Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I cannot complete Installation of a Program - Error 1632

Started by PhilipW97 , Feb 22 2018 02:39 PM

Page 5 of 11
3
4
5
6
7

Please log in to reply

#61
PhilipW97

Posted 09 March 2018 - 03:40 PM

Member

Topic Starter
Member
147 posts

OK I did the job and it went into C:\Windows\syswow64 with no problem. However there was a similar file there, much smaller 16kb msvcr100_clr0400.dll. So I removed it. then tried to run Crypto and it ran correctly. I set it to the default setting and it did the maintenance and protection routines.

When I tried to do the FRST run, it came up with no words on the table. so a couple of reboots later it sorted itself out and i was able to run the search.

Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Philip (09-03-2018 22:07:42)
Running from C:\Users\Philip\Desktop
Boot Mode: Normal

================== Search Files: "msvcr100.dll" =============

C:\Windows\SysWOW64\msvcr100.dll
[2011-06-11 00:58][2018-03-09 18:15] 000773968 _____ (Microsoft Corporation) 0E37FBFA79D349D672456923EC5FBBE3 [File is digitally signed]

C:\Users\Philip\Desktop\msvcr100\msvcr100.dll
[2011-06-11 00:58][2018-03-09 18:17] 000773968 _____ (Microsoft Corporation) 0E37FBFA79D349D672456923EC5FBBE3 [File is digitally signed]

C:\Users\Adele\AppData\Local\Amazon\Kindle\application\msvcr100.dll
[2017-09-26 18:24][2017-09-26 18:24] 000770384 _____ (Microsoft Corporation) 67EC459E42D3081DD8FD34356F7CAFC1 [File is digitally signed]

C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\msvcr100.dll
[2018-01-18 00:32][2018-01-18 00:32] 000773968 _____ (Microsoft Corporation) BF38660A9125935658CFA3E53FDC7D65 [File is digitally signed]

C:\Program Files (x86)\Canon\Quick Menu\msvcr100.dll
[2018-01-14 16:14][2013-04-26 18:28] 000768848 _____ (Microsoft Corporation) 397FC81BD0FB460508A680C5F825FF9B [File is digitally signed]

C:\Program Files (x86)\Canon\My Image Garden\Microsoft.VC100.CRT\msvcr100.dll
[2018-01-14 16:07][2011-02-19 00:40] 000773968 _____ (Microsoft Corporation) BF38660A9125935658CFA3E53FDC7D65 [File is digitally signed]

C:\Program Files (x86)\Canon\My Image Garden\AddOn\PhotoSharing\Microsoft.VC100.CRT\msvcr100.dll
[2018-01-14 16:08][2011-02-19 00:40] 000773968 _____ (Microsoft Corporation) BF38660A9125935658CFA3E53FDC7D65 [File is digitally signed]

C:\Program Files (x86)\Canon\My Image Garden\AddOn\MovieCapture\Microsoft.VC100.CRT\msvcr100.dll
[2018-01-14 16:08][2011-02-19 00:40] 000773968 _____ (Microsoft Corporation) BF38660A9125935658CFA3E53FDC7D65 [File is digitally signed]

====== End of Search ======

So,, it would seem that you have solved this problem for me! Thank you very much, once again. :geek: There is one query that I have though, the overflow box for the symbols on the right hand side of the task bar has dissapeared making the task bar very crowded. Is there a way to get it back?

I hope your shopping trip went well.

Regards,

Philip

#62
RKinner

Posted 10 March 2018 - 06:53 AM

Malware Expert

Expert
24,625 posts

Not sure why you removed msvcr100_clr0400.dll. It might be needed to access your graphic card settings. Can you put it back? Or do I need to upload mine?

Glad to hear that replacing the msvcr100.dll fixed the problem.

Right click on the taskbar, select taskbar settings. In the search area put in

icons

You will get several options. Click on

Select which Icons appear in the taskbar

The top option (Always show... )

should be turned off to hide unwanted icons. On this page you can also choose which icons you want to see so I suppose it's possible that all of them have been turned on so turn off all but the ones you want.

Did that help?

Main purpose of the trip was to pick up some stuff for my office at Ikea. It's about 3 hours round trip to Orlando from here. If I had gone alone I would have been done in 30 minutes since I knew what I wanted but the wife came along and it took over 3 hours to get out of the store. Add in a stop at Costco (warehouse store) and by the time we got home I was too tired to do anything (especially after missing my nap). At least I got what I wanted. Next time I am going to pay the shipping charge and let them send it to me.

#63
PhilipW97

Posted 10 March 2018 - 08:18 AM

Member

Topic Starter
Member
147 posts

As soon as I turned off all icons it reverted to the original settup and all was well with the world!

Your note made me laugh and when I read it to my wife she laughed as well! it is about a 2 hour round trip to our nearest Ikea in Murcia and 3 hours seems about right for the stay in the store. The other thing that I find is that we go for something simple and by the time that we get to the checkout we have a full trolley with only a kitchen sink missing abd a bill of about €250 more than the item that we went for! :yes:

Now that the issue of not being able to uses a specific bit of software has been resolved are there any other tests that you think we should do to see if there are any other problems? or, should we move on to my XP machine that you kindly offerred to help me with? I have been working on that recently and it is now a bit faster, since I cleared most of the documents off. The machine is also a Delle Inspiron, a 6400 service tag 3PSTB2J As well as clearing stuff off it I have also used some of the Dell tools. There is a hardware component failure, but that doesn't seem to matter for using it as a music driver. of course there are no recent updates for the Windows XP so that throws up errors. It stll has the capacity to connect to the internet, but I only do that when necessary. (Which of course would include sending you whatever logs you wish to receive.)

As long as I can get it to a state where I can put music on to it and play it back without having to wait for an age for it to think about doing anything it will still be useful. I have left the software on in case of need, but the only bit that I really need to keep is The Oxford Spanish Dictionary, I no longer have the CD for putting that on again and I haven't been able to source another disk, I suspect that I loaned it to someone who failed to return it! So, I would prefer not to wipe the HD and reinstall the OS unless absolutely necessary.

So, over to you to tell me what you want me to send you.

Regards,

Philip

#64
RKinner

Posted 10 March 2018 - 08:32 AM

Malware Expert

Expert
24,625 posts

If everything is working OK then the same cleanup/goodbye instructions as before and we can move on to XP.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt
notepad \junk.txt

Open a Command Prompt:

Win XP: Start, All Programs, Accessories, Command Prompt

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/

(Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!)
Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.
(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it. Point it at the file and hit Open.
Now click on Attach this file.

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Check the Addition.txt box
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Right click on My Computer and select Manage and then Device Manager then View, Show Hidden Drivers. Now look in the right pane for yellow flagged devices. Right click on one and select properties then click on the Details tab. Change Property to Hardware IDs. Click on the top one then right click and copy. Paste that into a reply. Repeat for all yellow flagged devices.

#65
PhilipW97

Posted 10 March 2018 - 01:15 PM

Member

Topic Starter
Member
147 posts

OK, I did the first couple of tasks and the logs follow or are attached. However when I tried to run ADWCleaner it doesn't run, the machine beeps and a message says that ADWCleaner.exe is not a valid Win32 application. (Avast Paused and Firefox closed.) So, I thought it best to stop and consult...!

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
svchost.exe   48.44   140,720 K   15,144 K   1380   Generic Host Process for Win32 Services   Microsoft Corporation
System Idle Process   36.72   0 K   28 K   0
vlc-cache-gen.exe   4.69   49,568 K   35,616 K   5912
services.exe   4.69   5,468 K   1,608 K   672   Services and Controller app   Microsoft Corporation
firefox.exe   3.13   245,800 K   217,136 K   2760   Firefox   Mozilla Corporation
procexp.exe   0.78   15,488 K   23,088 K   2492   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com
Interrupts   0.78   0 K   0 K   n/a   Hardware Interrupts and DPCs
explorer.exe   0.78   30,836 K   17,728 K   1728   Windows Explorer   Microsoft Corporation
zatray.exe       56,068 K   5,136 K   2112   ZoneAlarm   Check Point Software Technologies Ltd.
ZAPrivacyService.exe       19,368 K   5,832 K   4068   ZAPrivacyService   Check Point Software Technologies, Ltd.
wuauclt.exe       13,280 K   920 K   5328   Windows Update   Microsoft Corporation
wmpnscfg.exe       940 K   468 K   3192   Windows Media Player Network Sharing Service Configuration Application   Microsoft Corporation
wmiprvse.exe       3,888 K   3,120 K   2796   WMI   Microsoft Corporation
winlogon.exe       7,424 K   1,600 K   628   Windows NT Logon Application   Microsoft Corporation
vsmon.exe       45,552 K   29,940 K   1760   ZoneAlarm   Check Point Software Technologies Ltd.
vlc-3.0.1-win32.exe       11,240 K   13,384 K   2856
unsecapp.exe       2,228 K   496 K   2424   WMI   Microsoft Corporation
unsecapp.exe       1,792 K   876 K   3328   WMI   Microsoft Corporation
UAService7.exe       240 K   84 K   4012
System       0 K   60 K   4
svchost.exe       6,824 K   828 K   3720   Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe       1,408 K   1,252 K   972   Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe       2,004 K   1,596 K   1068   Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe       2,396 K   132 K   1160   Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe       1,680 K   1,508 K   1544   Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe       1,600 K   248 K   1360   Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe       2,500 K   1,540 K   3732   Generic Host Process for Win32 Services   Microsoft Corporation
sua.exe       536 K   720 K   3076   Secunia Update Agent   Secunia
sqlwriter.exe       952 K   444 K   3528   SQL Server VSS Writer   Microsoft Corporation
spoolsv.exe       4,092 K   1,652 K   1932   Spooler SubSystem App   Microsoft Corporation
smss.exe       172 K   68 K   1920   Windows NT Session Manager   Microsoft Corporation
S24EvMon.exe       11,768 K   1,848 K   1444   Intel® Wireless Management Service   Intel® Corporation
RegSrvc.exe       936 K   368 K   2300   Intel® PROSet/Wireless Registry Service   Intel® Corporation
psia.exe       6,980 K   3,664 K   2400   Secunia PSI Agent   Secunia
PresentationFontCache.exe       11,792 K   812 K   4388   PresentationFontCache.exe   Microsoft Corporation
ns117.tmp       308 K   1,156 K   5752
MsMpEng.exe       42,440 K   25,300 K   1108   Service Executable   Microsoft Corporation
MBAMService.exe       44,592 K   9,800 K   1844   Malwarebytes Service   Malwarebytes
Main.exe       151,392 K   13,312 K   2692   BoostSpeed   Auslogics
lsass.exe       2,404 K   1,004 K   684   LSA Shell (Export Version)   Microsoft Corporation
iFrmewrk.exe       15,844 K   20,224 K   504   Intel® PROSet/Wireless Framework   Intel® Corporation
GoogleCrashHandler.exe       1,856 K   204 K   2140   Google Crash Handler   Google Inc.
EvtEng.exe       14,352 K   2,304 K   996   Intel® PROSet/Wireless Event Log Service   Intel® Corporation
ctfmon.exe       920 K   352 K   2708   CTF Loader   Microsoft Corporation
csrss.exe       2,280 K   3,260 K   436   Client Server Runtime Process   Microsoft Corporation
CCleaner.exe       9,428 K   904 K   5676   CCleaner   Piriform Ltd
AvastUI.exe       89,024 K   14,056 K   3652   Avast Antivirus   AVAST Software
AvastSvc.exe       171,716 K   50,308 K   1668   Avast Service   AVAST Software
aswidsagent.exe       21,972 K   12,560 K   4448   Avast Behavior Shield   AVAST Software
alg.exe       1,196 K   480 K   2764   Application Layer Gateway Service   Microsoft Corporation

Process: System Idle Process Pid: 0

Name   Description   Company Name   Path

Image Name                   PID Services
========================= ====== =============================================
System Idle Process            0 N/A
System                         4 N/A
smss.exe                    1920 N/A
csrss.exe                    436 N/A
winlogon.exe                 628 N/A
services.exe                 672 Eventlog, PlugPlay
lsass.exe                    684 ProtectedStorage, SamSs
svchost.exe                  972 DcomLaunch
svchost.exe                 1068 RpcSs
MsMpEng.exe                 1108 WinDefend
svchost.exe                 1160 WudfSvc
svchost.exe                 1380 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
                                 EventSystem, lanmanserver,
                                 lanmanworkstation, Netman, Nla, RasMan,
                                 Schedule, SENS, SharedAccess,
                                 ShellHWDetection, srservice, TapiSrv,
                                 w32time, winmgmt, wscsvc, wuauserv, WZCSVC
S24EvMon.exe                1444 S24EventMonitor
svchost.exe                 1544 Dnscache
explorer.exe                1728 N/A
vsmon.exe                   1760 vsmon
AvastSvc.exe                1668 avast! Antivirus
spoolsv.exe                 1932 Spooler
EvtEng.exe                   996 EvtEng
svchost.exe                 1360 HTTPFilter
MBAMService.exe             1844 MBAMService
GoogleCrashHandler.exe      2140 N/A
RegSrvc.exe                 2300 RegSrvc
psia.exe                    2400 Secunia PSI Agent
unsecapp.exe                2424 N/A
Main.exe                    2692 N/A
wmiprvse.exe                2796 N/A
sua.exe                     3076 Secunia Update Agent
sqlwriter.exe               3528 SQLWriter
svchost.exe                 3720 SSDPSRV, upnphost
svchost.exe                 3732 stisvc
UAService7.exe              4012 UserAccess7
ZAPrivacyService.exe        4068 ZAPrivacyService
alg.exe                     2764 ALG
iFrmewrk.exe                 504 N/A
zatray.exe                  2112 N/A
ctfmon.exe                  2708 N/A
wmpnscfg.exe                3192 N/A
AvastUI.exe                 3652 N/A
unsecapp.exe                3328 N/A
wuauclt.exe                 5328 N/A
aswidsagent.exe             4448 aswbIDSAgent
PresentationFontCache.exe   4388 FontCache3.0.0.0
CCleaner.exe                5676 N/A
firefox.exe                 2760 N/A
notepad.exe                 3420 N/A
msiexec.exe                 5080 MSIServer
cmd.exe                     4500 N/A
tasklist.exe                2832 N/A
wmiprvse.exe                 800 N/A

All for now then waiting for your advice.

Philip

#66
RKinner

Posted 10 March 2018 - 01:39 PM

Malware Expert

Expert
24,625 posts

Sounds like AdwCleaner doesn't work on XP so just skip it and Junkware if it gives a problem too. If FRST won't run then get OTL:

Download OTL from
http://www.geekstogo...timers-list-it/

and Save it to your desktop.

Run OTL
select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

From Process Explorer we see:

svchost.exe 48.44 140,720 K 15,144 K 1380 Generic Host Process for Win32 Services Microsoft Corporation
System Idle Process 36.72 0 K 28 K 0

So svchost.exe (PID 1380) is using too much CPU time. We want System Idle Process to be the top process and it should have about 90%. The junk file tells us that the svchost.exe with PID 1380 is:

svchost.exe                 1380 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
                                 EventSystem, lanmanserver,
                                 lanmanworkstation, Netman, Nla, RasMan,
                                 Schedule, SENS, SharedAccess,
                                 ShellHWDetection, srservice, TapiSrv,
                                 w32time, winmgmt, wscsvc, wuauserv, WZCSVC

Usually the problem child in the above bunch of services is wuauserv which is the short form for Windows Update which I think was called Automatic Updates back in XP days. If you type:

services.msc

in the Run or Search box it should bring up the services window. Find Automatic Updates, right click and select Properties and change the Startup Type: to Disabled. Apply. Stop the service. Once it stops (if it won't stop, reboot) and then rerun Process Explorer again. No need for the junk file if svchost.exe is not at the top now.

#67
PhilipW97

Posted 10 March 2018 - 03:08 PM

Member

Topic Starter
Member
147 posts

OK, all ran well and the logs follow:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86
Ran by Philip (Administrator) on 10/03/2018 at 21:24:54.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 10

Successfully deleted: C:\Documents and Settings\All Users\uniblue (Folder)
Successfully deleted: C:\Documents and Settings\Philip\Application Data\drivercure (Folder)
Successfully deleted: C:\Documents and Settings\Philip\Application Data\yourfiledownloader (Folder)
Successfully deleted: C:\Documents and Settings\Philip\Local Settings\Application Data\slimware utilities inc (Folder)
Successfully deleted: C:\WINDOWS\System32\drivers\swdumon.sys (File)
Successfully deleted: C:\WINDOWS\Tasks\Auslogics Driver Updater Scan.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\Auslogics Driver Updater Start Driver Updater ?n Philip logon.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Program Files\conduit (Folder)

Registry: 6

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6BC07B3F-B55D-4BE8-B670-DBE820058251} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7a085852-6757-4e38-8874-40baece5c3ae} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{7a085852-6757-4e38-8874-40baece5c3ae} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/03/2018 at 21:28:31.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27.01.2018
Ran by Philip (administrator) on ENILLION (10-03-2018 21:36:28)
Running from C:\Documents and Settings\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Philip & Biggles & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2012-04-24] (Intel® Corporation)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-07-28] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-07] (AVAST Software)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2009-01-30] (Microsoft Corporation)
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [8003664 2018-02-07] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{4E6EE061-C7E0-45E8-A1C8-4121A2A500B7}: [DhcpNameServer] 192.168.8.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {7a085852-6757-4e38-8874-40baece5c3ae} URL =
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {31D37273-C478-446F-B06A-59B0A6C73E72} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-03-07] (AVAST Software)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2017-11-21] (Belarc, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Sunbird\Profiles\oy1oewzm.default [2008-09-01]
FF Extension: (No Name) - C:\Program Files\Mozilla Sunbird\extensions\[email protected] [not found]
FF Extension: (No Name) - C:\Program Files\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2008-10-24] [not signed]
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\9i09j1qm.default-1511723098949 [2018-03-10]
FF Extension: (Avast SafePrice) - C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\9i09j1qm.default-1511723098949\Extensions\[email protected] [2018-03-08]
FF Extension: (Avast Online Security) - C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\9i09j1qm.default-1511723098949\Extensions\[email protected] [2018-03-07]
FF Extension: (Fasterfox) - C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\9i09j1qm.default-1511723098949\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2018-02-05] [Legacy]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-14] [Legacy] [not signed]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2006-03-22] (Zylom)
FF Plugin HKU\S-1-5-21-1184402194-1185109317-1466214600-1005: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fooihgffjknjfdidhkpgeibbipkjlhpn] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888 2018-03-07] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-07] (AVAST Software)
S2 gupdate1c996655bba3304; C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2016-08-04] (Google Inc.)
S4 HidServ; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
S2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [919824 2012-04-24] (Intel® Corporation)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S2 UserAccess7; C:\WINDOWS\system32\UAService7.exe [126976 2008-12-15] () [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-07-28] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114424 2016-06-30] (Check Point Software Technologies, Ltd.) [File not signed]
S4 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 ARCSOFTVIRTUALCAPTURE; C:\WINDOWS\System32\DRIVERS\ArcSoftVirtualCapture.sys [15104 2006-12-07] (ArcSoft, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167040 2018-03-07] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [185432 2018-03-07] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157368 2018-03-07] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276688 2018-03-07] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50336 2018-03-07] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [169536 2018-03-07] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-03-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124392 2018-03-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70576 2018-03-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70816 2018-03-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783608 2018-03-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [391856 2018-03-07] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205344 2018-03-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-03-07] (AVAST Software)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2017-11-21] () [File not signed]
R0 bdisk; C:\WINDOWS\System32\drivers\bdisk.sys [69216 2010-01-07] ()
R0 CBUfs; C:\WINDOWS\System32\DRIVERS\CBUFS.sys [120960 2010-01-07] (COMODO Security Solutions Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2014-12-25] (Windows ® Win 7 DDK provider)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209536 2009-07-29] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2009-07-29] (Conexant Systems, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-01-18] (Lavasoft AB)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [221112 2018-01-28] (Malwarebytes)
S3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [79880 2009-03-25] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [35272 2009-03-25] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [214024 2009-03-25] (McAfee, Inc.)
S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34216 2009-03-25] (McAfee, Inc.)
S3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-03-25] (McAfee, Inc.)
S3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [33816 2016-08-01] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1711104 2006-10-17] (Intel® Corporation)
S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-08] (Intel Corporation)
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
S3 PCDSRVC{AEEF1793-83875E70-06020200}_0; c:\program files\dell\supportassist\pcdsrvc.pkms [22640 2016-08-01] (PC-Doctor, Inc.)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
S3 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
S3 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47104 2005-11-21] (TOSHIBA Corporation) [File not signed]
S3 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-01-20] (TOSHIBA CORPORATION) [File not signed]
S3 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [36480 2005-09-15] (TOSHIBA Corporation) [File not signed]
S1 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-01-11] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-05] (TOSHIBA Corporation.) [File not signed]
S3 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [50048 2005-04-05] (TOSHIBA Corporation) [File not signed]
S3 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [39936 2006-02-09] (TOSHIBA CORPORATION) [File not signed]
R3 ubohci; C:\WINDOWS\System32\DRIVERS\ubohci.sys [116736 2012-10-05] (Unibrain)
R2 ubsbm; C:\WINDOWS\System32\DRIVERS\ubsbm.sys [17408 2016-12-24] (Unibrain)
R2 ubumapi; C:\WINDOWS\System32\DRIVERS\ubumapi.sys [46592 2016-12-24] (Unibrain)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [540368 2016-07-28] (Check Point Software Technologies Ltd.)
S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1429632 2006-04-27] (Intel® Corporation)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
S0 degkgkf; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 UIUSys; no ImagePath
S3 wanatw; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-10 21:36 - 2018-03-10 21:37 - 000020196 _____ C:\Documents and Settings\Philip\Desktop\FRST.txt
2018-03-10 21:28 - 2018-03-10 21:28 - 000002105 _____ C:\Documents and Settings\Philip\Desktop\JRT.txt
2018-03-10 20:53 - 2018-03-10 20:53 - 000085752 _____ C:\Documents and Settings\Philip\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2018-03-10 20:52 - 2018-03-10 20:52 - 000326704 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-10 20:22 - 2018-03-10 20:22 - 000396616 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2018-03-10 19:52 - 2018-03-10 19:52 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Philip\Desktop\JRT.exe
2018-03-10 19:41 - 2018-03-10 19:41 - 008222496 _____ (Malwarebytes) C:\Documents and Settings\Philip\Desktop\AdwCleaner.exe
2018-03-10 19:32 - 2018-03-10 19:34 - 000194863 _____ C:\Documents and Settings\Philip\Desktop\ENILLION.txt
2018-03-10 19:26 - 2018-03-10 19:26 - 000000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2018-03-10 19:26 - 2018-03-10 19:26 - 000000000 ___DC C:\Program Files\Speccy
2018-03-10 19:26 - 2018-03-10 19:26 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2018-03-10 19:24 - 2018-03-10 19:24 - 006299336 _____ (Piriform Ltd) C:\Documents and Settings\Philip\Desktop\spsetup131.exe
2018-03-10 19:15 - 2018-03-10 19:15 - 000004562 _____ C:\junk.txt
2018-03-10 19:10 - 2018-03-10 20:52 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2018-03-10 19:06 - 2018-03-10 19:06 - 000004052 _____ C:\Documents and Settings\Philip\Desktop\System Idle Process.txt
2018-03-10 18:47 - 2018-03-10 18:47 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Philip\Desktop\procexp.exe
2018-03-08 09:31 - 2018-03-08 21:12 - 000910745 _____ C:\Documents and Settings\Philip\Desktop\MM061A17.exe
2018-03-07 12:49 - 2018-03-07 12:49 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2018-03-07 12:49 - 2018-03-07 12:49 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2018-03-07 12:47 - 2018-03-10 20:55 - 000000358 ___HC C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-03-07 12:46 - 2018-03-07 12:45 - 000391856 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000310784 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000205344 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000167040 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000124392 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000070816 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000070576 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000042808 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000783608 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000276688 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000185432 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000169536 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000157368 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000050336 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2018-03-07 12:45 - 2018-03-07 12:45 - 000319392 ____C (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-04 19:26 - 2018-03-04 19:26 - 000359286 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1184402194-1185109317-1466214600-1005-0.dat
2018-03-04 19:25 - 2018-03-04 19:25 - 000359286 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2018-03-04 15:05 - 2018-03-04 15:05 - 000000865 _____ C:\Documents and Settings\Philip\Desktop\Auslogics Driver Updater.lnk
2018-02-08 20:35 - 2018-02-08 20:35 - 000001875 _____ C:\Documents and Settings\All Users\Desktop\Google Earth Pro.lnk
2018-02-08 20:35 - 2018-02-08 20:35 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth Pro

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-10 21:37 - 2006-07-21 23:50 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Temp
2018-03-10 21:36 - 2018-02-04 23:00 - 000000000 ____D C:\FRST
2018-03-10 21:26 - 2004-08-11 17:06 - 000000000 ____D C:\Documents and Settings\All Users
2018-03-10 21:25 - 2016-12-28 21:37 - 000000378 ____C C:\WINDOWS\Tasks\Auslogics BoostSpeed Start BoostSpeed оn Philip logon.job
2018-03-10 21:12 - 2009-06-30 20:57 - 000000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-03-10 20:55 - 2017-12-01 08:45 - 000000330 ___HC C:\WINDOWS\Tasks\CCleaner Update.job
2018-03-10 20:55 - 2012-08-23 11:16 - 000000616 ___HC C:\WINDOWS\Tasks\ConfigExec.job
2018-03-10 20:55 - 2007-04-10 18:36 - 000000330 ___HC C:\WINDOWS\Tasks\MP Scheduled Scan.job
2018-03-10 20:54 - 2004-08-11 17:00 - 000000765 ____C C:\WINDOWS\win.ini
2018-03-10 20:52 - 2013-01-27 17:01 - 000032636 ____C C:\WINDOWS\SchedLgU.Txt
2018-03-10 20:52 - 2011-09-26 21:46 - 000000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-03-10 20:52 - 2004-08-11 17:20 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2018-03-10 20:52 - 2004-08-11 17:00 - 000002206 ____C C:\WINDOWS\system32\wpa.dbl
2018-03-10 20:21 - 2006-07-21 23:50 - 000000278 ___SH C:\Documents and Settings\Philip\ntuser.ini
2018-03-10 20:21 - 2006-07-21 23:50 - 000000000 ____D C:\Documents and Settings\Philip
2018-03-10 19:14 - 2014-03-01 09:48 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\Skype
2018-03-10 19:13 - 2007-06-04 21:16 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2018-03-10 19:06 - 2016-08-04 21:02 - 000000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2018-03-10 00:46 - 2016-12-29 19:23 - 000000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2018-03-08 23:29 - 2004-08-11 17:02 - 000000000 ___DC C:\WINDOWS\security
2018-03-08 22:42 - 2006-06-29 14:16 - 000000000 ___DC C:\Program Files\Common Files\Java
2018-03-08 21:10 - 2010-11-20 19:25 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\PCDr
2018-03-08 20:25 - 2006-07-22 21:54 - 000000000 __SHD C:\WINDOWS\CSC
2018-03-08 09:33 - 2011-02-20 19:34 - 000001324 ____C C:\WINDOWS\system32\d3d9caps.dat
2018-03-08 00:27 - 2004-08-11 17:20 - 000000178 __SHC C:\Documents and Settings\LocalService\ntuser.ini
2018-03-08 00:27 - 2004-08-11 17:20 - 000000000 __SHD C:\Documents and Settings\LocalService
2018-03-07 12:48 - 2004-08-11 17:02 - 000000000 __HDC C:\WINDOWS\inf
2018-03-04 19:23 - 2009-02-05 09:15 - 000000000 ___DC C:\WINDOWS\pss
2018-03-04 19:23 - 2004-08-11 17:00 - 000000227 ____C C:\WINDOWS\system.ini
2018-03-04 19:23 - 2004-08-11 17:00 - 000000211 ___SH C:\boot.ini
2018-03-04 15:05 - 2013-11-01 14:29 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2018-03-04 14:47 - 2009-12-19 16:19 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\Deployment
2018-03-04 14:45 - 2016-12-28 21:16 - 000000000 ___DC C:\Program Files\LockHunter
2018-03-04 14:45 - 2016-12-28 21:16 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\LockHunter
2018-02-08 20:35 - 2006-06-29 14:34 - 000000000 ___DC C:\Program Files\Google

==================== Files in the root of some directories =======

2006-07-22 04:46 - 2000-03-14 00:00 - 000249856 ____C (Microsoft Corporation) C:\Program Files\SETUP1.EXE
2008-10-27 19:20 - 2008-10-27 19:20 - 000002528 ____C () C:\Documents and Settings\Philip\Application Data\$_hpcst$.hpc
2008-11-25 16:42 - 2009-01-28 20:48 - 000000082 ____C () C:\Documents and Settings\Philip\Application Data\AVSDVDPlayer.m3u
2010-12-08 16:18 - 2015-02-22 15:21 - 000028790 _____ () C:\Documents and Settings\Philip\Application Data\Comma Separated Values (Windows).ADR
2006-07-25 18:38 - 2010-03-30 18:45 - 000014848 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-24 20:30 - 2006-07-24 20:30 - 000000129 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\fusioncache.dat
2007-11-29 09:18 - 2007-11-29 09:18 - 000000032 ____C () C:\Documents and Settings\All Users\Application Data\ezsid.dat
2009-05-24 17:19 - 2017-01-02 21:56 - 000004136 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-07-12 20:16 - 2012-08-28 20:32 - 000000193 ____C () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2006-11-14 16:52 - 2009-04-20 17:07 - 000000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2006-06-29 14:21 - 2006-06-29 14:21 - 000000004 ___HC () C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27.01.2018
Ran by Philip (10-03-2018 21:39:00)
Running from C:\Documents and Settings\Philip\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-07-21 22:50:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1184402194-1185109317-1466214600-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Biggles (S-1-5-21-1184402194-1185109317-1466214600-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Biggles
Guest (S-1-5-21-1184402194-1185109317-1466214600-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1184402194-1185109317-1466214600-1004 - Limited - Disabled)
Philip (S-1-5-21-1184402194-1185109317-1466214600-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Philip
SUPPORT_388945a0 (S-1-5-21-1184402194-1185109317-1466214600-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{47ECCB1F-2811-49C0-B6A7-26778639ABA0}) (Version: 3.1.1 - Hewlett-Packard) Hidden
Auslogics BoostSpeed 10 (HKLM\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 10.0.2.0 - Auslogics Labs Pty Ltd)
Auslogics Driver Updater (HKLM\...\{23BB1B18-3537-48F7-BEF7-42BC65DBF993}_is1) (Version: 1.11.0.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Belarc Advisor 8.6 (HKLM\...\Belarc Advisor) (Version: 8.6.0.0 - Belarc Inc.)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
C4580 (HKLM\...\{403E07CF-040C-4653-85C6-1053B992CA53}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: 7.63.00.50 - Conexant)
Copy (HKLM\...\{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.133 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Destination Component (HKLM\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DownloadX ActiveX Download Control 1.6.8 (HKLM\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version: - Genesis Mobile)
File Shredder 2.0 (HKLM\...\File Shredder_is1) (Version: - WipeSoft)
GNU Backgammon (MAIN branch, 20081113 code) (HKLM\...\GNU Backgammon_is1) (Version: - Free Software Foundation)
Google Earth Pro (HKLM\...\{DE706580-82C7-4B1A-ABA4-EA48AC15B045}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
InstaCodecs (HKLM\...\InstaCodecs_is1) (Version: 1.0 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{954B463D-FC19-4855-B9FA-92A136AE7BB7}) (Version: 15.03.0000 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MCU (HKLM\...\{D2988E9B-C73F-422C-AD4B-A66EBE257120}) (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Web Apps Browser Plugin (HKLM\...\{95140000-1148-0409-0000-0000000FF1CE}) (Version: 14.0.5568.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.6.0 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.6.0 ESR (x86 en-GB)) (Version: 52.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.6.0.6592 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.23 - BVRP Software, Inc)
Network (HKLM\...\{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Oxford Spanish Dictionary (HKLM\...\Oxford Spanish Dictionary) (Version: - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.208.0 - Tracker Software Products Ltd)
PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.199.0 - Tracker Software Products Ltd)
PDF-XChange Viewer (HKLM\...\{D652ACB5-5443-43FA-B25C-259AFF394D8D}) (Version: 2.0.44.0 - Tracker Software Products Ltd.)
PS_AIO_04_C4580_Software_Min (HKLM\...\{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Recuva (remove only) (HKLM\...\Recuva) (Version: - )
Scan (HKLM\...\{9CCCFD9C-248F-47FE-9496-1680E3E5C163}) (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Search Assist (HKLM\...\{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}) (Version: 1.00.0000 - Dell)
Secunia PSI (2.0.0.4003) (HKLM\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SmartWebPrinting (HKLM\...\{800E784D-53E3-4948-B491-9E7FA5EACBDC}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Sonic Audio module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.98 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sound Blaster ADVANCED MB Drivers (HKLM\...\SAMB_ADVMB_FILTER_DRV) (Version: - )
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Status (HKLM\...\{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Toolbox (HKLM\...\{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{4D304678-738E-42a0-931A-2B022F49DEB8}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Webcam 1200 (HKLM\...\{66D475AE-F18B-43A0-8BAF-61AF4403E339}) (Version: 1.0.0.0 - Logitech)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.14 - Microsoft Corporation)
Windows Driver Package - Conexant (winachsf) Modem (03/22/2007 7.63.00.50) (HKLM\...\BC9093B69A2F23E789D7F05A3770E314C8D0F44E) (Version: 03/22/2007 7.63.00.50 - Conexant)
Windows Driver Package - Dell Inc (omci) system (05/26/2009 7.7.0.830) (HKLM\...\B2A4CCA33ED18F8364EBC488FB0B7A4B87B9F00D) (Version: 05/26/2009 7.7.0.830 - Dell Inc)
Windows Driver Package - Intel hdc (07/25/2013 9.1.9.1005) (HKLM\...\0FC89EF25B8E7EB4E6DEC68AAB6FC08D970018E8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System (07/09/2013 9.1.9.1004) (HKLM\...\737C68EDD1AFCD5D42AE3A1B12CD1455500F0EA2) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System (07/25/2013 9.1.9.1005) (HKLM\...\FFD5BD6AF8B693FED8D50E12A23F30056D22A864) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB (07/09/2013 9.1.9.1004) (HKLM\...\7FE3091A683E1D79B336ED7A5D69467CDFFB7A5E) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device (12/22/2017 6.2.84.276) (HKLM\...\5904AD65D5DEFFD8294BF5DB998020688E567249) (Version: 12/22/2017 6.2.84.276 - IVT Corporation)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Driver Package - Ricoh Company (risdptsk) hdc (09/02/2008 6.03.02.22) (HKLM\...\37F6DB1FE70CA0A966E15DBD0B314B56D7A92A5B) (Version: 09/02/2008 6.03.02.22 - Ricoh Company)
Windows Driver Package - Ricoh Company MMC Host Controller (03/07/2011 6.00.03.05) (HKLM\...\07A14B7D240AEA7F81B3C2FE99BFE33F46642538) (Version: 03/07/2011 6.00.03.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (03/07/2011 6.00.01.11) (HKLM\...\0BFE5FCDE57FA0AF01CA8E6EA54F614A15083EBF) (Version: 03/07/2011 6.00.01.11 - Ricoh Company)
Windows Driver Package - Ricoh Company xD Host Controller (03/07/2011 6.00.01.13) (HKLM\...\7624569EEDBF62171F717E0F02EAF2547B81FFAF) (Version: 03/07/2011 6.00.01.13 - Ricoh Company)
Windows Driver Package - SigmaTel MEDIA (02/15/2008 6.10.0.5866) (HKLM\...\0C327E80B04D91ACEF343253C80A5CAEDF25AF73) (Version: 02/15/2008 6.10.0.5866 - SigmaTel)
Windows Driver Package - Unibrain (ubohci) UB1394 (10/05/2012 6.0) (HKLM\...\E2CB89A0476213170E58E955F4C2024F6879C877) (Version: 10/05/2012 6.0 - Unibrain)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version: - Microsoft Corporation) Hidden
ZoneAlarm Firewall (HKLM\...\{B025F14A-25E6-46CA-9308-1B1D3393CAC8}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 14.3.119.000 - Check Point)
ZoneAlarm Security (HKLM\...\{8A7820F0-5261-42FC-9790-4D932E7BC5B1}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{2D611968-B0FB-4B81-8AFA-D7486879D141}\InprocServer32 -> Rnvrcs.dll => No File
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{736AF091-C361-49B4-A928-87C586130D33}\InprocServer32 -> C:\Program Files\File Shredder\fsshell.dll ()
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {4653F04E-9468-D082-1860-22B785889A47} => No File
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {462A5438-9468-D082-6EC4-5BB785889A47} => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers1: [Auslogics BoostSpeed Shell Context Menu 9.x] -> {CC89327D-D094-8297-82CB-F989EE26FC51} => C:\Program Files\Auslogics\BoostSpeed\ShellExtension.ContextMenu.x32.dll [2018-01-10] (Auslogics)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt32.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt32.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt32.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2007-03-30] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3_S-1-5-21-1184402194-1185109317-1466214600-1005: [{736AF091-C361-49B4-A928-87C586130D33}] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2007-03-01] ()

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Auslogics BoostSpeed Scan and Repair.job => rundll32 exe TaskSchedulerHelper dll RunTask Main exe
Task: C:\WINDOWS\Tasks\Auslogics BoostSpeed Start BoostSpeed оn Philip logon.job => C:\Program Files\Auslogics\BoostSpeed\Main.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\ConfigExec.job => rundll32.exe C:\Program Files\Microsoft Fix it Center\MatsApi.dll
Task: C:\WINDOWS\Tasks\DataUpload.job => rundll32.exe C:\Program Files\Microsoft Fix it Center\MatsApi.dll
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\Philip\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2018-03-07 12:45 - 2018-03-07 12:45 - 000287960 ____C () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000280280 ____C () C:\Program Files\avast software\avast\tasks_core.dll
2018-03-10 18:46 - 2018-03-10 18:46 - 005833872 ____C () C:\Program Files\AVAST Software\Avast\defs\18031000\algo.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000756952 ____C () C:\Program Files\avast software\avast\ffl2.dll
2018-03-07 12:44 - 2018-03-07 12:44 - 000172760 ____C () C:\Program Files\avast software\avast\hns_tools.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000964824 ____C () C:\Program Files\avast software\avast\shepherdsync.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000475352 ____C () C:\Program Files\avast software\avast\gui_cache.dll
2017-11-27 15:03 - 2018-01-14 20:51 - 001934792 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 048936448 ____C () C:\Program Files\avast software\avast\libcef.dll
2004-08-11 17:00 - 2013-01-02 07:49 - 001292288 ____C () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\btinstall.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rixdicon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\WINDOWS\system32\snymsico.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\omci.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rimmptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rimsptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\risdptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rixdptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UB1394.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UBSBM.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UBUMAPI.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbehci.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdf01000.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdfldr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\kbdiultn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\kbdpash.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\logui.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc40u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfcsubs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mssip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\msvcrt40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ndiswan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\nwapi16.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\nwapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\nwc.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ocmanage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\odtext32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\riched20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\s3legacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\usbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [119]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 [104]
AlternateDataStreams: C:\Documents and Settings\Philip\Desktop\MM061A17.exe:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\Philip\Desktop\MM061A17.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com

There are 5486 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

IE trusted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\internet -> internet
IE trusted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\mcafee.com -> hxxps://mcafee.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\1-2005-search.com -> www.1-2005-search.com

There are 10344 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 17:00 - 2009-05-23 18:11 - 000307032 ___RC C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1   007guard.com
127.0.0.1   www.007guard.com
127.0.0.1   008i.com
127.0.0.1   008k.com
127.0.0.1   www.008k.com
127.0.0.1   00hq.com
127.0.0.1   www.00hq.com
127.0.0.1   010402.com
127.0.0.1   032439.com
127.0.0.1   www.032439.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   100sexlinks.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com
127.0.0.1   123topsearch.com
127.0.0.1   www.123topsearch.com
127.0.0.1   132.com
127.0.0.1   www.132.com
127.0.0.1   136136.net
127.0.0.1   www.136136.net
127.0.0.1   163ns.com
127.0.0.1   www.163ns.com
127.0.0.1   171203.com
127.0.0.1   17-plus.com
127.0.0.1   1800searchonline.com
127.0.0.1   www.1800searchonline.com
127.0.0.1   180searchassistant.com

There are 10562 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.8.1
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\WINDOWS\pss\Secunia PSI Tray.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Philip^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupreg: Advanced SystemCare 6 =>
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: SigmatelSysTrayApp =>
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\msiexec.exe] => Generic Host Process
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\svchost.exe] => Generic Host Process
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
DomainProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
DomainProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
DomainProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
DomainProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
StandardProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
StandardProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
StandardProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017

==================== Restore Points =========================

07-03-2018 12:48:40 Installed Windows XP Wdf01009.
08-03-2018 22:40:41 Removed Java 7 Update 71
10-03-2018 19:10:13 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
10-03-2018 21:25:10 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: SigmaTel High Definition Audio CODEC
Description: SigmaTel High Definition Audio CODEC
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: SigmaTel
Service: STHDA
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Dell Wireless 350 Bluetooth Internal Card
Description: Dell Wireless 350 Bluetooth Internal Card
Class Guid: {E0CBF06C-CD8B-4647-BB8A-263B43F0F974}
Manufacturer: Toshiba
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2018 08:55:18 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0xC004F00E
.

Error: (03/10/2018 08:55:18 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EE7

Error: (03/10/2018 07:14:26 PM) (Source: MsiInstaller) (EventID: 11303) (User: ENILLION)
Description: Product: Skype™ 7.36 -- Error 1303. The installer has insufficient privileges to access this directory: C:\Program Files\Skype. The installation cannot continue. Log on as administrator or contact your system administrator.

System errors:
=============
Error: (03/10/2018 09:25:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SecuROM User Access Service (V7) service terminated unexpectedly. It has done this 1 time(s).

Error: (03/10/2018 09:25:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

Error: (03/10/2018 09:25:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).

Error: (03/10/2018 09:25:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).

Error: (03/10/2018 09:25:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/10/2018 09:25:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

Error: (03/10/2018 09:25:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/10/2018 09:09:02 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.102 for the Network Card with network address 0013028835CC has been
denied by the DHCP server 192.168.8.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/10/2018 08:57:48 PM) (Source: WMPNetworkSvc) (EventID: 14319) (User: )
Description: Service 'WMPNetworkSvc' did not start because Group Policy is preventing Windows Media Player from sharing media with other devices.

Error: (03/10/2018 08:56:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswbIDSAgent service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

==================== Memory info ===========================

Processor: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of memory in use: 89%
Total physical RAM: 1014.37 MB
Available physical RAM: 103.22 MB
Total Virtual: 2439.72 MB
Available Virtual: 1420.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:51.39 GB) (Free:26.63 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 54.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=51.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End of Addition.txt ============================

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
System Idle Process   99.22   0 K   28 K   0
Interrupts   0.78   0 K   0 K   n/a   Hardware Interrupts and DPCs
zatray.exe       55,068 K   4,688 K   1156   ZoneAlarm   Check Point Software Technologies Ltd.
ZAPrivacyService.exe       17,508 K   4,084 K   3884   ZAPrivacyService   Check Point Software Technologies, Ltd.
wmiprvse.exe       3,696 K   3,028 K   2964   WMI   Microsoft Corporation
winlogon.exe       6,420 K   1,984 K   920   Windows NT Logon Application   Microsoft Corporation
vsmon.exe       43,736 K   31,408 K   1976   ZoneAlarm   Check Point Software Technologies Ltd.
unsecapp.exe       2,224 K   860 K   2564   WMI   Microsoft Corporation
unsecapp.exe       1,812 K   1,264 K   4636   WMI   Microsoft Corporation
System       0 K   56 K   4
svchost.exe       35,400 K   33,144 K   1768   Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe       1,336 K   1,244 K   1376   Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe       1,940 K   1,636 K   1480   Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe       2,392 K   204 K   1644   Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe       1,340 K   1,232 K   1884   Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe       1,600 K   248 K   1720   Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe       1,044 K   96 K   2208   Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe       1,036 K   96 K   2224   Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe       5,256 K   1,912 K   3332   Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe       2,420 K   152 K   3408   Generic Host Process for Win32 Services   Microsoft Corporation
spoolsv.exe       4,064 K   1,284 K   616   Spooler SubSystem App   Microsoft Corporation
smss.exe       188 K   68 K   1984   Windows NT Session Manager   Microsoft Corporation
services.exe       3,072 K   1,848 K   1068   Services and Controller app   Microsoft Corporation
procexp.exe       14,396 K   21,396 K   4600   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com
MsMpEng.exe       42,372 K   23,324 K   1520   Service Executable   Microsoft Corporation
MBAMService.exe       44,460 K   9,580 K   1696   Malwarebytes Service   Malwarebytes
lsass.exe       2,420 K   960 K   1084   LSA Shell (Export Version)   Microsoft Corporation
explorer.exe       24,144 K   20,232 K   3816   Windows Explorer   Microsoft Corporation
ctfmon.exe       920 K   528 K   736   CTF Loader   Microsoft Corporation
csrss.exe       1,824 K   3,000 K   668   Client Server Runtime Process   Microsoft Corporation
CCleaner.exe       17,128 K   13,988 K   4392   CCleaner   Piriform Ltd
AvastUI.exe       85,772 K   16,608 K   4728   Avast Antivirus   AVAST Software
AvastSvc.exe       96,468 K   40,952 K   1704   Avast Service   AVAST Software
alg.exe       1,088 K   152 K   932   Application Layer Gateway Service   Microsoft Corporation

Looks promising to me.

#68
RKinner

Posted 10 March 2018 - 10:24 PM

Malware Expert

Expert
24,625 posts

Big improvement. I would just leave Automatic Updates turned off since there are no new updates and you aren't going on the Internet with this PC.

Waiting on the Speccy log.

Go into msconfig and check everything under Startup and Services and reboot.

I would uninstall Zone Alarm since you won't be on line.

Also uninstall:

Microsoft Automated Troubleshooting Services Shim

Microsoft Fix it Center

Search Assist
Secunia PSI

Skype

We can also run a Fixlist to cleanup some deadwood which may shorten the start up time but let's see if how a FRST scan looks after the uninstalls.

#69
PhilipW97

Posted 11 March 2018 - 03:32 AM

Member

Topic Starter
Member
147 posts

Good morning Ron,

Your comment about not receiving the speccy log caused me to review the recent exchanges as I remember attaching it to a message. However, it isn't there so something went wrong. Probably me as I had a busy week which was a bit stressful and that can stimulate the odd Parkinson's event. I also missed your comment about msvcr100_clr0400.dll I thought it was something corrupted from the missing msvcr100.dll Sorry about that, so yes please do upload yours. speccy report attached to this mesage.

I will send now and get on with today's tasks and report those in a new message.

Philip

Attached Files

ENILLION.txt 190.3KB 182 downloads

#70
PhilipW97

Posted 11 March 2018 - 05:12 AM

Member

Topic Starter
Member
147 posts

OK, all items under startup and sevices checked in msconfig. Your recommended uninstalls completed except for Skype, which I can't find at the moment.

Frst logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10.03.2018
Ran by Philip (administrator) on ENILLION (11-03-2018 11:38:40)
Running from C:\Documents and Settings\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Philip & Biggles & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Auslogics) C:\Program Files\Auslogics\BoostSpeed\Main.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
() C:\WINDOWS\system32\UAService7.exe
(AVAST Software) C:\Program Files\avast software\avast\aswidsagent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastUI.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2012-04-24] (Intel® Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-07] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [138008 2007-03-30] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [162584 2007-03-30] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2009-01-30] (Microsoft Corporation)
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [8003664 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2017-01-03]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Philip\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-19]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Philip\Application Data\Dropbox\bin\Dropbox.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4E6EE061-C7E0-45E8-A1C8-4121A2A500B7}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {7a085852-6757-4e38-8874-40baece5c3ae} URL =
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {31D37273-C478-446F-B06A-59B0A6C73E72} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-03-07] (AVAST Software)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2017-11-21] (Belarc, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Sunbird\Profiles\oy1oewzm.default [2008-09-01]
FF Extension: (No Name) - C:\Program Files\Mozilla Sunbird\extensions\[email protected] [not found]
FF Extension: (No Name) - C:\Program Files\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2008-10-24] [not signed]
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\v7901p9q.default-1520719110078 [2018-03-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-14] [Legacy] [not signed]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2006-03-22] (Zylom)
FF Plugin HKU\S-1-5-21-1184402194-1185109317-1466214600-1005: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fooihgffjknjfdidhkpgeibbipkjlhpn] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888 2018-03-07] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-07] (AVAST Software)
S2 gupdate1c996655bba3304; C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2016-08-04] (Google Inc.)
S4 HidServ; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [919824 2012-04-24] (Intel® Corporation)
R2 UserAccess7; C:\WINDOWS\system32\UAService7.exe [126976 2008-12-15] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S4 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 ARCSOFTVIRTUALCAPTURE; C:\WINDOWS\System32\DRIVERS\ArcSoftVirtualCapture.sys [15104 2006-12-07] (ArcSoft, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167040 2018-03-07] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [185432 2018-03-07] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157368 2018-03-07] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276688 2018-03-07] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50336 2018-03-07] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [169536 2018-03-07] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-03-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124392 2018-03-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70576 2018-03-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70816 2018-03-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783608 2018-03-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [391856 2018-03-07] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205344 2018-03-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-03-07] (AVAST Software)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2017-11-21] () [File not signed]
R0 bdisk; C:\WINDOWS\System32\drivers\bdisk.sys [69216 2010-01-07] ()
R0 CBUfs; C:\WINDOWS\System32\DRIVERS\CBUFS.sys [120960 2010-01-07] (COMODO Security Solutions Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2014-12-25] (Windows ® Win 7 DDK provider)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209536 2009-07-29] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2009-07-29] (Conexant Systems, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-01-18] (Lavasoft AB)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [221112 2018-01-28] (Malwarebytes)
S3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [79880 2009-03-25] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [35272 2009-03-25] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [214024 2009-03-25] (McAfee, Inc.)
S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34216 2009-03-25] (McAfee, Inc.)
S3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-03-25] (McAfee, Inc.)
S3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [33816 2016-08-01] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1711104 2006-10-17] (Intel® Corporation)
S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-08] (Intel Corporation)
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
S3 PCDSRVC{AEEF1793-83875E70-06020200}_0; c:\program files\dell\supportassist\pcdsrvc.pkms [22640 2016-08-01] (PC-Doctor, Inc.)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
S3 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
S3 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47104 2005-11-21] (TOSHIBA Corporation) [File not signed]
S3 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-01-20] (TOSHIBA CORPORATION) [File not signed]
S3 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [36480 2005-09-15] (TOSHIBA Corporation) [File not signed]
S1 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-01-11] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-05] (TOSHIBA Corporation.) [File not signed]
S3 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [50048 2005-04-05] (TOSHIBA Corporation) [File not signed]
S3 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [39936 2006-02-09] (TOSHIBA CORPORATION) [File not signed]
R3 ubohci; C:\WINDOWS\System32\DRIVERS\ubohci.sys [116736 2012-10-05] (Unibrain)
R2 ubsbm; C:\WINDOWS\System32\DRIVERS\ubsbm.sys [17408 2016-12-24] (Unibrain)
R2 ubumapi; C:\WINDOWS\System32\DRIVERS\ubumapi.sys [46592 2016-12-24] (Unibrain)
S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1429632 2006-04-27] (Intel® Corporation)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
S0 degkgkf; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 UIUSys; no ImagePath
S3 wanatw; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-11 11:38 - 2018-03-11 11:38 - 000000000 ____D C:\Documents and Settings\Philip\Desktop\FRST-OlderVersion
2018-03-10 22:14 - 2018-03-10 22:58 - 000000000 ____D C:\Documents and Settings\Philip\My Documents\Old Firefox Data
2018-03-10 21:58 - 2018-03-10 21:58 - 000002821 _____ C:\Documents and Settings\Philip\Desktop\Hardware Interrupts and DPCs.txt
2018-03-10 21:53 - 2018-03-10 21:53 - 000002895 _____ C:\Documents and Settings\Philip\My Documents\Hardware Interrupts and DPCs.txt
2018-03-10 21:39 - 2018-03-10 21:43 - 000047730 _____ C:\Documents and Settings\Philip\Desktop\Addition.txt
2018-03-10 21:36 - 2018-03-11 11:40 - 000020547 _____ C:\Documents and Settings\Philip\Desktop\FRST.txt
2018-03-10 21:28 - 2018-03-10 21:28 - 000002105 _____ C:\Documents and Settings\Philip\Desktop\JRT.txt
2018-03-10 20:53 - 2018-03-10 20:53 - 000085752 _____ C:\Documents and Settings\Philip\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2018-03-10 20:52 - 2018-03-10 20:52 - 000326704 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-10 20:22 - 2018-03-10 20:22 - 000396616 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2018-03-10 19:52 - 2018-03-10 19:52 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Philip\Desktop\JRT.exe
2018-03-10 19:32 - 2018-03-10 19:34 - 000194863 _____ C:\Documents and Settings\Philip\Desktop\ENILLION.txt
2018-03-10 19:26 - 2018-03-10 19:26 - 000000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2018-03-10 19:26 - 2018-03-10 19:26 - 000000000 ___DC C:\Program Files\Speccy
2018-03-10 19:26 - 2018-03-10 19:26 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2018-03-10 19:24 - 2018-03-10 19:24 - 006299336 _____ (Piriform Ltd) C:\Documents and Settings\Philip\Desktop\spsetup131.exe
2018-03-10 19:15 - 2018-03-10 19:15 - 000004562 _____ C:\junk.txt
2018-03-10 19:10 - 2018-03-10 20:52 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2018-03-10 19:06 - 2018-03-10 19:06 - 000004052 _____ C:\Documents and Settings\Philip\Desktop\System Idle Process.txt
2018-03-10 18:47 - 2018-03-10 18:47 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Philip\Desktop\procexp.exe
2018-03-08 09:31 - 2018-03-08 21:12 - 000910745 _____ C:\Documents and Settings\Philip\Desktop\MM061A17.exe
2018-03-07 12:49 - 2018-03-07 12:49 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2018-03-07 12:49 - 2018-03-07 12:49 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2018-03-07 12:47 - 2018-03-11 11:27 - 000000358 ___HC C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-03-07 12:46 - 2018-03-07 12:45 - 000391856 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000310784 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000205344 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000167040 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000124392 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000070816 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000070576 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000042808 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000783608 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000276688 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000185432 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000169536 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000157368 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000050336 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2018-03-07 12:45 - 2018-03-07 12:45 - 000319392 ____C (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-04 19:26 - 2018-03-04 19:26 - 000359286 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1184402194-1185109317-1466214600-1005-0.dat
2018-03-04 19:25 - 2018-03-04 19:25 - 000359286 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2018-03-04 15:05 - 2018-03-04 15:05 - 000000865 _____ C:\Documents and Settings\Philip\Desktop\Auslogics Driver Updater.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-11 11:40 - 2006-07-21 23:50 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Temp
2018-03-11 11:38 - 2018-02-04 23:00 - 000000000 ____D C:\FRST
2018-03-11 11:38 - 2018-02-04 22:45 - 001763328 _____ (Farbar) C:\Documents and Settings\Philip\Desktop\FRST.exe
2018-03-11 11:28 - 2007-04-10 18:36 - 000000330 ___HC C:\WINDOWS\Tasks\MP Scheduled Scan.job
2018-03-11 11:27 - 2017-12-01 08:45 - 000000330 ___HC C:\WINDOWS\Tasks\CCleaner Update.job
2018-03-11 11:25 - 2016-12-28 21:37 - 000000378 ____C C:\WINDOWS\Tasks\Auslogics BoostSpeed Start BoostSpeed оn Philip logon.job
2018-03-11 11:25 - 2011-09-26 21:46 - 000000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-03-11 11:25 - 2004-08-11 17:20 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2018-03-11 11:25 - 2004-08-11 17:00 - 000002206 ____C C:\WINDOWS\system32\wpa.dbl
2018-03-11 11:24 - 2013-01-27 17:01 - 000032636 ____C C:\WINDOWS\SchedLgU.Txt
2018-03-11 11:24 - 2006-07-21 23:50 - 000000278 ___SH C:\Documents and Settings\Philip\ntuser.ini
2018-03-11 11:24 - 2006-07-21 23:50 - 000000000 ____D C:\Documents and Settings\Philip
2018-03-11 11:10 - 2009-06-30 20:57 - 000000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-03-11 10:35 - 2009-02-05 09:15 - 000000000 ___DC C:\WINDOWS\pss
2018-03-11 10:35 - 2004-08-11 17:00 - 000000765 ____C C:\WINDOWS\win.ini
2018-03-11 10:35 - 2004-08-11 17:00 - 000000227 ____C C:\WINDOWS\system.ini
2018-03-11 10:35 - 2004-08-11 17:00 - 000000211 ___SH C:\boot.ini
2018-03-10 23:06 - 2006-07-22 21:54 - 000000000 __SHD C:\WINDOWS\CSC
2018-03-10 21:26 - 2004-08-11 17:06 - 000000000 ____D C:\Documents and Settings\All Users
2018-03-10 19:14 - 2014-03-01 09:48 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\Skype
2018-03-10 19:13 - 2007-06-04 21:16 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2018-03-10 19:06 - 2016-08-04 21:02 - 000000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2018-03-10 00:46 - 2016-12-29 19:23 - 000000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2018-03-08 23:29 - 2004-08-11 17:02 - 000000000 ___DC C:\WINDOWS\security
2018-03-08 22:42 - 2006-06-29 14:16 - 000000000 ___DC C:\Program Files\Common Files\Java
2018-03-08 21:10 - 2010-11-20 19:25 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\PCDr
2018-03-08 09:33 - 2011-02-20 19:34 - 000001324 ____C C:\WINDOWS\system32\d3d9caps.dat
2018-03-08 00:27 - 2004-08-11 17:20 - 000000178 __SHC C:\Documents and Settings\LocalService\ntuser.ini
2018-03-08 00:27 - 2004-08-11 17:20 - 000000000 __SHD C:\Documents and Settings\LocalService
2018-03-07 12:48 - 2004-08-11 17:02 - 000000000 __HDC C:\WINDOWS\inf
2018-03-04 15:05 - 2013-11-01 14:29 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2018-03-04 14:47 - 2009-12-19 16:19 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\Deployment
2018-03-04 14:45 - 2016-12-28 21:16 - 000000000 ___DC C:\Program Files\LockHunter
2018-03-04 14:45 - 2016-12-28 21:16 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\LockHunter

==================== Files in the root of some directories =======

2006-07-22 04:46 - 2000-03-14 00:00 - 000249856 ____C (Microsoft Corporation) C:\Program Files\SETUP1.EXE
2008-10-27 19:20 - 2008-10-27 19:20 - 000002528 ____C () C:\Documents and Settings\Philip\Application Data\$_hpcst$.hpc
2008-11-25 16:42 - 2009-01-28 20:48 - 000000082 ____C () C:\Documents and Settings\Philip\Application Data\AVSDVDPlayer.m3u
2010-12-08 16:18 - 2015-02-22 15:21 - 000028790 _____ () C:\Documents and Settings\Philip\Application Data\Comma Separated Values (Windows).ADR
2006-07-25 18:38 - 2010-03-30 18:45 - 000014848 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-24 20:30 - 2006-07-24 20:30 - 000000129 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\fusioncache.dat
2007-11-29 09:18 - 2007-11-29 09:18 - 000000032 ____C () C:\Documents and Settings\All Users\Application Data\ezsid.dat
2009-05-24 17:19 - 2017-01-02 21:56 - 000004136 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-07-12 20:16 - 2012-08-28 20:32 - 000000193 ____C () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2006-11-14 16:52 - 2009-04-20 17:07 - 000000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2006-06-29 14:21 - 2006-06-29 14:21 - 000000004 ___HC () C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10.03.2018
Ran by Philip (11-03-2018 11:41:33)
Running from C:\Documents and Settings\Philip\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-07-21 22:50:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1184402194-1185109317-1466214600-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Biggles (S-1-5-21-1184402194-1185109317-1466214600-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Biggles
Guest (S-1-5-21-1184402194-1185109317-1466214600-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1184402194-1185109317-1466214600-1004 - Limited - Disabled)
Philip (S-1-5-21-1184402194-1185109317-1466214600-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Philip
SUPPORT_388945a0 (S-1-5-21-1184402194-1185109317-1466214600-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{47ECCB1F-2811-49C0-B6A7-26778639ABA0}) (Version: 3.1.1 - Hewlett-Packard) Hidden
Auslogics BoostSpeed 10 (HKLM\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 10.0.2.0 - Auslogics Labs Pty Ltd)
Auslogics Driver Updater (HKLM\...\{23BB1B18-3537-48F7-BEF7-42BC65DBF993}_is1) (Version: 1.11.0.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Belarc Advisor 8.6 (HKLM\...\Belarc Advisor) (Version: 8.6.0.0 - Belarc Inc.)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
C4580 (HKLM\...\{403E07CF-040C-4653-85C6-1053B992CA53}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: 7.63.00.50 - Conexant)
Copy (HKLM\...\{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.133 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Destination Component (HKLM\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DownloadX ActiveX Download Control 1.6.8 (HKLM\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version: - Genesis Mobile)
File Shredder 2.0 (HKLM\...\File Shredder_is1) (Version: - WipeSoft)
GNU Backgammon (MAIN branch, 20081113 code) (HKLM\...\GNU Backgammon_is1) (Version: - Free Software Foundation)
Google Earth Pro (HKLM\...\{DE706580-82C7-4B1A-ABA4-EA48AC15B045}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
InstaCodecs (HKLM\...\InstaCodecs_is1) (Version: 1.0 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{954B463D-FC19-4855-B9FA-92A136AE7BB7}) (Version: 15.03.0000 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MCU (HKLM\...\{D2988E9B-C73F-422C-AD4B-A66EBE257120}) (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Web Apps Browser Plugin (HKLM\...\{95140000-1148-0409-0000-0000000FF1CE}) (Version: 14.0.5568.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.6.0 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.6.0 ESR (x86 en-GB)) (Version: 52.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.6.0.6592 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.23 - BVRP Software, Inc)
Network (HKLM\...\{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Oxford Spanish Dictionary (HKLM\...\Oxford Spanish Dictionary) (Version: - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.208.0 - Tracker Software Products Ltd)
PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.199.0 - Tracker Software Products Ltd)
PDF-XChange Viewer (HKLM\...\{D652ACB5-5443-43FA-B25C-259AFF394D8D}) (Version: 2.0.44.0 - Tracker Software Products Ltd.)
PS_AIO_04_C4580_Software_Min (HKLM\...\{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Recuva (remove only) (HKLM\...\Recuva) (Version: - )
Scan (HKLM\...\{9CCCFD9C-248F-47FE-9496-1680E3E5C163}) (Version: 12.0.0.0 - Hewlett-Packard) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SmartWebPrinting (HKLM\...\{800E784D-53E3-4948-B491-9E7FA5EACBDC}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Sonic Audio module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.98 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sound Blaster ADVANCED MB Drivers (HKLM\...\SAMB_ADVMB_FILTER_DRV) (Version: - )
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Status (HKLM\...\{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Toolbox (HKLM\...\{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{4D304678-738E-42a0-931A-2B022F49DEB8}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Webcam 1200 (HKLM\...\{66D475AE-F18B-43A0-8BAF-61AF4403E339}) (Version: 1.0.0.0 - Logitech)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.14 - Microsoft Corporation)
Windows Driver Package - Conexant (winachsf) Modem (03/22/2007 7.63.00.50) (HKLM\...\BC9093B69A2F23E789D7F05A3770E314C8D0F44E) (Version: 03/22/2007 7.63.00.50 - Conexant)
Windows Driver Package - Dell Inc (omci) system (05/26/2009 7.7.0.830) (HKLM\...\B2A4CCA33ED18F8364EBC488FB0B7A4B87B9F00D) (Version: 05/26/2009 7.7.0.830 - Dell Inc)
Windows Driver Package - Intel hdc (07/25/2013 9.1.9.1005) (HKLM\...\0FC89EF25B8E7EB4E6DEC68AAB6FC08D970018E8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System (07/09/2013 9.1.9.1004) (HKLM\...\737C68EDD1AFCD5D42AE3A1B12CD1455500F0EA2) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System (07/25/2013 9.1.9.1005) (HKLM\...\FFD5BD6AF8B693FED8D50E12A23F30056D22A864) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB (07/09/2013 9.1.9.1004) (HKLM\...\7FE3091A683E1D79B336ED7A5D69467CDFFB7A5E) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device (12/22/2017 6.2.84.276) (HKLM\...\5904AD65D5DEFFD8294BF5DB998020688E567249) (Version: 12/22/2017 6.2.84.276 - IVT Corporation)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Driver Package - Ricoh Company (risdptsk) hdc (09/02/2008 6.03.02.22) (HKLM\...\37F6DB1FE70CA0A966E15DBD0B314B56D7A92A5B) (Version: 09/02/2008 6.03.02.22 - Ricoh Company)
Windows Driver Package - Ricoh Company MMC Host Controller (03/07/2011 6.00.03.05) (HKLM\...\07A14B7D240AEA7F81B3C2FE99BFE33F46642538) (Version: 03/07/2011 6.00.03.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (03/07/2011 6.00.01.11) (HKLM\...\0BFE5FCDE57FA0AF01CA8E6EA54F614A15083EBF) (Version: 03/07/2011 6.00.01.11 - Ricoh Company)
Windows Driver Package - Ricoh Company xD Host Controller (03/07/2011 6.00.01.13) (HKLM\...\7624569EEDBF62171F717E0F02EAF2547B81FFAF) (Version: 03/07/2011 6.00.01.13 - Ricoh Company)
Windows Driver Package - SigmaTel MEDIA (02/15/2008 6.10.0.5866) (HKLM\...\0C327E80B04D91ACEF343253C80A5CAEDF25AF73) (Version: 02/15/2008 6.10.0.5866 - SigmaTel)
Windows Driver Package - Unibrain (ubohci) UB1394 (10/05/2012 6.0) (HKLM\...\E2CB89A0476213170E58E955F4C2024F6879C877) (Version: 10/05/2012 6.0 - Unibrain)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version: - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{2D611968-B0FB-4B81-8AFA-D7486879D141}\InprocServer32 -> Rnvrcs.dll => No File
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{736AF091-C361-49B4-A928-87C586130D33}\InprocServer32 -> C:\Program Files\File Shredder\fsshell.dll ()
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {4653F04E-9468-D082-1860-22B785889A47} => No File
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {462A5438-9468-D082-6EC4-5BB785889A47} => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers1: [Auslogics BoostSpeed Shell Context Menu 9.x] -> {CC89327D-D094-8297-82CB-F989EE26FC51} => C:\Program Files\Auslogics\BoostSpeed\ShellExtension.ContextMenu.x32.dll [2018-01-10] (Auslogics)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt32.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt32.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt32.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2007-03-30] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3_S-1-5-21-1184402194-1185109317-1466214600-1005: [{736AF091-C361-49B4-A928-87C586130D33}] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2007-03-01] ()

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Auslogics BoostSpeed Scan and Repair.job => rundll32 exe TaskSchedulerHelper dll RunTask Main exe
Task: C:\WINDOWS\Tasks\Auslogics BoostSpeed Start BoostSpeed оn Philip logon.job => C:\Program Files\Auslogics\BoostSpeed\Main.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\Philip\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2018-03-07 12:45 - 2018-03-07 12:45 - 000287960 ____C () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000280280 ____C () C:\Program Files\avast software\avast\tasks_core.dll
2018-03-11 10:04 - 2018-03-11 10:04 - 005800080 ____C () C:\Program Files\AVAST Software\Avast\defs\18031100\algo.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000756952 ____C () C:\Program Files\avast software\avast\ffl2.dll
2018-03-07 12:44 - 2018-03-07 12:44 - 000172760 ____C () C:\Program Files\avast software\avast\hns_tools.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000964824 ____C () C:\Program Files\avast software\avast\shepherdsync.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000475352 ____C () C:\Program Files\avast software\avast\gui_cache.dll
2018-01-14 17:58 - 2018-01-10 11:24 - 000092232 ____C () C:\Program Files\Auslogics\BoostSpeed\CFAHelper.dll
2017-11-27 15:03 - 2018-01-14 20:51 - 001934792 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2008-12-15 16:17 - 2008-12-15 16:17 - 000126976 _____ () C:\WINDOWS\system32\UAService7.exe
2018-03-07 12:44 - 2018-03-07 12:44 - 000618200 ____C () c:\Program Files\avast software\avast\vaarclient.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 048936448 ____C () C:\Program Files\avast software\avast\libcef.dll
2004-08-11 17:00 - 2013-01-02 07:49 - 001292288 ____C () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\btinstall.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rixdicon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\WINDOWS\system32\snymsico.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\omci.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rimmptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rimsptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\risdptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rixdptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UB1394.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UBSBM.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UBUMAPI.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbehci.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdf01000.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdfldr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\kbdiultn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\kbdpash.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\logui.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc40u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfcsubs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mssip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\msvcrt40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ndiswan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\nwapi16.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\nwapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\nwc.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ocmanage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\odtext32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\riched20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\s3legacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\usbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [119]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 [104]
AlternateDataStreams: C:\Documents and Settings\Philip\Desktop\MM061A17.exe:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\Philip\Desktop\MM061A17.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com

There are 5486 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com

There are 4143 more sites.

IE trusted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\internet -> internet
IE trusted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\mcafee.com -> hxxps://mcafee.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\1-2005-search.com -> www.1-2005-search.com

There are 10344 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 17:00 - 2018-03-11 11:06 - 000306898 ___RC C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1   007guard.com
127.0.0.1   www.007guard.com
127.0.0.1   008i.com
127.0.0.1   008k.com
127.0.0.1   www.008k.com
127.0.0.1   00hq.com
127.0.0.1   www.00hq.com
127.0.0.1   010402.com
127.0.0.1   032439.com
127.0.0.1   www.032439.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   100sexlinks.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com
127.0.0.1   123topsearch.com
127.0.0.1   www.123topsearch.com
127.0.0.1   132.com
127.0.0.1   www.132.com
127.0.0.1   136136.net
127.0.0.1   www.136136.net
127.0.0.1   163ns.com
127.0.0.1   www.163ns.com
127.0.0.1   171203.com
127.0.0.1   17-plus.com
127.0.0.1   1800searchonline.com
127.0.0.1   www.1800searchonline.com
127.0.0.1   180searchassistant.com

There are 10558 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Advanced SystemCare 6 =>
MSCONFIG\startupreg: SigmatelSysTrayApp =>
MSCONFIG\startupreg: TkBellExe =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\msiexec.exe] => Generic Host Process
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\svchost.exe] => Generic Host Process
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
DomainProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
DomainProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
DomainProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
DomainProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
StandardProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
StandardProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
StandardProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017

==================== Restore Points =========================

08-03-2018 22:40:41 Removed Java 7 Update 71
10-03-2018 19:10:13 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
10-03-2018 21:25:10 JRT Pre-Junkware Removal
11-03-2018 11:17:02 Removed Microsoft Fix it Center
11-03-2018 11:18:42 Removed Search Assist

==================== Faulty Device Manager Devices =============

Name: SigmaTel High Definition Audio CODEC
Description: SigmaTel High Definition Audio CODEC
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: SigmaTel
Service: STHDA
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Dell Wireless 350 Bluetooth Internal Card
Description: Dell Wireless 350 Bluetooth Internal Card
Class Guid: {E0CBF06C-CD8B-4647-BB8A-263B43F0F974}
Manufacturer: Toshiba
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2018 11:07:45 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: Event-ID 15

Error: (03/11/2018 11:07:45 AM) (Source: MatSvc) (EventID: 3) (User: )
Description: Event-ID 3

Error: (03/11/2018 10:40:14 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: Event-ID 15

Error: (03/11/2018 10:40:14 AM) (Source: MatSvc) (EventID: 3) (User: )
Description: Event-ID 3

Error: (03/11/2018 09:55:35 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: Event-ID 15

Error: (03/11/2018 09:55:35 AM) (Source: MatSvc) (EventID: 3) (User: )
Description: Event-ID 3

Error: (03/10/2018 11:09:07 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: Event-ID 15

Error: (03/10/2018 11:09:07 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: Event-ID 3

System errors:
=============
Error: (03/11/2018 11:33:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Search service depends on the Terminal Services service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/11/2018 11:33:55 AM) (Source: DCOM) (EventID: 10005) (User: ENILLION)
Description: DCOM got error "%%1068 = The dependency service or group failed to start." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/11/2018 11:28:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Search service depends on the Terminal Services service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/11/2018 11:28:55 AM) (Source: DCOM) (EventID: 10005) (User: ENILLION)
Description: DCOM got error "%%1068 = The dependency service or group failed to start." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/11/2018 11:28:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Search service depends on the Terminal Services service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/11/2018 11:28:40 AM) (Source: DCOM) (EventID: 10005) (User: ENILLION)
Description: DCOM got error "%%1068 = The dependency service or group failed to start." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/11/2018 11:28:21 AM) (Source: WMPNetworkSvc) (EventID: 14319) (User: )
Description: Service 'WMPNetworkSvc' did not start because Group Policy is preventing Windows Media Player from sharing media with other devices.

Error: (03/11/2018 11:27:03 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

==================== Memory info ===========================

Processor: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of memory in use: 83%
Total physical RAM: 1014.37 MB
Available physical RAM: 167.86 MB
Total Virtual: 2439.72 MB
Available Virtual: 1525.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:51.39 GB) (Free:27.25 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 54.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=51.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End of Addition.txt ============================

For some reason, after a reboot the Found New Hardware window opens, although there is no new hardware!

The boot time still seems long, on the last reboot I timed it as about 5 min. So, I shut down completely and started on the stopwatch and got 4.55 from pressing the on button to getting the task tray icons up and the arrow pointer without an hour glass icon.

I think I have now completed everything, if not please say...! :geek:

#71
PhilipW97

Posted 11 March 2018 - 05:19 AM

Member

Topic Starter
Member
147 posts

I just remembered something I wanted to ask you about. In your Farewell message you mention not using Driver Updaters and Speed Boosters. You will have seen that I have the Auslogic versions on all my 3 machines, so I am interested to know why you advise against such things.

#72
RKinner

Posted 11 March 2018 - 09:12 AM

Malware Expert

Expert
24,625 posts

Before I forget, here is the msvcr100_clr0400.zip file for the Win 10:

goes in C:\Windows\Syswow64

Most of the driver updaters and speedup programs are snake oil (meaning they don't really help) which include adware. You will note that AdwCleaner and JRT both take out auslogic.

For the XP you missed the part about:

Right click on Computer and select Manage and then Device Manager then View, Show Hidden Drivers. Now look in the right pane for yellow flagged devices. Right click on one and select properties then click on the Details tab. Change Property to Hardware IDs. Click on the top one then right click and copy. Paste that into a reply. Repeat for all yellow flagged devices.

Also you missed three items in msconfig:

MSCONFIG\startupreg: Advanced SystemCare 6 =>
MSCONFIG\startupreg: SigmatelSysTrayApp =>
MSCONFIG\startupreg: TkBellExe =>

The only one I really care about is:

MSCONFIG\startupreg: SigmatelSysTrayApp =>

We are getting an error for Sigmatel:

Name: SigmaTel High Definition Audio CODEC
Description: SigmaTel High Definition Audio CODEC
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: SigmaTel
Service: STHDA
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

The program needs to be uninstalled and a new version installed from your PC maker's website but you can't do that correctly if part of the program is in msconfig.

You can uninstall

Auslogics BoostSpeed 10 (HKLM\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 10.0.2.0 - Auslogics Labs Pty Ltd)
Auslogics Driver Updater

speccy

belarc

NetWaiting

URL Assistant

Windows Media Player 11
Windows Search 4.0

File Shredder 2.0

CCleaner
Critical Update for Windows Media Player 11 (KB959772)
Dell SupportAssist

Do you need these:

LockHunter 3.2, 32/64 bit

Google Earth Pro

Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Web Apps Browser Plugin (HKLM\...\{95140000-1148-0409-0000-0000000FF1CE}) (Version: 14.0.5568.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)

HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential

The last two are hidden so you probably can't uninstall them right now but does this PC need a printer? Is this the one you have?

#73
PhilipW97

Posted 11 March 2018 - 12:50 PM

Member

Topic Starter
Member
147 posts

Thank you for your copy of msvcr100_clr,dll.

I have done device manager task and here are the results. I see now how I missed it, I got out of sequence when ADWCleaner wouldn't work. Sorry about that.

Bluetooth Internal Card

USB\Vid_413c&Pid_8103&Rev_2422
USB\Vid_413c&Pid_8103

SigmaTel Hi Def Audio CODEC

HDAUDIO\FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022
HDAUDIO\FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD

There is also in Other Devices an Unknown Device that has no Hardware id in Properties

I am a bit confused about some other things though, I am not clear about the three items in msconfig. I can't see them in msconfig and I have checked everything that appears in Startup and Services. I thought perhaps you had asked me to do something with them but I can't find it. I see where the quote comes from, but would like your guidance about where else to look to find where they might be lurking.

Yes, I know about the SigmaTel problem and I have tried to get an updated driver from Dell, but they say there isn't one available. I found a differnt driver for SigmaTel but no information about if it is compatible. I don't have an issue about having another go, but need your advice about finding he bit that FRST identified as being in msconfig.

One of the reasons I asked you about auslogic is that I found it whitelisted in the FRST log.

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Auslogics) C:\Program Files\Auslogics\BoostSpeed\Main.exe

I'm not trying to argue anything just telling you why I am confused! :geek: Once I know where to find them as they aren't listed in msconfig I will deal with them.

I am going to work down your lists for uninstalling. I won't uninstall Dell assist just yet in case I need to goi into their driver store again, but agree that it could go.I can do without some of the office programmes but need Word and Excel and am not sure what will happen if I get rid of some of the others listed. So any observations there welcomed.

So over to you while I start on the lists.

#74
RKinner

Posted 11 March 2018 - 03:09 PM

Malware Expert

Expert
24,625 posts

One of the reasons I asked you about auslogic is that I found it whitelisted in the FRST log.

It's not whitelisted. What FRST means is that the list of running processes does not contain any running processes from its white list. The white list is mostly standard Windows programs that are always present.

FRST can remove the three entries in msconfig with this fixlist:

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix
A fix log will be generated please post that

You don't need Dell assist. Just go to:

http://www.dell.com/...n-6400x/drivers

Since you have an unknown device showing I would try the

Intel Mobile Chipset Driver

see if you can get it to install. You probably already have it but let's make sure.

While on the same page get the latest

SIGMATEL STAC 92XX C-Major HD Audio, v.5.10.0.5515_RC22-WHQL, A11

Then uninstall your old one, reboot and try and install this one.

Also get the two Bluetooth drivers and see if one or both will install:

Dell Wireless 350 Bluetooth Internal Module Driver

Dell Wireless 350 Bluetooth Internal Module Patch/Upgrade

If it still doesn't work then try the procedure on this page:

https://www.dell.com...-303833?lang=en

Of course if you don't have any use for bluetooth then you can just go in and right click on the device and Disable.

If you still need the Office programs that's fine. Just thought the PC was only used for a single purpose.

How about the SQL programs? Do you have a database that you use perhaps to keep track of music or something? IF not it's causing a problem so uninstall.

Reboot after uninstalling all that you want to get rid of then

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs. Is it booting any faster now?

#75
PhilipW97

Posted 11 March 2018 - 04:58 PM

Member

Topic Starter
Member
147 posts

Thank you Ron,

That makes sense of things for me. I will do the jobs in the morning. I make too many mistakes at this time of night.

It is going to be for a single purpose. But my notes, cues etc are in Word and the records and accounts are in Excel. The music and sound effects are prepared in Audacity in mp3 format on my PC and then loaded into the laptop for VLC to run.

Good night.