIVERS\ultra.sys [36736 2001-08-17] (Microsoft Windows Component Publisher -> Promise Technology, Inc.)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2008-04-13] (Microsoft Windows Component Publisher -> Conexant Systems, Inc.)
S3 mfeaack; system32\drivers\mfeaack.sys [X]
S3 mfeapfk; system32\drivers\mfeapfk.sys [X]
S3 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfehidk; system32\drivers\mfehidk.sys [X]
S1 mfetdik; system32\drivers\mfetdik.sys [X]
S0 PBADRV; system32\DRIVERS\PBADRV.sys [X]
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-22 15:17 - 2019-02-22 15:17 - 000022213 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2019-02-22 15:07 - 2019-02-22 15:07 - 000234368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-22 14:55 - 2019-02-21 08:11 - 000032536 _____ C:\Documents and Settings\Administrator\My Documents\Addition.txt
2019-02-22 14:55 - 2019-02-21 08:11 - 000031306 _____ C:\Documents and Settings\Administrator\My Documents\FRST.txt
2019-02-21 07:50 - 2019-02-22 15:17 - 000000000 ____D C:\FRST
2019-02-21 07:03 - 2019-02-21 07:02 - 001793024 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2019-02-20 17:11 - 2019-02-20 17:11 - 000001379 _____ C:\Documents and Settings\Administrator\Desktop\Maxthon MX5.lnk
2019-02-20 17:05 - 2019-02-20 17:05 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Maxthon MX5 Portable 5.2.6.1000
2019-02-20 15:39 - 2019-02-20 15:39 - 000000238 _____ C:\WINDOWS\Tasks\GU5SkipUAC.job
2019-02-20 15:32 - 2019-02-22 08:18 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\GlarySoft
2019-02-20 15:32 - 2019-02-20 15:32 - 000025864 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2019-02-20 15:32 - 2019-02-20 15:32 - 000000768 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities 5.lnk
2019-02-20 15:32 - 2019-02-20 15:32 - 000000762 _____ C:\Documents and Settings\All Users\Desktop\Glary Utilities 5.lnk
2019-02-20 15:32 - 2019-02-20 15:32 - 000000000 ____D C:\Program Files\Glary Utilities 5
2019-02-20 15:32 - 2019-02-20 15:32 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities 5
2019-02-19 08:25 - 2019-02-19 08:25 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium
2019-02-15 09:35 - 2019-02-22 15:08 - 000000364 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2019-02-15 08:09 - 2019-02-15 08:09 - 000001696 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2019-02-15 08:09 - 2019-02-15 08:09 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2019-02-15 08:09 - 2019-02-15 08:09 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\AVAST Software
2019-02-15 08:08 - 2019-02-15 09:42 - 000433768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2019-02-15 08:08 - 2019-02-15 09:42 - 000224752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2019-02-15 08:08 - 2019-02-15 09:41 - 000735488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2019-02-15 08:08 - 2019-02-15 08:08 - 000319760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-02-15 08:08 - 2019-02-15 08:08 - 000184592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2019-02-15 08:08 - 2019-02-15 08:08 - 000092256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-02-15 08:08 - 2019-02-15 08:08 - 000066688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2019-02-15 08:08 - 2019-02-15 08:08 - 000064272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2019-02-15 08:08 - 2019-02-15 08:08 - 000060424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-02-15 08:08 - 2019-02-15 08:08 - 000053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2019-02-15 08:08 - 2019-02-15 08:08 - 000034008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2019-02-15 08:08 - 2019-02-15 08:08 - 000000000 ____D C:\Program Files\AVAST Software
2019-02-15 08:08 - 2019-02-15 08:08 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2019-02-13 08:15 - 2019-02-13 08:15 - 000000262 _____ C:\Documents and Settings\Administrator\Desktop\PortableApps.lnk
2019-02-12 19:46 - 2019-02-12 19:46 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\DiskDefrag
2019-02-08 16:37 - 2019-02-08 16:37 - 000001572 _____ C:\Documents and Settings\All Users\Desktop\IrfanView Thumbnails.lnk
2019-02-08 16:37 - 2019-02-08 16:37 - 000000692 _____ C:\Documents and Settings\All Users\Desktop\IrfanView.lnk
2019-02-08 16:37 - 2019-02-08 16:37 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\IrfanView
2019-02-08 16:36 - 2019-02-08 16:37 - 000000000 ____D C:\Program Files\IrfanView
2019-02-05 23:43 - 2019-02-05 23:43 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2019-02-03 11:43 - 2019-02-03 11:43 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\Any Video Converter
2019-02-03 10:34 - 2019-01-28 13:05 - 001737984 _____ (Tracker Software Products (Canada) Ltd.) C:\WINDOWS\system32\pxcpmL.dll
2019-02-03 10:31 - 2019-02-03 10:34 - 000000000 ____D C:\Program Files\Tracker Software
2019-02-03 10:31 - 2019-02-03 10:34 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tracker Software
2019-02-03 10:31 - 2019-02-03 10:31 - 000000816 _____ C:\Documents and Settings\All Users\Desktop\PDF-XChange Editor.lnk
2019-02-03 10:31 - 2019-02-03 10:31 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\FileOpen
2019-01-26 08:43 - 2019-01-26 08:43 - 000000799 _____ C:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk
2019-01-26 08:43 - 2019-01-26 08:43 - 000000000 ____D C:\Program Files\FastStone Image Viewer
2019-01-26 08:43 - 2019-01-26 08:43 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FastStone Image Viewer
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-22 15:17 - 2016-07-25 14:07 - 000007710 _____ C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem.txt
2019-02-22 15:17 - 2008-04-25 14:32 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2019-02-22 15:07 - 2008-04-25 14:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-22 15:07 - 2008-04-25 09:16 - 000001158 _____ C:\WINDOWS\system32\wpa.dbl
2019-02-22 15:06 - 2008-04-25 14:32 - 000032496 _____ C:\WINDOWS\SchedLgU.Txt
2019-02-22 15:06 - 2008-04-25 14:32 - 000000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2019-02-22 14:15 - 2017-09-14 08:18 - 001118720 ___SH C:\Documents and Settings\Administrator\My Documents\Thumbs.db
2019-02-22 13:47 - 2018-09-17 19:56 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
2019-02-21 07:15 - 2018-09-20 15:37 - 000220896 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2019-02-20 16:06 - 2008-04-25 14:32 - 000000000 ____D C:\Documents and Settings\Administrator
2019-02-20 14:47 - 2008-04-25 09:16 - 000000195 __RSH C:\boot.ini
2019-02-18 09:15 - 2016-07-25 08:10 - 000133632 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-02-15 08:09 - 2008-04-25 02:17 - 000000000 ___HD C:\WINDOWS\inf
2019-02-14 22:08 - 2008-04-25 02:21 - 000000000 ____D C:\Documents and Settings\All Users
2019-02-08 08:53 - 2018-10-13 17:05 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Anvsoft
2019-02-05 16:28 - 2016-08-04 20:01 - 000000000 ____D C:\WINDOWS\Minidump
2019-02-05 14:48 - 2010-01-05 08:57 - 000000000 __SHD C:\WINDOWS\CSC
2019-02-05 08:34 - 2008-04-25 14:32 - 000000000 __SHD C:\Documents and Settings\NetworkService
2019-02-05 08:34 - 2008-04-25 14:32 - 000000000 __SHD C:\Documents and Settings\LocalService
2019-02-05 08:34 - 2008-04-25 14:26 - 000000000 ____D C:\WINDOWS\Registration
2019-02-03 10:33 - 2015-01-10 00:37 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
 
==================== Files in the root of some directories =======
 
2016-11-28 08:44 - 2016-12-03 08:16 - 000000178 _____ () C:\Documents and Settings\Administrator\Application Data\licecap.ini
2016-07-25 08:10 - 2019-02-18 09:15 - 000133632 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-02-05 14:28 - 2008-02-05 14:28 - 000000051 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\setup.txt
2009-12-30 08:09 - 2010-01-04 16:04 - 000000000 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-02-2019
Ran by Administrator (22-02-2019 15:18:06)
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-01-04 21:04:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-137174479-2924842710-3575905866-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
cba_anonymous (S-1-5-21-137174479-2924842710-3575905866-1038 - Limited - Enabled)
Guest (S-1-5-21-137174479-2924842710-3575905866-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-137174479-2924842710-3575905866-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-137174479-2924842710-3575905866-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Flash Player 24 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Any Video Converter 6.2.9 (HKLM\...\Any Video Converter) (Version: 6.2.9 - Anvsoft)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
BOSS Fonts Manager (HKLM\...\BOSS Fonts Manager) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Easy Photo Scan (HKLM\...\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}) (Version: 1.00.0006 - Seiko Epson Corporation)
Epson Event Manager (HKLM\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-330 Series Printer Uninstall (HKLM\...\EPSON XP-330 Series) (Version:  - Seiko Epson Corporation)
Epson XP-330 User’s Guide version 1.0 (HKLM\...\UsersGuideEpson XP-330 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
FastStone Image Viewer 6.9 (HKLM\...\FastStone Image Viewer) (Version: 6.9 - FastStone Soft)
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Glary Utilities 5.113 (HKLM\...\Glary Utilities 5) (Version: 5.113.0.138 - Glarysoft Ltd)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
IrfanView 4.52 (32-bit) (HKLM\...\IrfanView) (Version: 4.52 - Irfan Skiljan)
ISO2Disc 1.10 (HKLM\...\ISO2Disc_is1) (Version:  - Top Password Software, Inc.)
Java™ 6 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216019FF}) (Version: 6.0.210 - Sun Microsystems, Inc.)
LANDESK Advance Agent (HKLM\...\{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}) (Version: 1.0.0 - LANDesk Software) Hidden
LANDesk Advance Agent (HKLM\...\{9CCB5C4C-3A67-4F0F-A445-69E0AC2B740B}) (Version: 1.0.0 - LANDesk Software) Hidden
LANDesk® Common Base Agent 8 (HKLM\...\{45734758-4041-4EA8-8E62-DE661FC3879C}) (Version: 9.60.0.225 - LANDesk Software, Ltd) Hidden
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2003 (HKLM\...\{90AF0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8305.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6412.0 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM\...\Office14.OUTLOOK) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
NetZero Internet (HKLM\...\{6c651250-2eb2-11d5-8e33-0050dad72ac2}) (Version: 8.9.4.2 - NetZero, Inc.)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
PDF-XChange Editor (HKLM\...\{59594555-2481-48A3-875D-65123563E30A}) (Version: 7.0.328.2 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Lite Home (HKLM\...\{006968B9-DAD6-426A-AC18-377F1955A9E1}) (Version: 7.0.328.2 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Lite Home (HKLM\...\{025f139b-caa0-4a10-b7bb-73566685441e}) (Version: 7.0.328.2 - Tracker Software Products (Canada) Ltd.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Software Updater (HKLM\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1258 - SUPERAntiSpyware.com)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-15] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-15] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2019-01-22] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2019-01-22] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-15] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers3: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2009-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-15] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2019-01-22] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Scheduled Tasks=============================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\EPSON XP-330 Series Update {57C9ED0C-3F24-499D-9310-438390D449F0}.job => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TTSPBE.EXE:/EXE:{57C9ED0C-3F24-499D-9310-438390D449F0} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GU5SkipUAC.job => C:\Program Files\Glary Utilities 5\Integrator.exe
Task: C:\WINDOWS\Tasks\JetCleanLoginCheckUpdate.job => I:\PortableApps\JetClean Portable 1.5.0.129\AutoUpdate.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1469479329.job => C:\Program Files\Opera 36.0.2130.65\launcher.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\"::
WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control::[Query => SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario']
 
==================== Loaded Modules (Whitelisted) ==============
 
2019-02-15 08:08 - 2019-02-15 08:08 - 000169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2019-02-15 08:08 - 2019-02-15 08:08 - 000482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2019-02-15 08:08 - 2019-02-15 08:08 - 048936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2019-01-25 00:25 - 2019-01-25 00:25 - 000087024 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll
2008-04-25 09:16 - 2008-04-14 05:00 - 000059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-25 09:16 - 2008-04-14 05:00 - 000014336 _____ () C:\WINDOWS\system32\msdmo.dll
2019-02-20 17:05 - 2018-12-04 20:12 - 001936672 _____ () C:\Documents and Settings\Administrator\Application Data\Maxthon MX5 Portable 5.2.6.1000\MaxthonPortable\Core\swiftshader\libglesv2.dll
2019-02-20 17:05 - 2018-12-04 20:12 - 000119584 _____ () C:\Documents and Settings\Administrator\Application Data\Maxthon MX5 Portable 5.2.6.1000\MaxthonPortable\Core\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-25 09:16 - 2019-02-20 14:52 - 000000855 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-137174479-2924842710-3575905866-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 64.136.44.74 - 64.136.52.74
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName3 -> C:\WINDOWS\system32\ipconf.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName4 -> C:\WINDOWS\system32\h323.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\WINDOWS\explorer.exe] => Disabled:Windows Explorer
DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
DomainProfile\AuthorizedApplications: [C:\WINDOWS\system32\cba\pds.exe] => Enabled:LANDesk Ping Discovery Service
DomainProfile\AuthorizedApplications: [C:\WINDOWS\system32\msgsys.exe] => Enabled:LANDesk Message Service
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\cba\pds.exe] => Enabled:LANDesk Ping Discovery Service
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\msgsys.exe] => Enabled:LANDesk Message Service
StandardProfile\AuthorizedApplications: [J:\PortableApps\MaxthonPortable\MaxthonPortable.exe] => Enabled:MaxthonPortable
StandardProfile\AuthorizedApplications: [C:\Program Files\EPSON Software\Event Manager\EEventManager.exe] => Enabled:EEventManager.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe] => Enabled:Avast Emergency Update
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management 
DomainProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) 
StandardProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009
 
==================== Restore Points =========================
 
06-01-2019 07:43:45 System Checkpoint
06-01-2019 07:43:49 System Checkpoint
14-02-2019 23:00:18 System Checkpoint
06-01-2019 07:43:53 System Checkpoint
06-01-2019 07:43:56 System Checkpoint
06-01-2019 07:44:00 System Checkpoint
06-01-2019 07:44:03 System Checkpoint
14-02-2019 23:00:21 System Checkpoint
06-01-2019 07:44:13 System Checkpoint
06-01-2019 07:44:19 System Checkpoint
06-01-2019 07:44:26 System Checkpoint
06-01-2019 07:44:30 System Checkpoint
08-01-2019 08:14:27 System Checkpoint
05-01-2019 22:59:02 System Checkpoint
21-01-2019 08:04:55 System Checkpoint
21-01-2019 08:05:02 System Checkpoint
21-01-2019 08:05:06 System Checkpoint
10-01-2019 08:46:16 System Checkpoint
21-01-2019 08:05:10 System Checkpoint
21-01-2019 08:05:13 System Checkpoint
21-01-2019 08:05:16 System Checkpoint
21-01-2019 08:05:19 System Checkpoint
15-01-2019 17:14:41 System Checkpoint
21-01-2019 08:05:23 System Checkpoint
21-01-2019 08:05:27 System Checkpoint
21-01-2019 08:05:31 System Checkpoint
24-01-2019 07:45:34 System Checkpoint
20-01-2019 22:02:39 System Checkpoint
29-01-2019 08:04:25 System Checkpoint
29-01-2019 08:04:29 System Checkpoint
29-01-2019 08:04:33 System Checkpoint
25-01-2019 09:56:23 POST:  avast Boot Time Scan & MBAM 0 Threat Scan -- Internet Access Questionable
29-01-2019 08:04:43 JRT Pre-Junkware Removal
29-01-2019 08:04:47 Pre-avast Uninstall to Reinstall
29-01-2019 08:04:51 Installed Windows XP Wdf01009.
03-02-2019 14:38:45 System Checkpoint
03-02-2019 14:38:47 System Checkpoint
03-02-2019 14:38:54 System Checkpoint
30-01-2019 12:26:29 System Checkpoint
03-02-2019 14:38:59 System Checkpoint
03-02-2019 14:39:02 System Checkpoint
03-02-2019 14:39:09 Pre Maxthon 4 Uninstall
06-02-2019 08:07:43 System Checkpoint
03-02-2019 14:39:26 PDF-XChange Lite Home
03-02-2019 14:39:30 Removed PDF-XChange Editor
03-02-2019 14:39:38 Installed PDF-XChange Editor
03-02-2019 14:39:42 PDF-XChange Lite Home
06-02-2019 08:07:51 Installed PDF-XChange Lite Home
06-02-2019 08:07:55 System Checkpoint
06-02-2019 08:08:14 Restore Operation
06-02-2019 08:08:20 Installed Windows XP Wdf01009.
05-02-2019 14:04:19 Restore Operation
05-02-2019 14:13:39 Restore Operation
05-02-2019 14:15:54 Restore Operation
05-02-2019 14:18:06 Restore Operation
07-02-2019 08:14:40 Before Removing avast to Reinstall
06-02-2019 08:08:27 Installed Windows XP Wdf01009.
05-02-2019 16:45:04 All CLEANED and Ready for avast Install
08-02-2019 16:42:21 Installed Windows XP Wdf01009.
08-02-2019 16:42:28 Toto Manual Routine System Restore Point
10-02-2019 08:00:00 System Checkpoint
10-02-2019 08:00:08 Before Wise Program Uninstaller Folder Removal
11-02-2019 08:11:49 Toto Manual Routine System Restore Point
10-02-2019 07:59:18 Toto Manual Routine System Restore Point
13-02-2019 08:17:56 Toto Manual Routine System Restore Point
14-02-2019 08:25:05 System Checkpoint
14-02-2019 23:00:10 Toto Manual Routine System Restore Point
14-02-2019 08:04:16 Toto Manual Routine System Restore Point
16-02-2019 08:07:50 Before avast Repair Attempt
16-02-2019 08:07:56 Installed Windows XP Wdf01009.
14-02-2019 23:00:48 Post avast Repair
14-02-2019 20:33:57 Restore Operation
16-02-2019 08:08:03 Pre LANDesk Removal
14-02-2019 22:58:27 FIXED - No avast - No Glary -  No Wise
17-02-2019 07:58:23 Pre avast Install - Post Symptoms Fixed Previous Night
16-02-2019 08:08:40 Installed Windows XP Wdf01009.
15-02-2019 08:25:28 Immediately After avast Installed
18-02-2019 08:25:24 Toto Manual Routine System Restore Point
19-02-2019 07:30:25 Toto Manual Routine System Restore Point
18-02-2019 08:25:32 Pre MyBook External HD Hookup
20-02-2019 08:10:49 Toto Manual Routine System Restore Point
19-02-2019 07:29:56 Toto Manual Routine System Restore Point
20-02-2019 08:10:22 Toto Manual Routine System Restore Point
20-02-2019 13:29:05 Before Windows Repair AIO Maintenance
20-02-2019 14:59:30 Post Tweaking.com Maintenance: Repaired Environmental Paramenters - Hosts File - Safe Mode
21-02-2019 07:48:55 Pre Farbar and All avast Forums Changes
22-02-2019 09:19:51 System Checkpoint
22-02-2019 15:09:55 Pre FRST Scan for Geeks to Go - CLEANED
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/22/2019 03:07:30 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
 
Error: (02/22/2019 03:07:30 PM) (Source: UserInit) (EventID: 1000) (User: )
Description: Could not execute the following script \\US.CED.local\SysVol\US.CED.local\scripts\AddGroup1.vbs. The network location cannot be reached. For information about network troubleshooting, see Windows Help.
.
 
Error: (02/22/2019 03:07:30 PM) (Source: UserInit) (EventID: 1000) (User: )
Description: Could not execute the following script \\US.CED.local\SysVol\US.CED.local\scripts\ChgPswd2.vbs. The network location cannot be reached. For information about network troubleshooting, see Windows Help.
.
 
Error: (02/22/2019 03:07:30 PM) (Source: UserInit) (EventID: 1000) (User: )
Description: Could not execute the following script \\US.CED.local\SysVol\US.CED.local\scripts\ChgPswd1.vbs. The network location cannot be reached. For information about network troubleshooting, see Windows Help.
.
 
Error: (02/22/2019 03:07:30 PM) (Source: UserInit) (EventID: 1000) (User: )
Description: Could not execute the following script \\US.CED.local\SysVol\US.CED.local\scripts\CreatePCAdmin.vbs. The network location cannot be reached. For information about network troubleshooting, see Windows Help.
.
 
Error: (02/22/2019 03:07:28 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
 
Error: (02/22/2019 07:56:27 AM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
 
Error: (02/22/2019 07:56:27 AM) (Source: UserInit) (EventID: 1000) (User: )
Description: Could not execute the following script \\US.CED.local\SysVol\US.CED.local\scripts\AddGroup1.vbs. The network location cannot be reached. For information about network troubleshooting, see Windows Help.
.
 
 
System errors:
=============
Error: (02/22/2019 03:10:47 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.
 
Error: (02/22/2019 03:09:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
mfehidk
mfetdik
PBADRV
 
Error: (02/22/2019 03:09:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MxService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/22/2019 03:07:35 PM) (Source: Print) (EventID: 33) (User: NT AUTHORITY)
Description: The PrintQueue Container could not be found because the DNS Domain name could not be retrieved.  Error: 54b
 
Error: (02/22/2019 03:07:28 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain US due to the following: 
There are currently no logon servers available to service the logon request.
.
 
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
 
Error: (02/22/2019 03:04:55 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain US due to the following: 
There are currently no logon servers available to service the logon request.
.
 
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
 
Error: (02/22/2019 11:43:44 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 239 minutes.
NtpClient has no source of accurate time.
 
Error: (02/22/2019 09:43:29 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 38%
Total physical RAM: 3547.52 MB
Available physical RAM: 2187.92 MB
Total Virtual: 7461.37 MB
Available Virtual: 6155.84 MB
 
==================== Drives ================================
 
Drive c: (C Drive) (Fixed) (Total:232.73 GB) (Free:194.8 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive j: () (Removable) (Total:29.17 GB) (Free:11.19 GB) FAT32
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: EC0328C2)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=232.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Protective MBR) (Size: 29.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
iMacg3
Posted 23 February 2019 - 07:22 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Welcome to the Geeks To Go malware removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions completely before you complete them.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, uninstall it before proceeding.
  • If you don't respond to your topic in 4 days, it will be closed. You can have it reopened by contacting me or any staff member by pm with the address of the thread.
  • If you have questions about anything, please ask.
--------------------

I noticed you are running Windows XP. XP hasn't been updated since 2014 - that's about 5 years. Running an OS without updates for that long poses a serious security risk. The OS has numerous unpatched security holes. Additionally, applications that run on XP are often outdated - therefore adding to the security risk.

My personal recommendation would be to back up your data, and upgrade the operating system.

However, if you wish to continue troubleshooting the issues, let me know and we'll begin.

Thanks. :)
  • 0

#3
Chimiti
Posted 23 February 2019 - 08:36 PM

Chimiti

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts

Oh, I know about the outdated status of Windows XP.  I just figured ... Geeks to Go still has a Windows XP forum, so ---- why not give it a shot.

 

So yeah, sure ... let's give it a shot.  IF you can find anything wrong / dangerous in my FRST files, we'll see if that helps neutralize my computer's problems.

 

So you've got the green light to give it a go, iMacg3.  :yes:


  • 0

#4
iMacg3
Posted 23 February 2019 - 09:53 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

I don't see any evidence of malware in the logs. However, I do think Avast may be causing an issue.

Please uninstall Avast using the Avast removal tool, then restart the computer.

You can then install an Antivirus program other than Avast - here's a list of AV programs still compatible with XP: https://windowsrepor...service-pack-3/

Choose one other than Avast, and install it.

Let me know if the problem persists.

Thanks.
  • 2

#5
Chimiti
Posted 24 February 2019 - 02:37 PM

Chimiti

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts

I was afraid that that's what it would turn out to be ... a case of Good News / Bad News.  Good News that my computer isn't infected ... Bad News that there is still an intermittent problem somewhere.

 

Interestingly enough, I've had my avast Virus Definitions update function disabled since February 20 and everything has been working great.  So maybe there IS a problem with the avast Virus Definitions updating function.  Maybe the definitions updates no longer play well with my very old avast 12.

 

Out of that list of anti-viruses, only Panda Cloud Free appears to fit my criteria ... of being FREE.  :D   I'm heading off right now to my sister's house to use her High Speed Internet so that I can download that Panda Cloud Free anti-virus onto my flash drive and bring it over here.  I'll then install it and see whether it plays well with my computer.  I'm a bit concerned about the "CLOUD" aspect of it in that I don't know if that's going to bog down my computer.  You know ... IF the constant Cloud activity is too much for my Dial Up Internet.  Then again, it could possibly work great.  We'll find out after I try it out.

 

Thanks for that suggestion, iMacg3.  And major thanks for checking out my computer's FRST files and giving me the results of no malware discovered. :thumbsup: I really appreciated your help. :spoton:  I'll let you know tomorrow if the Panda Cloud Free anti-virus is working fine and my computer's symptoms haven't popped back up.


  • 0

#6
iMacg3
Posted 24 February 2019 - 05:10 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
OK, sounds good. Let me know how it goes :thumbsup:
  • 0

#7
Chimiti
Posted 25 February 2019 - 10:01 AM

Chimiti

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts

Panda Dome is installed.  So far my computer has not experienced any of the symptoms that I had mentioned in my post.  Then again, they WERE intermittent symptoms.

 

I do notice that on some websites it does appear to be slower to render the pages, especially to completion ... vs. avast.  No doubt that is due to as I had feared would be the case ... the cloud activity instead of having the virus definitions ON the computer itself --- while on Dial Up.

 

I don't know.  I'll try it out some more.  It might be half a day or one or two days.  If the awareness of SLOW speed keeps being in my face, I might have to give avast another shot.

 

BTW, am I supposed to officially uninstall FRST?  I would have just deleted the icon, but I read somewhere that --- we are supposed to rename it to "uninstall.exe" or something along those lines and execute that?  Is that correct?

 

Either way, you already did your part, iMacg3.  It's peace of mind to know that my computer does not have any deeply-hidden malware that anti-viruses and the usual anti-malware apps don't find. Thanks again.


  • 0

#8
iMacg3
Posted 25 February 2019 - 10:53 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

To uninstall FRST, right-click on it and select Rename. Rename the file to uninstall.exe, then double-click on it. Your computer will restart.

--------------------------

Let me know how the Panda AV works out. If it does slow down the web page connection too much, there are other AVs on the list that you can try.
  • 0

#9
Chimiti
Posted 25 February 2019 - 01:49 PM

Chimiti

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts

FRST uninstalled.  DONE!

 

As to Panda?  As I alluded to ... it's odd how SOME websites, like Wikipedia, render as quickly as with avast.  The avast Forums render jussst a smidgen slower than avast, but basically the same as with avast.

 

I'll be asking some questions over on the Panda Forum.  Because for example:  While I could be wrong, I understood that Panda Dome doesn't really use and download Daily Virus Definitions Updates, but rather, uses the cloud.  But, then I got to thinking, "That cannot possibly be entirely true.  Otherwise how did I perform a FULL Scan last night while Offline?"  So I'm guessing that logically, at some point, with who knows what frequency ... Panda Dome MUST download SOMETHING that helps it do its job.  Like this morning, while I was loading MajorGeeks, a Panda popup came up on the lower right of my screen.  However, the text area of the popup was white BLANK.  It eventually disappeared.  I have no idea whether that was supposed to be a message informing me that an update download of some type was about to start ... or that it had ended ... or what.

 

I also don't know whether maybe upon installing Panda Dome, the first time one brings it up, it'll load a one time definitions file and of who knows what size.  For all I know, maybe Panda Dome is still little by little downloading some huge file.  I'll try to get to the bottom of this.

 

Out of that list of anti-viruses, only Panda Dome is my type --- FREE.  :laughing:


Edited by Chimiti, 25 February 2019 - 01:50 PM.

  • 0

#10
iMacg3
Posted 25 February 2019 - 02:08 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Here's an article about how cloud antiviruses work: https://computer.how...d-antivirus.htm

Let me know if you have any questions. :)

Thanks.
  • 2

#11
Chimiti
Posted 25 February 2019 - 06:46 PM

Chimiti

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts

Roger Wilco, iMacg3. :popcorn:  Thanks for the link.


  • 0

#12
iMacg3
Posted 25 February 2019 - 07:51 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
:thumbsup:
  • 0

#13
iMacg3
Posted 25 February 2019 - 07:51 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

It appears that this issue is resolved - therefore this topic is closed. Glad we could help. :)

If you still need help, please contact me or any staff member by pm with the address of the thread and request this topic be reopened.

Everyone else begin a new topic.

Thanks.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP