Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Malware Expert
I'm going to have this moved to the malware forum so we can run FRST so I can see more of what's going on.
Member
Malware Expert
Leave it on. Now that we have it booted perhaps we can see something interesting.
Member
Okay, I have attempted to carry out your instructions.........
First of all, I got this message when starting FRST
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2016
Ran by User (administrator) on NEAL1 (03-08-2016 09:14:58)
Running from C:\Documents and Settings\User\My Documents\Downloads
Loaded Profiles: User (Available Profiles: User & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
() C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\WINDOWS\system32\PSIService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files\Touro Cloud Backup\Touro Cloud BackupCrawler.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
(Creative Technology Ltd) C:\Program Files\Creative\DVDAudio\CTDVDDET.exe
(Creative Technology Ltd) C:\WINDOWS\system32\Ctxfihlp.exe
() C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTxfispi.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Portrait Displays, Inc) C:\Program Files\Hewlett-Packard\HP My Display\dthtml.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Spotify Ltd) C:\Documents and Settings\User\Application Data\Spotify\SpotifyWebHelper.exe
(Portrait Displays Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\Touro Cloud Backup\Touro Cloud Backup.exe
(TomTom) C:\Program Files\TomTom\MySportsConnect\TomTom MySports Connect.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [ReminderApp] => C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe [144672 2009-10-20] ()
HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [19456 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [CTDVDDET] => C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE [45056 2003-06-18] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] => C:\WINDOWS\system32\CTXFIHLP.EXE [26112 2014-03-01] (Creative Technology Ltd)
HKLM\...\Run: [PivotSoftware] => C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [694824 2009-03-03] ()
HKLM\...\Run: [DT HPC] => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [123688 2013-01-10] (Portrait Displays, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-11] (AVAST Software)
HKLM\...\Run: [LauncherC1765nf] => C:\Program Files\Dell Printers\Printer SSW\Launcher\dlm1launcher.exe [2471928 2013-08-13] (Dell Inc.)
HKLM\...\Run: [StatusAutoRunC1765nf] => C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe [3024360 2013-02-06] (Dell Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [339968 2005-03-22] (SigmaTel, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\Run: [Spotify Web Helper] => C:\Documents and Settings\User\Application Data\Spotify\SpotifyWebHelper.exe [2346096 2016-01-20] (Spotify Ltd)
HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6690520 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\Run: [Touro Cloud Backup] => C:\Program Files\Touro Cloud Backup\Touro Cloud Backup.exe [2063968 2014-10-24] ()
HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\Run: [TomTom MySports Connect.exe] => C:\Program Files\TomTom\MySportsConnect\TomTom MySports Connect.exe [3834368 2016-06-20] (TomTom)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_296_pepper.exe -update pepperplugin
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-29] (AVAST Software)
ShellIconOverlayIdentifiers: [01MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] ()
ShellIconOverlayIdentifiers: [02MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] ()
ShellIconOverlayIdentifiers: [03MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] ()
ShellIconOverlayIdentifiers: [04MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] ()
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-06-17]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{10191BB2-FF37-48CA-833D-6764C0A4FA75}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-220523388-1979792683-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://uk.my.yahoo.com/
HKU\S-1-5-21-220523388-1979792683-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-29] (AVAST Software)
Toolbar: HKU\S-1-5-21-220523388-1979792683-1801674531-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1370086580859
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1370086717752
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7nil7qv6.default-1439630893296
FF Homepage: hxxps://uk.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-18] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-220523388-1979792683-1801674531-1003: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll [2014-03-24] (Sony Network Entertainment International LLC)
FF Extension: ADB Helper - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7nil7qv6.default-1439630893296\Extensions\[email protected] [2016-05-17]
FF Extension: Ghostery - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7nil7qv6.default-1439630893296\Extensions\[email protected] [2016-07-10]
FF Extension: Valence - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7nil7qv6.default-1439630893296\Extensions\[email protected] [2016-05-17]
FF Extension: Yahoo Toolbar and New Tab - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7nil7qv6.default-1439630893296\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}.xpi [2016-08-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-21] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-11]
FF HKLM\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF
FF Extension: Avast Passwords - C:\Program Files\AVAST Software\Avast\pam\FF [2016-07-11]
Chrome:
=======
CHR HomePage: Default -> hxxp://uk.my.yahoo.com/
CHR StartupUrls: Default -> "hxxp://uk.my.yahoo.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Data Compression Proxy) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajfiodhbiellfpcjjedhmmmpeeaebmep [2016-05-07]
CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Rapport) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-02-08]
CHR Extension: (Google Cast) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-05-02]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2015-06-22]
CHR Extension: (Avast Passwords) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2016-07-20]
CHR Extension: (User-Agent Switcher for Google Chrome) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffhkkpnppgnfaobgihpdblnhmmbodake [2016-06-06]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-22]
CHR Extension: (Window Resizer) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2016-05-10]
CHR Extension: (Webproxy.net - Unblock any website) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpmikmnnnoacchojfpdgfdgpkfgajhim [2015-05-22]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKLM\...\Chrome\Extension: [emhginjpijfggbofeediiojmdlmlkoik] - C:\Program Files\AVAST Software\Avast\pam\Chrome\pam.crx [2016-05-10]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-10]
CHR HKU\S-1-5-21-220523388-1979792683-1801674531-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR StartupUrls: "hxxps://uk.yahoo.com/"
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-06-29] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-06-29] (AVAST Software)
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-05-10] (Creative Labs) [File not signed]
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DLNBDB; C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe [191464 2013-02-06] ()
R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [140072 2013-01-10] (Portrait Displays, Inc.)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-05-27] (IObit)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [120400 2012-08-10] (Portrait Displays, Inc.)
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-07-11] (IBM Corp.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [601072 2014-05-29] (Paramount Software UK Ltd)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 Touro Cloud Backup Crawler; C:\Program Files\Touro Cloud Backup\Touro Cloud BackupCrawler.exe [2370656 2014-10-24] ()
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-06-29] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-06-29] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91680 2016-06-29] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2015-11-23] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [299992 2016-06-29] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-06-29] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-06-29] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [816304 2016-06-29] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [438296 2016-07-13] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184592 2016-06-29] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [66688 2016-06-29] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-08-02] (AVAST Software)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347144 2010-05-05] (Creative Technology Ltd)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R3 PdiPorts; C:\WINDOWS\System32\Drivers\PdiPorts.sys [16080 2012-08-10] (Portrait Displays, Inc.)
R1 Pivot; C:\WINDOWS\System32\drivers\pivot.sys [17465 2009-03-03] (Portrait Displays, Inc.) [File not signed]
S3 pivotmou; C:\WINDOWS\system32\drivers\pivotmou.sys [11323 2009-03-03] (Portrait Displays, Inc.) [File not signed]
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
R1 RapportCerberus_1609042; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1609042.sys [752616 2016-07-20] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [307016 2016-07-11] (IBM Corp.)
S3 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [237544 2016-07-11] (IBM Corp.)
S3 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [386152 2016-07-11] (IBM Corp.)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 WIMMount; C:\Program Files\Macrium\Reflect\wimmount.sys [19024 2014-06-08] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-03 09:08 - 2016-08-03 09:14 - 00000000 ____D C:\FRST
2016-08-02 17:59 - 2016-08-02 17:59 - 00090112 _____ C:\WINDOWS\Minidump\Mini080216-01.dmp
2016-08-02 14:44 - 2016-08-02 14:45 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2016-07-30 18:44 - 2016-07-30 18:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini073016-01.dmp
2016-07-28 10:17 - 2016-07-28 10:17 - 00090112 _____ C:\WINDOWS\Minidump\Mini072816-01.dmp
2016-07-21 14:11 - 2016-07-21 14:40 - 00000000 ____D C:\Documents and Settings\User\Desktop\Greece Photos
2016-07-16 11:10 - 2016-07-16 11:11 - 00000000 ____D C:\Documents and Settings\User\Desktop\Pub Menus
2016-07-15 13:44 - 2016-07-15 13:44 - 00000858 _____ C:\Documents and Settings\All Users\Desktop\Lunascape6.lnk
2016-07-15 13:44 - 2016-07-15 13:44 - 00000000 ____D C:\Documents and Settings\User\Application Data\Lunascape
2016-07-15 13:38 - 2016-07-15 13:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Lunascape6
2016-07-15 13:01 - 2016-07-15 13:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-15 12:40 - 2016-07-15 13:36 - 00000000 ____D C:\Program Files\Lunascape
2016-07-12 18:47 - 2016-07-13 16:14 - 00005171 _____ C:\Documents and Settings\User\Desktop\test.html
2016-07-11 19:19 - 2016-07-11 19:19 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Nuance
2016-07-11 18:54 - 2016-07-11 18:54 - 00000000 ____D C:\Documents and Settings\User\Application Data\ProductData
2016-07-11 18:45 - 2016-07-11 18:45 - 00004390 _____ C:\Documents and Settings\User\Desktop\JRT.txt
2016-07-11 18:21 - 2016-07-11 18:26 - 00000000 ____D C:\AdwCleaner
2016-07-11 14:01 - 2016-07-11 14:01 - 00237544 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2016-07-11 10:47 - 2016-07-11 10:47 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\ESET
2016-07-11 10:10 - 2016-06-29 16:29 - 00319248 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-07-10 19:51 - 2016-07-10 19:51 - 00000692 _____ C:\Documents and Settings\All Users\Desktop\K-Meleon.lnk
2016-07-10 19:51 - 2016-07-10 19:51 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\K-Meleon
2016-07-10 19:51 - 2016-07-10 19:51 - 00000000 ____D C:\Documents and Settings\User\Application Data\K-Meleon
2016-07-10 19:50 - 2016-07-10 19:50 - 00000000 ____D C:\Program Files\K-Meleon
2016-07-10 19:12 - 2016-07-10 19:14 - 00002192 _____ C:\Documents and Settings\User\Start Menu\Programs\Vivaldi.lnk
2016-07-10 19:12 - 2016-07-10 19:14 - 00002186 _____ C:\Documents and Settings\User\Desktop\Vivaldi.lnk
2016-07-10 19:12 - 2016-07-10 19:14 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Vivaldi
2016-07-10 18:12 - 2016-07-10 18:12 - 00000497 _____ C:\Documents and Settings\User\Desktop\SVP.lnk
2016-07-05 16:52 - 2016-07-20 10:20 - 00000954 _____ C:\Documents and Settings\User\Desktop\BlueScreenView.cfg
2016-07-05 16:33 - 2016-07-05 16:33 - 00061024 _____ (NirSoft) C:\Documents and Settings\User\Desktop\BlueScreenView.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-03 09:15 - 2013-06-01 11:59 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Temp
2016-08-03 09:07 - 2016-03-23 09:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-03 08:29 - 2013-06-03 21:37 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-02 23:21 - 2014-09-26 20:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Nuance
2016-08-02 23:19 - 2013-06-01 11:59 - 00000000 ___RD C:\Documents and Settings\User\My Documents
2016-08-02 23:17 - 2014-09-26 20:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ScanSoft
2016-08-02 22:11 - 2014-08-02 17:28 - 00000312 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-08-02 20:30 - 2014-05-29 13:46 - 00000000 ___HD C:\Documents and Settings\User\Desktop\[ImagicOriginals]
2016-08-02 18:29 - 2013-06-03 21:37 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-02 18:01 - 2014-04-29 15:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2016-08-02 18:01 - 2013-06-01 13:08 - 00003850 _____ C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2016-08-02 18:01 - 2013-06-01 11:44 - 00000000 ____D C:\WINDOWS\Registration
2016-08-02 18:00 - 2016-06-16 10:22 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Touro Cloud Backup
2016-08-02 18:00 - 2015-11-23 12:33 - 00000448 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1448278396.job
2016-08-02 18:00 - 2014-07-18 20:35 - 00000412 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1405712104.job
2016-08-02 17:59 - 2014-03-27 13:07 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-08-02 17:59 - 2014-03-02 16:12 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-02 17:59 - 2013-06-01 11:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-02 17:44 - 2014-08-02 17:28 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-08-02 17:44 - 2004-08-10 13:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2016-07-27 11:31 - 2016-06-15 10:57 - 00000929 _____ C:\Documents and Settings\User\Desktop\TomTom.lnk
2016-07-22 12:04 - 2013-06-01 11:57 - 00032608 _____ C:\WINDOWS\SchedLgU.Txt
2016-07-21 17:11 - 2014-05-10 14:06 - 00055996 _____ C:\WINDOWS\system32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
2016-07-21 17:11 - 2014-05-10 14:06 - 00000788 _____ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
2016-07-21 17:11 - 2014-05-10 01:18 - 00055996 _____ C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
2016-07-21 17:01 - 2013-06-01 10:46 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2016-07-21 14:00 - 2014-07-07 16:59 - 00001543 _____ C:\Documents and Settings\User\Desktop\Internet Explorer.lnk
2016-07-21 14:00 - 2013-05-28 18:54 - 00001524 _____ C:\Documents and Settings\User\Desktop\Disk Cleanup.lnk
2016-07-20 21:12 - 2013-09-20 16:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2016-07-20 14:40 - 2014-09-26 20:13 - 00000000 ____D C:\Documents and Settings\User\Application Data\.oit
2016-07-15 21:44 - 2015-08-13 15:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-14 20:39 - 2013-06-03 19:07 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-07-14 11:35 - 2013-06-09 20:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-07-13 22:11 - 2014-08-02 17:28 - 00438296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2016-07-13 15:19 - 2013-08-14 10:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-13 15:03 - 2013-06-01 13:34 - 141983760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-11 18:41 - 2013-06-01 10:59 - 00000000 ____D C:\Documents and Settings\All Users
2016-07-11 10:15 - 2015-11-23 12:26 - 00001699 _____ C:\Documents and Settings\All Users\Desktop\Avast Internet Security.lnk
2016-07-11 10:12 - 2013-06-01 10:46 - 00000000 ___HD C:\WINDOWS\inf
2016-07-10 20:35 - 2016-01-04 11:38 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-10 17:52 - 2014-07-27 21:48 - 00000000 ___RD C:\Documents and Settings\User\My Documents\My Pictures
2016-07-10 17:52 - 2014-07-27 20:05 - 00000000 ___RD C:\Documents and Settings\User\My Documents\My Music
2016-07-05 17:21 - 2014-04-09 11:59 - 00000000 ____D C:\Program Files\SpeedFan
==================== Files in the root of some directories =======
2014-04-06 20:02 - 2016-06-17 18:46 - 0000012 _____ () C:\Documents and Settings\User\Application Data\9481
2015-07-19 19:34 - 2015-07-19 19:44 - 0581736 _____ () C:\Documents and Settings\User\Application Data\Scorch_Install.log
2014-06-19 09:12 - 2014-06-19 09:12 - 0000024 _____ () C:\Documents and Settings\User\Application Data\temp.ini
2014-04-06 20:02 - 2016-06-30 19:01 - 0000012 _____ () C:\Documents and Settings\User\Local Settings\Application Data\2631
2015-08-02 19:08 - 2015-08-02 19:08 - 0183721 _____ () C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
2015-08-02 19:08 - 2015-08-02 19:08 - 0312483 _____ () C:\Documents and Settings\User\Local Settings\Application Data\census.cache
2013-06-04 17:05 - 2016-06-16 18:11 - 0030720 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-04 16:05 - 2013-06-04 16:05 - 0000127 _____ () C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
2015-08-02 18:55 - 2015-08-02 18:55 - 0000036 _____ () C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
2014-04-06 20:02 - 2016-06-17 18:46 - 0000012 _____ () C:\Documents and Settings\All Users\Application Data\0359
2014-04-06 20:02 - 2016-06-17 18:46 - 0000012 _____ () C:\Documents and Settings\All Users\Application Data\1477
2014-04-06 20:02 - 2016-06-17 18:46 - 0000012 _____ () C:\Documents and Settings\All Users\Application Data\1548
2013-09-18 21:51 - 2013-09-18 21:51 - 1510494 _____ () C:\Documents and Settings\All Users\Application Data\Imagic50.bmp
2013-09-18 21:51 - 2013-09-18 21:51 - 1510494 _____ () C:\Documents and Settings\All Users\Application Data\Imagic50_1.bmp
2014-06-01 20:07 - 2016-01-09 19:44 - 0001750 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Some files in TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\adwcleaner_5.201.exe
C:\Documents and Settings\User\Local Settings\Temp\dlm1AnotherRegister.exe
C:\Documents and Settings\User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv5pur2.dll
C:\Documents and Settings\User\Local Settings\Temp\esetonlinescanner_enu.exe
C:\Documents and Settings\User\Local Settings\Temp\exe21.tmp.exe
C:\Documents and Settings\User\Local Settings\Temp\exe22.tmp.exe
C:\Documents and Settings\User\Local Settings\Temp\exe3C.tmp.exe
C:\Documents and Settings\User\Local Settings\Temp\exeCA.tmp.exe
C:\Documents and Settings\User\Local Settings\Temp\exeDD.tmp.exe
C:\Documents and Settings\User\Local Settings\Temp\Firefox-Setup-39-0_EN.exe
C:\Documents and Settings\User\Local Settings\Temp\hitmanpro.exe
C:\Documents and Settings\User\Local Settings\Temp\iobituninstaller.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-8u45-windows-au.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-8u51-windows-au.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-8u60-windows-au.exe
C:\Documents and Settings\User\Local Settings\Temp\JRT(1).exe
C:\Documents and Settings\User\Local Settings\Temp\JRT.exe
C:\Documents and Settings\User\Local Settings\Temp\K-Meleon75.1.exe
C:\Documents and Settings\User\Local Settings\Temp\libeay32.dll
C:\Documents and Settings\User\Local Settings\Temp\LunaSetup6140_ml11_gl.exe
C:\Documents and Settings\User\Local Settings\Temp\msvcr120.dll
C:\Documents and Settings\User\Local Settings\Temp\palemoon-25.4.1.win32.installer.exe
C:\Documents and Settings\User\Local Settings\Temp\reflectPatch.exe
C:\Documents and Settings\User\Local Settings\Temp\sfamcc00001.dll
C:\Documents and Settings\User\Local Settings\Temp\sfamcc00002.dll
C:\Documents and Settings\User\Local Settings\Temp\sfareca00002.dll
C:\Documents and Settings\User\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\User\Local Settings\Temp\Vivaldi.1.0.435.40.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-07-2016
Ran by User (2016-08-03 09:16:26)
Running from C:\Documents and Settings\User\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-06-01 10:50:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-220523388-1979792683-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-220523388-1979792683-1801674531-1004 - Limited - Enabled)
Guest (S-1-5-21-220523388-1979792683-1801674531-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-220523388-1979792683-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-220523388-1979792683-1801674531-1002 - Limited - Disabled)
User (S-1-5-21-220523388-1979792683-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.41612 - ABBYY Software House)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
Avast Internet Security (HKLM\...\Avast) (Version: 12.1.2272 - AVAST Software)
AXIS Media Control SDK (HKLM\...\AXIS Media Control SDK) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM\...\Console Launcher) (Version: - Creative Technology Limited)
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative MediaSource DVD-Audio Player (HKLM\...\Creative MediaSource DVD-Audio Player) (Version: - )
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Dell C1765 Color MFP (HKLM\...\InstallShield_{B03A2793-A8FF-4242-B23D-88D2D5FAE56A}) (Version: 1.039.0 - Dell Inc.)
Dell C1765 Color MFP (Version: 1.039.0 - Dell Inc.) Hidden
eCleaner 2.02 (HKLM\...\eCleaner 2.02) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Greek Premium (HKLM\...\{1CC5B6D9-1447-4CF9-9AF5-C2F9546827F7}) (Version: 1.0.1 - Mi-Lingo)
Greeting Card Factory Deluxe 8.0 (HKLM\...\{30A4DD1D-FD55-4CE4-BA01-758E00BC0228}) (Version: 8.0.2.1 - Nova Development)
HP My Display (HKLM\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.01.006 - Portrait Displays, Inc.)
Imagic 5 (Version: 5.0.7 - STOIK Imaging) Hidden
Imagic 5.0 (HKLM\...\{22E93747-AB1C-4809-9DFE-FE7518908A75}) (Version: 5.0.7 - STOIK Imaging)
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 5.4.0.119 - IObit)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Jasc Paint Shop Photo Album 5 (HKLM\...\{4192EAC0-6B36-4723-B216-D0E86E7757AC}) (Version: 5.21 - Jasc Software, Inc.)
Jasc Paint Shop Pro Studio, Dell Editon (HKLM\...\{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}) (Version: 1.00.0000 - Jasc Software Inc)
K-Meleon 75.0 (x86 en-US) (HKLM\...\K-Meleon 75.0 (x86 en-US)) (Version: 75.0 - kmeleonbrowser.org)
Lunascape6 (All Users) (HKLM\...\Lunascape6) (Version: 6.14.0.27546 - Lunascape)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.2.6551 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.4.5.1000 - Maxthon International Limited)
Media Go (HKLM\...\{F66C4A41-C3A8-4523-AB6C-BAA1DB38305C}) (Version: 2.7.357 - Sony)
Media Go Network Downloader (HKLM\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.4.127.12060 (HKLM\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.127.12060 - Sony)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
OpenAL (HKLM\...\OpenAL) (Version: - )
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 36.0.2130.75 (HKLM\...\Opera 36.0.2130.75) (Version: 36.0.2130.75 - Opera Software)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
Pivot Software (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
PIXresizer (HKLM\...\PIXresizer_is1) (Version: 2.0.7 - Bluefive software)
Rapport (Version: 3.5.1609.76 - Trusteer) Hidden
SafeZone Stable 1.48.2066.114 (Version: 1.48.2066.114 - Avast Software) Hidden
SDK (Version: 2.33.005 - Portrait Displays, Inc.) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4600.0 - SigmaTel)
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.6.201404170858 - Sony Mobile Communications AB)
Sony PC Companion 2.10.206 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.206 - Sony)
Sound Blaster for Media Center (HKLM\...\Sound Blaster for Media Center) (Version: - )
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.3 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Touro Cloud Backup (HKLM\...\Touro Cloud Backup) (Version: 4.0.0 - Touro Cloud Backup)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1609.76 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Vivaldi (HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\Vivaldi) (Version: 1.0.435.46 - Vivaldi)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\localserver32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{C84CD8A9-B62D-4B0F-A57F-959A30D6C584}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{D8E876D2-1A1C-495c-8A7D-80CF0EDA3566}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Paint Shop Pro Studio.exe (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-220523388-1979792683-1801674531-1003_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1405712104.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1448278396.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Documents and Settings\User\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com
==================== Loaded Modules (Whitelisted) ==============
2016-06-29 16:29 - 2016-06-29 16:29 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-29 16:29 - 2016-06-29 16:29 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-02 20:28 - 2016-08-02 20:28 - 03002880 _____ () C:\Program Files\AVAST Software\Avast\defs\16080201\algo.dll
2014-10-24 17:06 - 2014-10-24 17:06 - 01745504 _____ () C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll
2014-05-14 20:05 - 2009-03-03 11:40 - 00245760 _____ () C:\Program Files\Portrait Displays\Pivot Software\winphook.dll
2014-05-14 20:04 - 2013-01-10 15:26 - 00250664 _____ () C:\Program Files\Common Files\Portrait Displays\Shared\dthook.dll
2013-06-14 14:25 - 2013-06-14 14:25 - 00077944 _____ () C:\Program Files\Macrium\Reflect\AESDll.dll
2012-06-07 18:48 - 2012-06-07 18:48 - 00019968 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dltfm1zPP.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-06 18:37 - 2013-02-06 18:37 - 00191464 _____ () C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
2004-08-10 13:00 - 2011-02-04 17:48 - 00291840 ____N () C:\WINDOWS\system32\sbe.dll
2004-08-10 13:00 - 2013-01-02 07:49 - 01292288 ____N () C:\WINDOWS\system32\quartz.dll
2004-08-10 13:00 - 2008-04-14 05:41 - 00059904 ____N () C:\WINDOWS\system32\devenum.dll
2004-08-10 13:00 - 2008-04-14 05:42 - 00014336 ____N () C:\WINDOWS\system32\msdmo.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\WINDOWS\system32\PSIService.exe
2015-12-03 19:38 - 2012-08-10 15:07 - 00058368 _____ () C:\WINDOWS\system32\dltsm1zwia.dll
2014-10-24 17:06 - 2014-10-24 17:06 - 02370656 _____ () C:\Program Files\Touro Cloud Backup\Touro Cloud BackupCrawler.exe
2009-10-20 10:35 - 2009-10-20 10:35 - 00144672 _____ () C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
2009-10-20 10:36 - 2009-10-20 10:36 - 00086304 _____ () C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\AddressBookCore.dll
2009-10-20 10:13 - 2009-10-20 10:13 - 00147456 _____ () C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\en-US\ReminderApp.resources.dll
2010-05-05 19:56 - 2010-05-05 19:56 - 00002560 _____ () C:\WINDOWS\CTXFIRES.DLL
2014-05-14 20:05 - 2009-03-03 11:42 - 00694824 _____ () C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
2016-06-29 16:29 - 2016-06-29 16:30 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-14 20:05 - 2009-03-03 11:42 - 00694824 _____ () C:\Program Files\Portrait Displays\Pivot Software\floater.exe
2014-05-14 20:04 - 2013-01-10 15:26 - 00189224 _____ () C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
2014-05-14 20:04 - 2013-01-10 15:25 - 00123688 _____ () C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
2014-10-24 17:06 - 2014-10-24 17:06 - 02063968 _____ () C:\Program Files\Touro Cloud Backup\Touro Cloud Backup.exe
2014-10-24 14:27 - 2014-10-24 14:27 - 00964096 _____ () C:\Program Files\Touro Cloud Backup\NativeControls7.dll
2014-10-24 17:01 - 2014-10-24 17:01 - 01827328 _____ () C:\Program Files\Touro Cloud Backup\OnlineBackupFacade.dll
2016-06-20 14:16 - 2016-06-20 14:16 - 00016896 _____ () C:\Program Files\TomTom\MySportsConnect\DeviceDetection.dll
2016-06-20 14:19 - 2016-06-20 14:19 - 01076736 _____ () C:\Program Files\TomTom\MySportsConnect\ContentManager.dll
2016-06-20 14:16 - 2016-06-20 14:16 - 00017920 _____ () C:\Program Files\TomTom\MySportsConnect\TimeParse.dll
2016-06-20 14:17 - 2016-06-20 14:17 - 00109568 _____ () C:\Program Files\TomTom\MySportsConnect\kqoauth.dll
2016-06-20 14:16 - 2016-06-20 14:16 - 00019968 _____ () C:\Program Files\TomTom\MySportsConnect\TomTomSupporterBase.dll
2016-06-20 14:19 - 2016-06-20 14:19 - 00028672 _____ () C:\Program Files\TomTom\MySportsConnect\QtSolutions_SingleApplication.dll
2013-02-01 15:54 - 2013-02-01 16:54 - 12875264 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlthm1zRC.DLL
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2016-06-18 14:30 - 2015-12-23 16:27 - 00355616 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2016-06-18 14:30 - 2015-12-23 16:27 - 00190240 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2016-06-18 14:30 - 2015-12-23 16:27 - 00057632 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7865 more sites.
IE trusted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\123simsen.com -> www.123simsen.com
There are 7865 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-10 13:00 - 2016-03-20 00:17 - 00450613 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15461 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-220523388-1979792683-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 194.168.4.100 - 194.168.8.100
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: DellSystemDetect => C:\Documents and Settings\User\Local Settings\Apps\2.0\EP0VAQM6.NL6\RY7M30ZQ.GD2\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
MSCONFIG\startupreg: PPort14reminder => "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\User\Application Data\Spotify\spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dlcdcoms.exe] => Enabled:Dell 944 Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Opera\opera.exe] => Enabled:Opera Internet Browser
StandardProfile\AuthorizedApplications: [C:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe] => Disabled:Adobe Photoshop Elements Media Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe] => Enabled:Update Engine
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Disabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Maxthon\Bin\MxUp.exe] => Enabled:MxUp
StandardProfile\AuthorizedApplications: [C:\Program Files\Maxthon\Bin\Maxthon.exe] => Enabled:Maxthon
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\User\Local Settings\Application Data\Vivaldi\Application\vivaldi.exe] => Enabled:Vivaldi
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/02/2016 11:24:32 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (7420) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 8Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
Possible long-running transaction:
SessionId: 0x027003C0
Session-context: 0x00000000
Session-context ThreadId: 0x00001D20
Error: (08/02/2016 06:22:19 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (3240) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 8Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
Possible long-running transaction:
SessionId: 0x02700320
Session-context: 0x00000000
Session-context ThreadId: 0x00000CB4
Error: (08/02/2016 06:20:43 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (3240) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 8Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
Possible long-running transaction:
SessionId: 0x02700320
Session-context: 0x00000000
Session-context ThreadId: 0x00000CB4
Error: (08/02/2016 06:16:29 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (3240) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 8Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
Possible long-running transaction:
SessionId: 0x02700320
Session-context: 0x00000000
Session-context ThreadId: 0x00000CB4
Error: (08/02/2016 06:04:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application isuspm.exe, version 13.0.0.43575, faulting module isuspm.exe, version 13.0.0.43575, fault address 0x0000ab4b.
Processing media-specific event for [isuspm.exe!ws!]
Error: (07/21/2016 09:36:45 AM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (2920) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 8Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
Possible long-running transaction:
SessionId: 0x027003C0
Session-context: 0x00000000
Session-context ThreadId: 0x00000B74
Error: (07/20/2016 09:39:07 AM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (2828) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 8Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
Possible long-running transaction:
SessionId: 0x02700320
Session-context: 0x00000000
Session-context ThreadId: 0x00000B14
Error: (07/17/2016 09:01:28 AM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (2248) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 8Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
Possible long-running transaction:
SessionId: 0x027003C0
Session-context: 0x00000000
Session-context ThreadId: 0x000008CC
Error: (07/16/2016 09:12:34 AM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (2360) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 8Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
Possible long-running transaction:
SessionId: 0x027003C0
Session-context: 0x00000000
Session-context ThreadId: 0x0000093C
Error: (07/16/2016 09:07:32 AM) (Source: COM+) (EventID: 4689) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80080005: InitEventCollector failed
System errors:
=============
Error: (08/02/2016 06:02:36 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 000000f4, parameter1 00000003, parameter2 8af23da0, parameter3 8af23f14, parameter4 805d22da.
Error: (08/02/2016 06:01:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
Error: (08/02/2016 06:00:05 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.
Error: (08/02/2016 05:44:20 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000369ntuser.iniHarddiskVolume1
Error: (07/30/2016 06:45:04 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000369ntuser.iniHarddiskVolume1
Error: (07/28/2016 10:18:34 AM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.
Error: (07/28/2016 10:18:06 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000369ntuser.iniHarddiskVolume1
Error: (07/25/2016 09:48:26 AM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.
Error: (07/25/2016 09:48:17 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000369ntuser.iniHarddiskVolume1
Error: (07/22/2016 12:04:21 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.
==================== Memory info ===========================
Processor: Intel® Pentium® 4 CPU 3.20GHz
Percentage of memory in use: 38%
Total physical RAM: 3582.09 MB
Available physical RAM: 2197.1 MB
Total Virtual: 5463.87 MB
Available Virtual: 3165.49 MB
==================== Drives ================================
Drive c: (Main Drive) (Fixed) (Total:149.01 GB) (Free:90.29 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 3758CD02)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Since you have an XP disk can you install the Recovery Console? http://www.bleepingc...covery-console/
I got the following message when trying to do this
Edited by Channeal, 03 August 2016 - 03:34 AM.
Malware Expert
Let's start with the last error first.
You typed C:\i386...
We don't want C: but instead the drive letter for your CD/DVD drive which per your FRST logs is probably D: since I don't see any other drives.
Try again and use the correct letter.
Error: (08/02/2016 06:02:36 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 000000f4, parameter1 00000003, parameter2 8af23da0, parameter3 8af23f14, parameter4 805d22da.
When was the last time you changed the CMOS battery? Before you change the BIOS go in to BIOS setup and write down each option so you can redo it if you need to. (Hint: if you have a digital camera just take pictures of each page.) See also:
http://helpdeskgeek....ror-in-windows/
(But let's wait on that until we do the other stuff since we are not sure it will boot)
Error: (07/17/2016 09:01:28 AM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (2248) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 8Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
Click on Start --> Run --> type in: services.msc
hit Enter
find and stop the Automatic Update service
then go to c:\windows\SoftwareDistribution folder and rename the folder DataStore
then restart the Automatic Update Service
Let's also run BluesScreen View since you have some memory dumps:
Download BlueScreenView
http://www.nirsoft.net/utils/blue_screen_view.html
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.
Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply
Error: (07/17/2016 09:01:28 AM) (Source: ESENT) (EventID: 623) (User: )Description: wuaueng.dll (2248) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 8Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
Member
Okay. Have been out today and have not got beyond dealing with the Windows XP disk. Apologies, as I tried so many times to do it, trying different drive letters - but then forgot to give you the whole story. 
Let's start with the last error first.
You typed C:\i386...
We don't want C: but instead the drive letter for your CD/DVD drive which per your FRST logs is probably D: since I don't see any other drives.
Try again and use the correct letter.
My CD/DVD drives are actually I and J. (I being the DVD Drive and J being the DVD-RW) one. I think I probably tried putting C in desperation when very tired, because nothing was working and I ended up getting confused, due to being very tired.
Working with a slightly clearer mind now, I have ascertained that there is a problem with the CD - it just does not show up at all if inserted in drive. It does not appear to be a problem with the optical drives, as when I tried another CD it showed up okay. The disk does seem to have a few scratches on it, so I assumed perhaps they were preventing it from loading. I did however try it in the old laptop I have just taken over from her and it did actually load on there first time.
Is it possible to somehow copy the files we need from there onto another CD or thumb drive?
When was the last time you changed the CMOS battery? Before you change the BIOS go in to BIOS setup and write down each option so you can redo it if you need to. (Hint: if you have a digital camera just take pictures of each page.) See also:
http://helpdeskgeek....ror-in-windows/
(But let's wait on that until we do the other stuff since we are not sure it will boot)
Acknowledged that you do not want me to do anything with this at the moment. In answer to your question though, I believe the CMOS battery was last changed at our request by the Computer shop (the one that failed to use our Windows CD) back in May 2013. I remember that clearly because when we asked them to change it, they said they did not have a battery to use (do computer repair shops not usually have a supply of batteries to hand?) and we had to obtain one ourselves to give to them! I cannot actually remember it being changed since then though.
How often should they be changed roughly? We have owned computers since 1999 and to the best of my knowledge 2013 is the only time that a computer battery has ever been changed!!!!!
Will look at your other instructions and post the results in another message. I already have BlueScreen view on here, so that one at least should not be too difficult to deal with. Though with this computer, you just never know!!!!
Edited by Channeal, 03 August 2016 - 12:34 PM.
Member
The last two items were far easier to deal with.....
Click on Start --> Run --> type in: services.msc
hit Enter
find and stop the Automatic Update service
then go to c:\windows\SoftwareDistribution folder and rename the folder DataStore
then restart the Automatic Update Service
This has been done as per your instructions.
save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply
==================================================
Dump File : Mini080216-01.dmp
Crash Time : 02/08/2016 17:45:14
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x8af23da0
Parameter 3 : 0x8af23f14
Parameter 4 : 0x805d22da
Caused By Driver : aswSnx.sys
Caused By Address : aswSnx.sys+1abfc
File Description : avast! Virtualization Driver
Product Name : Avast Antivirus
Company : AVAST Software
File Version : 12.1.3076.0
Processor : 32-bit
Crash Address : ntoskrnl.exe+22fa3
Stack Address 1 : ntoskrnl.exe+fa423
Stack Address 2 : ntoskrnl.exe+fb385
Stack Address 3 : ntoskrnl.exe+6a7e8
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini080216-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 02/08/2016 17:59:27
==================================================
==================================================
Dump File : Mini073016-01.dmp
Crash Time : 28/07/2016 10:18:53
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x8b242210
Parameter 3 : 0x8b242384
Parameter 4 : 0x805d22da
Caused By Driver : aswSnx.sys
Caused By Address : aswSnx.sys+1abfc
File Description : avast! Virtualization Driver
Product Name : Avast Antivirus
Company : AVAST Software
File Version : 12.1.3076.0
Processor : 32-bit
Crash Address : ntoskrnl.exe+22fa3
Stack Address 1 : ntoskrnl.exe+fa423
Stack Address 2 : ntoskrnl.exe+fb385
Stack Address 3 : ntoskrnl.exe+6a7e8
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini073016-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 30/07/2016 18:44:46
==================================================
==================================================
Dump File : Mini072816-01.dmp
Crash Time : 25/07/2016 09:48:45
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x8b4a2020
Parameter 3 : 0x8b4a2194
Parameter 4 : 0x805d22da
Caused By Driver : aswSnx.sys
Caused By Address : aswSnx.sys+1abfc
File Description : avast! Virtualization Driver
Product Name : Avast Antivirus
Company : AVAST Software
File Version : 12.1.3076.0
Processor : 32-bit
Crash Address : ntoskrnl.exe+22fa3
Stack Address 1 : ntoskrnl.exe+fa423
Stack Address 2 : ntoskrnl.exe+fb385
Stack Address 3 : ntoskrnl.exe+6a7e8
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072816-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 28/07/2016 10:17:43
==================================================
Error: (07/17/2016 09:01:28 AM) (Source: ESENT) (EventID: 623) (User: )Description: wuaueng.dll (2248) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 8Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
Sorry, did you want me to take any action regarding this error?
Malware Expert
I would expect the recovery console could work if you were to copy the folder \i386 from your CD to a USB drive.
The batteries usually last about 5 years. Usually the first symptom you see is that the clock is way off when you boot. Normally there is an option in the CMOS/BIOS setup to set the BIOS to the default (but don't do it until you have recorded the current settings.) The batteries for a desktop are usually standard these days. CR2032 Amazon has a 5 pack for under $3. If you buy one at Walmart or Walgreens they are about $5 each. When you change the battery the BIOS reverts to its default which often fixes problems (or causes them if the PC needs certain changes from the default.)
One thing you can try the next time you have it off is to swap the SATA and power cables between the two drives. That will rule out a cabling problem. If you just swap the one end of the cables you can also rule out the Motherboard connection.
Malware Expert
The Blue screens are being caused by Avast so I would uninstall it before you shut down again. Perhaps a new download and a reinstall after the reboot would work.
Error: (07/17/2016 09:01:28 AM) (Source: ESENT) (EventID: 623) (User: )Description: wuaueng.dll (2248) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 8Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
We just did. That was the
Click on Start --> Run --> type in: services.msc
hit Enter
find and stop the Automatic Update service
then go to c:\windows\SoftwareDistribution folder and rename the folder DataStore
then restart the Automatic Update Service
I would clear the alarms:
Member
The batteries usually last about 5 years. Usually the first symptom you see is that the clock is way off when you boot. Normally there is an option in the CMOS/BIOS setup to set the BIOS to the default (but don't do it until you have recorded the current settings.) The batteries for a desktop are usually standard these days. CR2032 Amazon has a 5 pack for under $3. If you buy one at Walmart or Walgreens they are about $5 each. When you change the battery the BIOS reverts to its default which often fixes problems (or causes them if the PC needs certain changes from the default.)
Will order one from Amazon. (There are no Walmarts or Walgreens here in the UK! 
)
One thing you can try the next time you have it off is to swap the SATA and power cables between the two drives. That will rule out a cabling problem. If you just swap the one end of the cables you can also rule out the Motherboard connection.
Sorry, not sure how to do this. Am not very familiar with the inside of a computer, apart from swapping the leads which make the drive either the main or secondary drives (the SATA one, I think) which I learned to do when making the clone in 2014. Don't know what you mean by the power cable though. Are they the bigger connectors next to the SATA ones? Is so, can I just remove them and swap them over then?
The Blue screens are being caused by Avast so I would uninstall it before you shut down again. Perhaps a new download and a reinstall after the reboot would work.
Will do this before I reboot next.
I would clear the alarms:
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.
Done.
Try the Recovery Console install again using a flash drive. If it works then try a reboot.
My daughter loaded the i386 file onto my flash drive on her new computer, as the laptop refused to do it. My attempt at getting the Recovery Console to install has not worked so far though..... I think there was a message about not being able to connect to Microsoft to update. Am calling it a day soon, but will try again tomorrow.
Thanks very much for your help.
Malware Expert
Sorry, not sure how to do this. Am not very familiar with the inside of a computer, apart from swapping the leads which make the drive either the main or secondary drives (the SATA one, I think) which I learned to do when making the clone in 2014. Don't know what you mean by the power cable though. Are they the bigger connectors next to the SATA ones? Is so, can I just remove them and swap them over then?
Each hard drive has two connection. The SATA connection which connects it to the motherboard and the power connection which is right next to the SATA. You can swap them or if you have unused ones from your power supply you can use them.
It may not be possible to install the recovery console now that Ms has shutdown XP support. We used to let Combofix do it automatically. You could try it but Combofix usually reboots the PC as part of its normal procedure so make sure you have uninstalled Avast before you try it..
Member
Each hard drive has two connection. The SATA connection which connects it to the motherboard and the power connection which is right next to the SATA. You can swap them or if you have unused ones from your power supply you can use them.
Thanks for info. Will try this when I reboot.
It may not be possible to install the recovery console now that Ms has shutdown XP support. We used to let Combofix do it automatically. You could try it but Combofix usually reboots the PC as part of its normal procedure so make sure you have uninstalled Avast before you try it..
I think the problem is actually (once again) with the fact that I have SP2 & 3 updates on here. I keep getting messages to say it will not work because the version of XP on the computer is newer than the one on the files (copied from the CD) that I am trying to install.
The article at https://support.micr...en-gb/kb/898594 says that there was a way round this by integrating SP2 & 3 into the files from the CD.... but it seems that the installation files for SP2 & 3 are now no longer available. So unfortunately it looks like it ain't gonna happen!
Is it any use still trying the Combo fix program? It seems unlikely to me that it is going to work..... but then, I know virtually nothing about any of this stuff!!!!
Edited by Channeal, 04 August 2016 - 01:59 AM.
Malware Expert
SP3 is still available from the ms catalog. You have to use IE to access it.
Go to
https://catalog.upda.../site/Home.aspx
(Install the little add-on program they need)
In the search box type: XP SP3 and hit Enter.
Amazingly service pack 2 is also available. Search for: xp AND service pack 2
Member
Okay, thank you.
I found the SP3 download but have had no success so far in adapting the instructions for SP3 (rather than 2)
1. Create two new folders on the computer. For example, create the C:\XPCD\i386 and C:\XPSP2 folders.
This has been done and a C:XPSP3 folder has been created
2. Copy the files and folders in the i386 folder from the original Windows XP CD to C:\XPCD\i386.
Done. Okay.
3. Download the Windows XP SP2 network installation package to C:\XPSP2
Done to C:\XPSP3. Should I click on the file to extract or not?
4. Click Start, click Run, type cmd, and then click OK.
5. At the command prompt, type cd C:\XPSP2, and then press ENTER.
Done using C:\XPSP3. Okay.
6. Type WindowsXP-KB835935-SP2-ENU.exe /integrate:C:\XPCD, and then press ENTER.
Here I do not know what to type in. Nothing I have tried so far has worked! Any ideas please? You can see the name of the SP3 installation file in Step 3 above
7. The Windows Service Pack 2 Setup Wizard starts and notifies you that Windows XP SP2 files are being integrated into the Windows XP installation folder. Follow the instructions in the Windows Service Pack 2 Setup Wizard.
Not got to this stage yet!
Edited by Channeal, 04 August 2016 - 08:36 AM.
Malware Expert
I don't think you need SP2 at all. See: http://www.bleepingc...te-bootable-cd/
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.
Sign In
Create Account
