PDA

View Full Version : Need Help Malware issues



bbmoon
2015-12-29, 19:57
Hello,
I have a Pentium dual CPU 3.4 GHz
2.0 GB ram
Running Windows XP with Service Pack 3
Using Avast Antivirus (all updated)
Browser Internet Explorer

I am working from another computer, because I am unable to connect to the forum page. I can get to www.safer-networking.org but Explorer will not let me into the forum page ("Internet Explorer can't display the webpage"). Most other browsing working ok (not all)

I did find "PU.Mindspark" when running SpyBot S&D, but only after running in Safe Mode.

I'm getting sporadic memory dumps.
Tried to download Chrome browser hoping for better browsing to get to forum. I am unable to install Chrome and getting error.

Thanks for your help

Juliet
2015-12-30, 13:13
Let's see what we can do.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)

~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

bbmoon
2015-12-30, 20:15
Still unable to get to forum page from problem computer. But I was able to run rkill.com and Farbar (it took more than one attempt each)

See logs pasted below.

Addition log below:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-12-2015
Ran by Office (2015-12-30 11:54:47)
Running from C:\Documents and Settings\Office\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2011-05-03 23:31:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-854245398-1801674531-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-854245398-1801674531-725345543-1005 - Limited - Enabled)
Guest (S-1-5-21-854245398-1801674531-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-854245398-1801674531-725345543-1000 - Limited - Disabled)
Office (S-1-5-21-854245398-1801674531-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Office
SUPPORT_388945a0 (S-1-5-21-854245398-1801674531-725345543-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Avast Internet Security (HKLM\...\avast) (Version: 11.1.2245 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Dell Laser MFP 1815 - TWAIN/WIA (HKLM\...\{4804B98A-77A1-493D-869E-3844A2A362D5}) (Version: - Dell Inc.)
DriverUpdate (HKLM\...\{C6044CF6-833B-40A1-A1AE-499812ABB8EB}) (Version: 2.5.2 - Slimware Utilities Holdings, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Java(TM) 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Laplink PCmover Express - Personal Use (HKLM\...\{3EDDD517-FFCF-416A-ABE7-BE826FB5C6C0}) (Version: 10.00.639 - Laplink Software, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
MSN (HKLM\...\MSNINST) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Network Scan (HKLM\...\{A772A7BF-8385-445C-AFC4-AC57825B666C}) (Version: - Dell Inc.)
NoteSmith2011 (HKLM\...\{CA494BFB-DEAB-4C96-B94E-9F1C571B1B2E}) (Version: 7.1103 - Princeton Investments, Inc.)
NoteSmith2012 (HKLM\...\{56908632-59CB-4229-B3E9-C7572A20B019}) (Version: 7.1203 - Princeton Investments, Inc.)
NoteSmith2013 (HKLM\...\{2068D62F-F059-4541-B15D-3A192BAF102E}) (Version: 7.1203 - Princeton Investments, Inc.)
NoteSmith2014 (HKLM\...\{6A06C428-E646-44C0-9298-4EA6392A22AC}) (Version: 7.1403 - Princeton Investments, Inc.)
NoteSmith2015 (HKLM\...\{6FA9EFA6-99BF-4509-8B58-1D02DC626C1F}) (Version: 7.1503 - Princeton Investments, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
QuickBooks Pro 2007 (HKLM\...\{7E545666-F422-45FD-B3DF-C0B99A1A579F}) (Version: - )
QuickBooks Product Listing Service (HKLM\...\{55584E16-4D70-44EE-93DD-F144E8B7D4B7}) (Version: 2.0.126 - Intuit)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4811.0 - SigmaTel)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{28400E86-5FFC-453D-A534-EF455A115E74}\localserver32 -> C:\Program Files\Intuit\QuickBooks Product Listing Service\QBProductListingCOMServer.exe (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{4877276C-A727-486D-B201-F096035CA4DF}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qbfc5.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{86AC2FAD-C987-4757-B591-02F9867A8BE5}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qbfc5.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{8CA5338E-3C5E-4087-ADEC-B1CA665BC293}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-854245398-1801674531-725345543-1004_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\PCSB_Office_PCSpeedBoost_LG_DailyTask.job => C:\Program Files\PC SpeedBoost\PCSpeedBoost.exe
Task: C:\WINDOWS\Tasks\PCSB_Office_PCSpeedBoost_LogonTask.job => C:\Program Files\PC SpeedBoost\PCSpeedBoost.exe
Task: C:\WINDOWS\Tasks\PCSB_Office_PCSpeedBoost_RS_DailyTask.job => C:\Program Files\PC SpeedBoost\PCSpeedBoost.exe
Task: C:\WINDOWS\Tasks\PCSB_Office_PCSpeedBoost_RS_WeeklyTask.job => C:\Program Files\PC SpeedBoost\PCSpeedBoost.exe
Task: C:\WINDOWS\Tasks\PCSB_WaitAndStartAfter.job => C:\Program Files\PC SpeedBoost\PCSpeedBoost.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Office).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-30 07:08 - 2015-12-14 08:32 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-30 07:08 - 2015-12-14 08:32 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-30 11:07 - 2015-12-30 11:07 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\15123000\algo.dll
2015-12-14 08:32 - 2015-12-14 08:32 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2011-12-05 10:42 - 2009-11-05 07:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2011-05-06 10:19 - 2008-07-16 13:36 - 00026624 _____ () C:\WINDOWS\system32\Delg1L3.DLL
2015-03-16 07:10 - 2015-12-14 08:32 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-02-28 06:00 - 2015-11-06 13:46 - 00450684 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15463 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-854245398-1801674531-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Office\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe] => Enabled:QuickBooks 2007 Data Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe] => Enabled:DNSCST Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Princeton\NoteSmith2013\nswin.exe] => Enabled:NoteSmith 2013 start up file
StandardProfile\AuthorizedApplications: [C:\Program Files\Princeton\NoteSmith2014\nswin.exe] => Enabled:NoteSmith 2014 start up file
StandardProfile\AuthorizedApplications: [C:\Program Files\Laplink\PCmover\PCmover.exe] => Enabled:PCmover

==================== Restore Points =========================

30-09-2015 15:43:16 Software Distribution Service 3.0
01-10-2015 15:44:27 Software Distribution Service 3.0
02-10-2015 11:16:05 avast! antivirus system restore point
02-10-2015 11:17:53 Installed Windows XP Wdf01009.
02-10-2015 13:58:24 Software Distribution Service 3.0
05-10-2015 15:43:39 Software Distribution Service 3.0
06-10-2015 15:43:16 Software Distribution Service 3.0
07-10-2015 15:41:54 Software Distribution Service 3.0
08-10-2015 15:43:51 Software Distribution Service 3.0
09-10-2015 09:33:53 Software Distribution Service 3.0
15-10-2015 07:22:45 avast! antivirus system restore point
15-10-2015 07:24:52 Installed Windows XP Wdf01009.
20-10-2015 06:57:11 avast! antivirus system restore point
21-10-2015 10:15:38 System Checkpoint
22-10-2015 12:05:51 System Checkpoint
26-10-2015 07:12:53 avast! antivirus system restore point
26-10-2015 07:27:51 avast! antivirus system restore point
26-10-2015 10:31:44 Avast Cleanup
28-10-2015 06:59:52 avast! antivirus system restore point
29-10-2015 09:21:55 System Checkpoint
02-11-2015 11:14:35 System Checkpoint
03-11-2015 07:57:37 avast! antivirus system restore point
04-11-2015 10:25:10 System Checkpoint
04-11-2015 11:01:03 Avast Cleanup
04-11-2015 11:03:03 Avast Cleanup
06-11-2015 10:42:27 System Checkpoint
06-11-2015 13:12:57 Avast Cleanup
06-11-2015 13:16:21 Avast Cleanup
06-11-2015 13:18:44 Avast Cleanup
09-11-2015 08:31:05 avast! antivirus system restore point
09-11-2015 08:33:46 Installed Windows XP Wdf01009.
10-11-2015 10:10:59 Avast Cleanup
10-11-2015 10:12:59 Avast Cleanup
12-11-2015 08:55:41 Avast Cleanup
12-11-2015 10:50:38 Avast Cleanup
12-11-2015 13:13:29 Avast Cleanup
12-11-2015 15:47:50 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
12-11-2015 15:49:18 Installed Laplink PCmover Express - Personal Use.
13-11-2015 08:24:42 Avast Cleanup
13-11-2015 08:46:16 avast! antivirus system restore point
13-11-2015 08:48:24 avast! antivirus system restore point
13-11-2015 08:51:01 avast! antivirus system restore point
13-11-2015 08:53:08 avast! antivirus system restore point
13-11-2015 08:58:45 avast! antivirus system restore point
13-11-2015 09:07:39 avast! antivirus system restore point
13-11-2015 09:09:27 avast! antivirus system restore point
13-11-2015 09:11:09 avast! antivirus system restore point
13-11-2015 09:13:15 avast! antivirus system restore point
13-11-2015 09:15:08 avast! antivirus system restore point
13-11-2015 10:25:16 Avast Cleanup
13-11-2015 10:29:16 Avast Cleanup
13-11-2015 11:16:55 Avast Cleanup
16-11-2015 09:32:45 Avast Cleanup
16-11-2015 10:30:43 Avast Cleanup
16-11-2015 10:33:04 Avast Cleanup
17-11-2015 11:21:04 System Checkpoint
18-11-2015 08:20:22 Avast Cleanup
19-11-2015 08:24:40 Avast Cleanup
20-11-2015 09:10:25 System Checkpoint
20-11-2015 10:04:28 Avast Cleanup
20-11-2015 14:15:16 Avast Cleanup
23-11-2015 09:18:58 Avast Cleanup
23-11-2015 10:46:47 Avast Cleanup
23-11-2015 11:11:30 Avast Cleanup
23-11-2015 11:20:39 Avast Cleanup
23-11-2015 11:33:08 Avast Cleanup
23-11-2015 12:00:54 Avast Cleanup
23-11-2015 16:40:50 Avast Cleanup
24-11-2015 08:48:59 Avast Cleanup
24-11-2015 08:56:30 Avast Cleanup
24-11-2015 10:57:32 Avast Cleanup
24-11-2015 11:02:19 Avast Cleanup
25-11-2015 08:33:07 Avast Cleanup
25-11-2015 08:40:15 Avast Cleanup
25-11-2015 08:45:51 avast! antivirus system restore point
25-11-2015 08:58:48 Avast Cleanup
30-11-2015 08:31:39 Avast Cleanup
30-11-2015 11:21:41 Avast Cleanup
30-11-2015 12:36:30 Avast Cleanup
02-12-2015 14:18:03 Avast Cleanup
02-12-2015 16:34:40 Avast Cleanup
02-12-2015 16:37:37 Avast Cleanup
03-12-2015 08:11:57 Avast Cleanup
03-12-2015 08:14:40 Avast Cleanup
04-12-2015 08:26:45 Avast Cleanup
04-12-2015 09:20:16 Avast Cleanup
04-12-2015 09:22:10 Avast Cleanup
07-12-2015 08:01:17 avast! antivirus system restore point
07-12-2015 08:43:35 avast! antivirus system restore point
07-12-2015 09:02:30 Avast Cleanup
08-12-2015 16:20:06 Avast Cleanup
08-12-2015 16:25:09 Avast Cleanup
10-12-2015 08:59:32 Avast Cleanup
14-12-2015 16:11:40 System Checkpoint
15-12-2015 08:13:39 Avast Cleanup
15-12-2015 11:32:32 Avast Cleanup
15-12-2015 16:42:26 Avast Cleanup
16-12-2015 11:52:33 Avast Cleanup
16-12-2015 16:33:50 Avast Cleanup
17-12-2015 08:14:48 Installed Windows XP Wdf01009.
17-12-2015 15:06:51 Avast Cleanup
21-12-2015 08:40:11 Avast Cleanup
22-12-2015 11:16:13 System Checkpoint
23-12-2015 08:12:19 Avast Cleanup
23-12-2015 08:48:12 Avast Cleanup
23-12-2015 13:51:15 Avast Cleanup
23-12-2015 14:23:18 Avast Cleanup
28-12-2015 13:46:53 System Checkpoint
29-12-2015 11:36:56 Installed %1 %2.
29-12-2015 11:46:02 Avast Cleanup
29-12-2015 12:07:39 Avast Cleanup
30-12-2015 11:51:25 Unsigned driver install

==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2015 11:41:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 30.12.2015.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.
Processing media-specific event for [frst.exe!ws!]

Error: (12/29/2015 02:52:39 PM) (Source: Userenv) (EventID: 1512) (User: NT AUTHORITY)
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.


DETAIL - Insufficient system resources exist to complete the requested service.

Error: (12/29/2015 02:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00010cce.
Processing media-specific event for [iexplore.exe!ws!]

Error: (12/29/2015 02:16:59 PM) (Source: ESENT) (EventID: 447) (User: )
Description: wuauclt (4024) A bad page link (error -327) has been detected in a B-Tree (ObjectId: 43, PgnoRoot: 76) of database C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb (3564 => 237, wuauclt0).

Error: (12/28/2015 03:51:35 PM) (Source: Userenv) (EventID: 1512) (User: NT AUTHORITY)
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.


DETAIL - Insufficient system resources exist to complete the requested service.

Error: (12/28/2015 03:25:27 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=47.0.2526.106;lang=;guid=5BB0111958B54B2DA44227840657A37D;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\e0bc2433-b4ba-4022-a236-3e30c80ceb40.dmp

Error: (12/28/2015 03:25:12 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=47.0.2526.106;lang=;guid=5BB0111958B54B2DA44227840657A37D;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\fb147004-3797-453e-9930-8f6c857fbea6.dmp

Error: (12/28/2015 03:22:51 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=47.0.2526.106;lang=;guid=5BB0111958B54B2DA44227840657A37D;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\bf0425ad-bde9-4b54-9d19-fb432ef75fa9.dmp

Error: (12/28/2015 03:22:19 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=47.0.2526.106;lang=;guid=5BB0111958B54B2DA44227840657A37D;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\3c1113b0-01f2-4647-afba-8667152fa487.dmp

Error: (12/28/2015 02:50:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application teatimer.exe, version 1.6.6.32, faulting module teatimer.exe, version 1.6.6.32, fault address 0x00025e0c.
Processing media-specific event for [teatimer.exe!ws!]


System errors:
=============
Error: (12/30/2015 11:48:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (12/30/2015 11:48:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (12/30/2015 11:17:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2015 11:17:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2015 11:14:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2015 11:14:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (12/30/2015 11:14:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (12/30/2015 11:10:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2015 11:10:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2015 11:03:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) D CPU 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 2045.31 MB
Available physical RAM: 1561.36 MB
Total Virtual: 3938.1 MB
Available Virtual: 3540.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:119.4 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 198D0DE8)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


FRST log below:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-12-2015
Ran by Office (administrator) on DESK (30-12-2015 11:54:03)
Running from C:\Documents and Settings\Office\Desktop
Loaded Profiles: Office (Available Profiles: Office & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(SigmaTel, Inc.) C:\WINDOWS\system32\stacsv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-14] (AVAST Software)
HKLM\...\Run: [VNT] => C:\Program Files\VNT\vntldr.exe [196504 2015-01-26] (APN LLC.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll [2011-05-06] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-854245398-1801674531-725345543-1004\...\Run: [Avast-Browser-Cleanup] => C:\Program Files\AVAST Software\Avast\BrowserCleanup.exe [1503712 2015-10-15] (AVAST Software)
HKU\S-1-5-21-854245398-1801674531-725345543-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmarque.scr [20992 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-14] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-08-18]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E448B7E0-09BB-4849-B471-F46399A6A9B6}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-854245398-1801674531-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-854245398-1801674531-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-854245398-1801674531-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL =
SearchScopes: HKLM -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm545^YYA^us&si=STF_POSTDL_728_PDF_US_BOTTOM_83224019&ptb=911302F8-BB7F-4A68-9B45-68362F535BE2&ind=2015120311&n=781c4bb7&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-854245398-1801674531-725345543-1004 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-854245398-1801674531-725345543-1004 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm545^YYA^us&si=STF_POSTDL_728_PDF_US_BOTTOM_83224019&ptb=911302F8-BB7F-4A68-9B45-68362F535BE2&ind=2015120311&n=781c4bb7&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-854245398-1801674531-725345543-1004 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-854245398-1801674531-725345543-1004 -> {D92F7D17-6332-4312-A532-F1F31DB93441} URL = hxxp://isearch.shopathome.com?user_id={3EF090A0-73DB-4067-80CA-980795B6E8CD}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-854245398-1801674531-725345543-1004 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-11-15] (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-14] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-11-15] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-854245398-1801674531-725345543-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5}

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\WINDOWS\system32\npdeployJava1.dll [2012-11-15] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-11-15] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-11-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-19] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-17]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-17]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-14] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-12-14] (AVAST Software)
R2 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S3 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
S3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe [13160 2011-05-06] (Citrix Online, a division of Citrix Systems, Inc.)
S3 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153584 2012-11-15] (Sun Microsystems, Inc.)
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-26] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
S2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [143427 2005-12-14] (NVIDIA Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-09-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2006-11-09] (Intuit Inc.) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2006-02-28] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
R2 STacSV; C:\WINDOWS\system32\STacSV.exe [86016 2006-05-26] (SigmaTel, Inc.) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [52224 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2006-02-28] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-12-14] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26096 2015-12-14] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2015-12-21] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2015-12-14] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [257720 2015-12-14] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-12-14] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-12-14] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2015-12-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [436360 2015-12-21] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [165104 2015-12-14] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35144 2014-12-03] (The OpenVPN Project)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [58016 2015-12-14] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2015-12-14] (AVAST Software)
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2006-02-28] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2006-02-28] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2006-02-28] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Dot4; C:\WINDOWS\System32\DRIVERS\Dot4.sys [206976 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Dot4Print; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [12928 2001-08-17] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
R3 E100B; C:\WINDOWS\System32\DRIVERS\e100b325.sys [163328 2006-01-12] (Intel Corporation) [File not signed]
R4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2006-02-28] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2006-02-28] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2006-02-28] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2006-02-28] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2006-02-28] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2006-02-28] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2006-02-28] (Microsoft Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2006-02-28] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2006-02-28] (Parallel Technologies, Inc.) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2006-02-28] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2006-02-28] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2006-02-28] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
S3 sfng32; C:\WINDOWS\System32\drivers\sfng32.sys [41728 2005-12-02] (Sonic Focus, Inc) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1177032 2006-05-26] (SigmaTel, Inc.) [File not signed]
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [11232 2015-12-10] ()
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-30 11:51 - 2015-12-30 11:52 - 00000000 ____D C:\WINDOWS\LastGood
2015-12-30 11:48 - 2015-12-30 11:48 - 00106496 _____ C:\WINDOWS\Minidump\Mini123015-03.dmp
2015-12-30 11:40 - 2015-12-30 11:41 - 00022612 _____ C:\Documents and Settings\Office\Desktop\Addition 1.txt
2015-12-30 11:39 - 2015-12-30 11:54 - 00032862 _____ C:\Documents and Settings\Office\Desktop\FRST.txt
2015-12-30 11:39 - 2015-12-30 11:54 - 00000000 ____D C:\FRST
2015-12-30 11:39 - 2015-12-30 11:40 - 00042307 _____ C:\Documents and Settings\Office\Desktop\FRST 1.txt
2015-12-30 11:33 - 2015-12-30 11:33 - 01721856 _____ (Farbar) C:\Documents and Settings\Office\Desktop\FRST.exe
2015-12-30 11:15 - 2015-12-30 11:15 - 00000104 _____ C:\Documents and Settings\Office\Desktop\Internet.lnk
2015-12-30 11:14 - 2015-12-30 11:14 - 00106496 _____ C:\WINDOWS\Minidump\Mini123015-02.dmp
2015-12-30 11:10 - 2015-12-30 11:31 - 00254452 _____ C:\Documents and Settings\Office\Desktop\Rkill.txt
2015-12-30 11:03 - 2015-12-30 11:03 - 00106496 _____ C:\WINDOWS\Minidump\Mini123015-01.dmp
2015-12-29 14:42 - 2015-12-29 14:52 - 00015068 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-29 12:20 - 2015-12-29 12:20 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-12-29 11:37 - 2015-12-29 11:37 - 00065536 _____ C:\WINDOWS\system32\config\Windows .evt
2015-12-29 11:37 - 2015-12-29 11:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2015-12-29 11:36 - 2015-12-29 11:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926139-v2$
2015-12-29 10:24 - 2015-12-29 10:24 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2015-12-29 10:24 - 2015-12-29 10:24 - 00000000 __SHD C:\Documents and Settings\Administrator\IECompatCache
2015-12-28 12:16 - 2015-12-28 12:16 - 00000000 ____D C:\Documents and Settings\Office\Local Settings\Application Data\VNT
2015-12-17 08:15 - 2015-12-17 08:15 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Internet Security.lnk
2015-12-17 08:15 - 2015-12-17 08:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-12-17 08:13 - 2015-12-14 08:32 - 00322760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-12-15 11:33 - 2015-12-15 11:33 - 00000340 _____ C:\Documents and Settings\Office\Desktop\Shortcut to My Documents.lnk
2015-12-14 08:47 - 2015-12-14 08:47 - 00000000 ____D C:\f1750cb197edb2968d70
2015-12-14 08:33 - 2015-12-14 08:33 - 00000000 ____D C:\ebc34ca16962df80120622e7
2015-12-14 08:33 - 2015-12-14 08:32 - 00257720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2015-12-14 08:33 - 2015-12-14 08:32 - 00026096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-12-14 08:32 - 2015-12-14 08:32 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-12-14 08:32 - 2015-12-14 08:32 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2015-12-09 11:09 - 2015-12-28 13:09 - 08886976 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-12-03 12:38 - 2015-12-03 12:38 - 00000000 __SHD C:\found.002
2015-12-03 10:18 - 2015-12-17 13:18 - 00000450 _____ C:\WINDOWS\Tasks\DriverUpdate Scan.job
2015-12-03 10:18 - 2015-12-10 12:40 - 00011232 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
2015-12-03 10:18 - 2015-12-03 10:18 - 00000000 ____D C:\Program Files\DriverUpdate

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-30 11:54 - 2011-05-03 17:33 - 00000000 ____D C:\Documents and Settings\Office\Local Settings\Temp
2015-12-30 11:53 - 2012-11-06 13:20 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-12-30 11:51 - 2011-05-03 12:12 - 00000000 ____D C:\WINDOWS
2015-12-30 11:48 - 2014-11-12 12:58 - 00000346 _____ C:\WINDOWS\Tasks\PCSB_Office_PCSpeedBoost_LogonTask.job
2015-12-30 11:48 - 2014-03-28 07:15 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-12-30 11:48 - 2012-04-24 07:19 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-30 11:48 - 2011-05-19 15:19 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-30 11:48 - 2011-05-03 17:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-30 11:44 - 2014-11-07 08:15 - 00000368 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Office).job
2015-12-30 11:09 - 2012-11-07 14:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-29 14:52 - 2011-05-03 17:33 - 00000278 ___SH C:\Documents and Settings\Office\ntuser.ini
2015-12-29 14:52 - 2011-05-03 17:33 - 00000000 ____D C:\Documents and Settings\Office
2015-12-29 14:37 - 2011-05-12 12:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-12-29 14:14 - 2012-04-24 07:19 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-29 13:58 - 2014-11-12 12:58 - 00000342 _____ C:\WINDOWS\Tasks\PCSB_Office_PCSpeedBoost_RS_DailyTask.job
2015-12-29 12:58 - 2014-11-12 12:58 - 00000348 _____ C:\WINDOWS\Tasks\PCSB_Office_PCSpeedBoost_RS_WeeklyTask.job
2015-12-29 12:58 - 2014-11-12 12:58 - 00000348 _____ C:\WINDOWS\Tasks\PCSB_Office_PCSpeedBoost_LG_DailyTask.job
2015-12-29 12:07 - 2011-05-03 12:12 - 00000000 ___HD C:\WINDOWS\inf
2015-12-29 11:25 - 2012-04-24 07:19 - 00000000 ____D C:\Program Files\Google
2015-12-29 11:15 - 2011-05-04 11:25 - 00000000 ____D C:\WINDOWS\network diagnostic
2015-12-29 10:51 - 2015-10-26 09:15 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-12-29 10:24 - 2015-10-26 09:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-12-29 10:24 - 2015-10-26 09:15 - 00000000 ____D C:\Documents and Settings\Administrator
2015-12-28 15:40 - 2011-05-03 17:28 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-28 15:27 - 2012-04-24 07:19 - 00000000 ____D C:\Documents and Settings\Office\Local Settings\Application Data\Google
2015-12-28 13:10 - 2012-11-07 14:14 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-28 13:10 - 2011-05-17 07:21 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-28 12:16 - 2006-02-28 06:00 - 00013694 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-23 12:50 - 2011-05-05 11:37 - 00000000 ____D C:\Documents and Settings\Office\My Documents\Reminder Letter
2015-12-23 12:50 - 2011-05-05 11:34 - 00000000 ____D C:\Documents and Settings\Office\My Documents\Real Estate Note
2015-12-23 12:42 - 2011-05-05 11:34 - 00000000 ____D C:\Documents and Settings\Office\My Documents\Warrenty Deed
2015-12-23 12:40 - 2011-05-05 11:32 - 00000000 ____D C:\Documents and Settings\Office\My Documents\Deed Of Trust
2015-12-21 16:23 - 2011-05-05 09:01 - 00000000 ____D C:\Documents and Settings\Office\Local Settings\Application Data\ApplicationHistory
2015-12-21 08:04 - 2013-12-09 13:48 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-12-21 08:04 - 2011-05-04 12:17 - 00436360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-12-17 08:20 - 2011-05-05 12:45 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2015-12-14 08:32 - 2015-08-18 14:28 - 00165104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-12-14 08:32 - 2014-04-28 07:21 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-12-14 08:32 - 2013-12-09 13:48 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-12-14 08:32 - 2013-12-09 13:48 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-12-14 08:32 - 2011-05-04 12:17 - 00794952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-12-14 08:32 - 2011-05-04 12:17 - 00058016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-12-14 08:32 - 2011-05-04 12:17 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-12-14 08:32 - 2011-05-04 12:17 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-14 08:32 - 2011-05-04 12:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-12-08 15:00 - 2014-03-28 07:15 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-12-03 10:18 - 2014-11-07 08:14 - 00000000 ____D C:\Documents and Settings\Office\Local Settings\Application Data\SlimWare Utilities Inc
2015-12-03 10:18 - 2014-11-07 08:14 - 00000000 ____D C:\Documents and Settings\Office\Local Settings\Application Data\Downloaded Installers
2015-11-30 09:46 - 2011-05-03 17:33 - 00000000 ___RD C:\Documents and Settings\Office\My Documents
2015-11-30 08:12 - 2011-05-03 12:12 - 00000000 RSHDC C:\WINDOWS\system32\dllcache

==================== Files in the root of some directories =======

2011-05-05 11:12 - 2011-05-05 11:12 - 0000129 _____ () C:\Documents and Settings\Office\Local Settings\Application Data\fusioncache.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End of FRST.txt ============================

Juliet
2015-12-31, 02:28
PC SpeedBoost
http://www.shouldiremoveit.com/PCSpeedBoost-118847-program.aspx
Malware detected in the program
***********************************
SlimCleaner Plus tool by Slimware Utilities Holdings has been detected as PUP(Possible Unwanted Program) .Optional.Task
Have seen recent victims complaining of this tool, many if not most are removing this.

*******************************

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL =
SearchScopes: HKLM -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm545^YYA^us&si=STF_POSTDL_728_PDF_US_BOTTOM_83224019&ptb=911302F8-BB7F-4A68-9B45-68362F535BE2&ind=2015120311&n=781c4bb7&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-854245398-1801674531-725345543-1004 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm545^YYA^us&si=STF_POSTDL_728_PDF_US_BOTTOM_83224019&ptb=911302F8-BB7F-4A68-9B45-68362F535BE2&ind=2015120311&n=781c4bb7&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-854245398-1801674531-725345543-1004 -> {D92F7D17-6332-4312-A532-F1F31DB93441} URL = hxxp://isearch.shopathome.com?user_id={3EF090A0-73DB-4067-80CA-980795B6E8CD}&q={searchTerms}
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~~~~
please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt

bbmoon
2016-01-01, 17:20
Still unable to get to forum via problem computer. I am copying logs to USB drive and using a different computer.

After running AdwCleaner, it found only "swdumon" on report. After "Clean" it rebooted and during start of reboot CHKDSK wanted to run. I let CHKDSK run and there were some correction errors it fixed. I hope letting CHKDSK run was ok.

Continuing to have issues browsing with IE and having to reopen IE or sometimes reboot to get things functioning enough to run the downloads, but eventually I get it done. Once had this message from IE "Malicious add-on has caused Internet Explorer to close".

Below are the Logs from:
Fixlog
AdwCleaner
Junkware Removal Tool

Thanks for your help
Happy New Year




Fix result of Farbar Recovery Scan Tool (x86) Version:30-12-2015
Ran by Office (2016-01-01 07:58:09) Run:1
Running from C:\Documents and Settings\Office\Desktop
Loaded Profiles: Office (Available Profiles: Office & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL =
SearchScopes: HKLM -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm545^YYA^us&si=STF_POSTDL_728_PDF_US_BOTTOM_83224019&ptb=911302F8-BB7F-4A68-9B45-68362F535BE2&ind=2015120311&n=781c4bb7&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-854245398-1801674531-725345543-1004 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm545^YYA^us&si=STF_POSTDL_728_PDF_US_BOTTOM_83224019&ptb=911302F8-BB7F-4A68-9B45-68362F535BE2&ind=2015120311&n=781c4bb7&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-854245398-1801674531-725345543-1004 -> {D92F7D17-6332-4312-A532-F1F31DB93441} URL = hxxp://isearch.shopathome.com?user_id={3EF090A0-73DB-4067-80CA-980795B6E8CD}&q={searchTerms}
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}" => key removed successfully.
HKCR\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => key not found.
"HKU\S-1-5-21-854245398-1801674531-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}" => key removed successfully.
HKCR\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => key not found.
"HKU\S-1-5-21-854245398-1801674531-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D92F7D17-6332-4312-A532-F1F31DB93441}" => key removed successfully.
HKCR\CLSID\{D92F7D17-6332-4312-A532-F1F31DB93441} => key not found.
IntelIde => service removed successfully.
WS2IFSL => service removed successfully.

========= ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


========= netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.


========= End of CMD: =========


========= netsh int ipv4 reset =========

The following command was not found: int ipv4 reset.

========= End of CMD: =========


========= netsh int ipv6 reset =========

IPv6 is not installed.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========










# Adwrleaner i5.027 -
Logfilelcreated 01/01/2016 at 08:27:41
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Office - DESK
# Running from : C:\Documents and Settings\Office\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\BoostSoftware
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\slimware utilities inc
[-] Folder Deleted : C:\Documents and Settings\Office\Local Settings\Application Data\iac
[-] Folder Deleted : C:\Documents and Settings\Office\Local Settings\Application Data\VNT
[-] Folder Deleted : C:\Documents and Settings\Office\Local Settings\Application Data\slimware utilities inc
[-] Folder Deleted : C:\Program Files\VNT
[-] Folder Deleted : C:\Program Files\driverupdate
[-] Folder Deleted : C:\Program Files\slimcleaner plus

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\system32\drivers\swdumon.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
[-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
[-] Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VNT]
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.hxxpHandle302
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.hxxpHandle302.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.PostUrlWorker
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.PostUrlWorker.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopAtHomeHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.CookiesManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.CookiesManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C00F4B2B-A33C-40FC-8E47-4D18DCD4B01E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4B8E39FD-ED07-4A41-9681-3D78DAFCEE66}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD125908-5F10-409F-9C01-F2207CA18887}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{4B8E39FD-ED07-4A41-9681-3D78DAFCEE66}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59837716-8E20-4C39-A271-EE29B629278C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5A06A37E-F036-42EC-9D51-E738FACBFEB5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{64C4BD7C-A0A5-4753-A507-6ED10DB57A44}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{67866A4D-618A-4E57-BE3E-44E98042F87C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{844C2331-94DF-431E-9A67-426ED861D27F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8684A596-308C-4872-ACA7-FF6093BBEEF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93A55DA3-83ED-4090-91B6-904C44647639}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{966430CC-2097-45CA-8626-2C3F454C3297}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96C5CF2E-7AA7-4A3E-A8CC-7CF4AB1E9A4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B34A6A15-1F6F-4A19-A9DD-8B44C874A20B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B57F17D0-F1A5-48F6-AFA4-B4A44556D30A}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{C00F4B2B-A33C-40FC-8E47-4D18DCD4B01E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C242AC08-2AE7-46A5-A62D-E7F1B9BE489C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F3EC3AFF-8FD8-4253-ABA2-F2ABE0A5524A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CC6A58F3-FD45-4D29-BD83-3F87ACEAAEEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{76481128-CCDC-4073-8F65-B06F23B138FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0B6C9E5C-4E2D-4874-BC84-4A6178E8E179}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{20739FAD-6CC8-49BC-94CB-A322D2C99390}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{34979CB5-728D-4727-81BF-01850A3BB89B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{608F7340-E221-4AFB-A848-C4DAD297CD58}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6784D08D-CDC3-419D-9B97-744A351ED908}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{73CADBBD-4DC5-419D-84F1-E7BF4C3B20C4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{952C6F00-CBA7-47BE-BAF3-CFC5808E6C7B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A378FD9D-B406-44BB-96D2-8CDAA668713F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A3866408-A46D-4421-816F-F34D7247A046}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AED3B1E0-FABB-4C27-A2DA-EC8352EE7E30}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D8278076-BC68-4484-9233-6E7F1628B56C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F236CA79-3123-4AFB-9F74-E98117AD5625}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D8278076-BC68-4484-9233-6E7F1628B56C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F236CA79-3123-4AFB-9F74-E98117AD5625}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF10C1C0-B598-4ADB-B353-42C991C99A2E}
[-] Key Deleted : HKCU\Software\VNT
[-] Key Deleted : HKLM\SOFTWARE\BoostSoftware
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKU\.DEFAULT\Software\VNT
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [14801 bytes] ##########









~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Microsoft Windows XP x86
Ran by Office (Administrator) on Fri 01/01/2016 at 8:46:50.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Documents and Settings\Office\Local Settings\Application Data\downloaded installers (Folder)
Successfully deleted: C:\WINDOWS\Tasks\DriverUpdate Scan.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Office).job (Task)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\890B0DEB (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ET0765IF (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K38P2TEF (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YLERUNMT (Folder)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERUPDATE.EXE-0A02E128.pf (File)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/01/2016 at 8:48:01.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2016-01-02, 05:15
You can try and reset IE to see if that fixes the issue.

How to reset Internet Explorer settings
http://support.microsoft.com/kb/923737



Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) TO YOUR DESKTOP




Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i24.photobucket.com/albums/c30/ken545/0841859c-1a35-4dbd-b41a-e720629e3e22_zpst0yckuua.png



On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply




When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes

bbmoon
2016-01-02, 21:31
Thanks for help.

I did the IE reset (more than once) and I am still having browser problems.
Still unable to get to forum (and some other websites). I was unable to connect to Malwarebytes, so I copied it to USB drive from another computer and downloaded and ran it, same for "Should I Remove it".
Also, from your previous reply... "Should I Remove it" did not find PC Speed Boost on the program list. I did a file search and found two Speed Boost files (not programs) and deleted them.

MBAM scan log below:


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/2/2016
Scan Time: 12:25:10 PM
Logfile: MBAM scan log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.02.05
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Office

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330283
Time Elapsed: 31 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Update AppEnable, Quarantined, [27b61123603995a172a31401788c8779],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],

Files: 15
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7\Stb5ee409a9-29d1-4fc1-820d-b66feba03d10.log, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7\Msi81c61c6c-b5e7-49a7-82b2-bf68c6cb4336.log, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7\Stb0596043c-30fc-4587-91ab-912ad6109368.log, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7\Stb095792a8-bd05-4ee4-a0e2-5827069c33af.log, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7\Stb0cef379a-b18e-4ce7-858f-daa10122f785.log, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7\Stb157e3760-be87-4396-90b3-48c2b63125b8.log, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7\Stb1d2113e9-33d6-4eef-96ae-bfadc9f013a2.log, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7\Stb41bbe957-2c92-40e7-b024-fb6a11890234.log, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7\Stb5ea81118-c4ce-41e5-95c5-a34b6a501cf7.log, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7\Stb76f25ac1-58c9-4148-a60e-1e3dbe09c23f.log, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7\Stb81c61c6c-b5e7-49a7-82b2-bf68c6cb4336.log, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7\Stb9526a812-84e7-49ab-8e32-c61a12b6ef24.log, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7\Stbb7982ea6-c497-415d-85ed-f1728969c283.log, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7\Stbddf751ec-b389-42a6-a3ca-c07b049b9eae.log, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],
PUP.Optional.ASK.Gen, C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\APN-Stub\AVRV7\Stbfce06ae8-ccb5-40db-b44c-859036fafad9.log, Quarantined, [726be74dd1c8a591af2f80382ad85ca4],

Physical Sectors: 0
(No malicious items detected)


(end)

Juliet
2016-01-03, 03:39
If you would, try to boot into safe mode with networking and see if you can at that time connect to the web sites in question?

Also, if you can, can you try to download and install Firefox and let's see if this is the same for this browser as well.
https://www.mozilla.org/en-US/firefox/desktop/
https://www.mozilla.org/en-US/


Also, from your previous reply... "Should I Remove it"
No idea where that came from I haven't asked you to download and run any tool associated with "Should I Remove it"
I posted a link with information about a tool on your computer and with the info on that link that you should remove it.

PC SpeedBoost
http://www.shouldiremoveit.com/PCSpe...7-program.aspx
Malware detected in the program
***********************************

bbmoon
2016-01-03, 20:36
In Safe Mode IE will not connect to anything. I get "Internet Explorer cannot display the webpage" on everything I try.

In regular mode I can connect to some sites like I have before, but not all sites (still unable to connect to forum, yet I am able to connect to "safer-networking") When I cannot get to a page, I get the "Internet Explorer cannot display the webpage" message. I usually can get to Google and gets search results.

I had trouble downloading Firefox from problem computer after multiple attempts due to: computer freezes, several memory dump crashes, "Windows Explorer has encountered a problem and needs to close" messages and sometimes IE will just close.

I sometimes can get to the Firefox download page, click on download, click on run and I then usually get a memory dump crash. Sometimes I get the memory dump by just clicking on download.

Finally, just saved Firefox to desktop (Firefox setup) and was then able to start download process but would get "Your download was interrupted" message during middle of install. I am then allowed to click on OK "to continue" and I am taken to Firefox download webpage to start all over again. Sorry, was unable to install Firefox.

In general my Computer is running exstreamly slow, hard drive seems to be running continuously even when I am doing nothing and getting multiple and random crashes or freezes.

Sorry, something is still causing serious problems. I'm happy to try whatever you suggest next. Thanks.

Juliet
2016-01-03, 22:55
Let's try a couple of things


Reset the modem or the router

Turn off the modem and the router.

Note: If the modem or the router does not have a power switch, disconnect the electrical power to the modem or to the router.

Restart the computer.

After your computer has restarted, turn on the modem or the router and wait for all flashing lights to stop,

Start Internet Explorer and see if connections are re-established.

~~~~~~~~~~~~~~~~~~~~`

Exit any instances of Windows Explorer.
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, click to select the Delete all offline content check box.
Click OK two times.

Read and use this article to delete out Cookies
https://support.microsoft.com/EN-US/kb/278835

~~~~~~~~~~~~~~~~~~~~~

Also please download Windows Repair (all in one) from here (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)

http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/step-4-tab.jpg
Install the program then go to step 4 and create a new system restore point and new registry backup.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
http://i1.ifrm.com/228/109/upload/p22001645.gif



NEXT
On the the Start Repairs tab => Click the Start
http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/start-repairs-tab.jpg


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
http://i1.ifrm.com/228/109/upload/p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.

~~~~~~~~~~~~~~~~~~~~~`

Delete the version of Firefox you tried to install earlier,
download the full installer, you can use this page (scroll down to your preferred language):
https://www.mozilla.org/en-US/firefox/all/

Let me know what results are after running the above tools.

Juliet
2016-01-03, 23:16
Forgot to mention that sometimes an antivirus will/can stop connections to some web sites. Can you try to temporarily disable your antivirus to see if connections were stopped?

Right click on the Avast icon in the system tray
Scroll up to Avast! shields control
Select the desired option from the list

10 minutes,
1 hour,
until the computer is restarted or
permanently.

Reverse to enable.

bbmoon
2016-01-04, 19:45
Sorry to report, I think its running worse.

I did reset the modem/router and delete temp file and cookies. That process was also part of the IE reset that we did earlier. Sorry, no change.

I did get to Tweaking.com and downloaded (saved to desktop) Windows Repair. It will start the install process then stop with "Encountered a sharing violation.." error. it will not load.

Many troubles today. Physical memory dumps, IE not even opening or opening and crashing, multiple errors reports, some regular software programs on the computer will not open (Quick Books)

I am providing some photos of some of the errors I had today, hoping there might be a clue as to what is wrong.

1244712448124491244612450

bbmoon
2016-01-04, 19:47
1245112452124531245412455

Juliet
2016-01-04, 20:50
Did you temporarily disable your antivirus?

Something is reading and or preventing the installation files from working.


Go to Start, then to Run, and type in "SFC.EXE /SCANNOW" (without the quotes - and with a space between the SFC.EXE and the /SCANNOW). The press Enter.

The program may (or it may not) ask you for your Windows XP installation CD - please insert it at the prompt. If it doesn't ask you for the CD this means that it wasn't necessary to replace any files.

~~~~~~~~~~~~~~~~~~~~~~~~

Click on Start >> My Computer >> Right click on the C\: Drive icon - (Local Disk (C) and select Properties
Now click on the Tools tab.

Now click on the Check Now... tab

Select both check disk options and click on Start.

Click on the Yes button.

Next, click on Start >> Turn Off Computer >> Restart

Note: Upon Reboot(Restart), CHKDSK will start and carry out the repairs required.

~~~~~~~~~~~~~~~~~~~~~~~~~~`

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/306529-emergency-backup-procedure.html)

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

Place ComboFix.exe on your Desktop <--Important

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...

bbmoon
2016-01-06, 16:54
I have turned off anti-virus for all the new fixes from your last reply. Sorry, I typically did not turn virus off on every process unless it was part of the directions before.

I did the SFC.EXE and inserted Windows CD when asked. That seemed to go ok.

Next I did the CHKDSK process. After reboot CHKDSK went through a long 5 step process and stopped after a list of "bad sector" fixes. After the 5 steps and the fixes the CHKDSK screen just stayed on, the computer did not boot to Windows. After waiting hours, I restarted the computer and it went to CHKDSK process again. This time I left it overnight to run (just to be sure it was finished) and it still stoped after step 5 and the repair fixes and just stuck there. It will not boot to Windows it only wants to run the scheduled CHKDSK.

Juliet
2016-01-06, 18:46
Man, it sounds like we're going from bad to worse.

The tool shouldn't take long at all and if it couldn't fix bad sectors it's (in theory) is to notify you.

Please boot into safe mode and attempt to run these suggestions

Go to run,type: cmd
In cmd type:
chkntfs /xC:

This stops the chk disk.CHKDSK



Remove the Chkdsk.exe or the Autochk.exe program from Scheduled Tasks

Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Scheduled Tasks.
Click either Chkdsk or Autochk in the list of scheduled tasks.
Under Folder Tasks, click Delete this item.


Method 2: Check the Session Manager registry entry
Follow these steps, and then quit Registry Editor:

Click Start, click Run, type regedit, and then click OK.
Locate and then click the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\BootExecute
On the Edit menu, click Modify.
Type autocheck autochk *, and then press ENTER.

https://support.microsoft.com/en-us/kb/831426

bbmoon
2016-01-07, 07:06
I got the CHKDSK problem cleared. But, still experiencing same multiple problems.

I have combofix loaded on desktop. I tried to run Combofix, but had multiple failures. I have attached some of the error messages as photos (also crashes, memory dumps and freezes). Tried to run Combofix in Safe Mode and got similar failures. Tried to go back and run the SFC.EXE /SCANNOW and now it will not run.

At one reboot, I did see a pop up message from SpyBot SD about a malious file detected but it did not show itself long. Since I was unable to get the other suggestions running, I thought I would try a SpyBot scan and it appeared to be working. I ran out of time and had to leave computer with it running with SpyBot scan going and will check it in the morning.

Wow, this is a challenge.

Having trouble uploading photos to forum from iPad. Will send error photos from PC later.

Thanks for helping.

Juliet
2016-01-07, 15:48
Man, we're up the creek if this is pointing to hardware failure. Also, some or most of the tools we use for diagnosing is mostly for newer operating systems.

What Spybot could have been pointing to is not a known infection that in the past causes this much corruption. Sometimes it reports items located in temp files and other locations which can also be in quarantine folders. And again, I can be completely wrong.

Let's try

Disable antivirus and SpyBot, let's make sure those applications are not interfering.


Please download Farbar Service Scanner (http://www.bleepingcomputer.com/download/farbar-service-scanner/) and run it on the computer.

Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

~~~~~~~~~~~~~~~~~~~`

Please download the Event Viewer Tool by Vino Rosso
http://images.malwareremoval.com/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

If one doesn't work please go to the next.

~~~~~~~~~~~~~~~~~~~~`

Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

Juliet
2016-01-07, 15:50
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit

Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png


Please click by the introduction screen on the Next button to continue.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2update_zpsf85fca28.png


Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png


When the update has finished, click on the Next button.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png


Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png


When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.



There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.

For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.


The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.

bbmoon
2016-01-07, 19:10
Thanks for the next round of help. I have not got to work on the new suggestions yet.

See attached photos of my error messages from yesterday.

Thanks

12457
12458
12459
12460
12461

bbmoon
2016-01-07, 20:26
I ran these while in Safe Mode.


Farbar Service Scanner Version: 03-01-2016
Ran by Office (administrator) on 07-01-2016 at 12:06:46
Running from "C:\Documents and Settings\Office\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


System Restore:
============

System Restore Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000008000000090000000600000007000000
IpSec Tag value is correct.

**** End of log ****



Vino's Event Viewer v01c run on Windows XP in English
Report run at 07/01/2016 12:10:45 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/01/2016 12:07:34 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Log: 'System' Date/Time: 07/01/2016 12:07:19 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswVmm Fips intelppm

Log: 'System' Date/Time: 07/01/2016 12:06:15 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 07/01/2016 12:04:20 PM
Type: error Category: 102
Event: 1003 Source: System Error
Error code 0000001a, parameter1 00041284, parameter2 0583c001, parameter3 000010c2, parameter4 c0883000.

Log: 'System' Date/Time: 07/01/2016 12:04:19 PM
Type: error Category: 102
Event: 1003 Source: System Error
Error code 1000008e, parameter1 c0000005, parameter2 8054bfcb, parameter3 b3a93968, parameter4 00000000.

Log: 'System' Date/Time: 07/01/2016 12:04:15 PM
Type: error Category: 102
Event: 1003 Source: System Error
Error code 1000008e, parameter1 c0000005, parameter2 8054bcc7, parameter3 b2c4051c, parameter4 00000000.

Log: 'System' Date/Time: 07/01/2016 12:02:07 PM
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The Automatic Updates service hung on starting.

Log: 'System' Date/Time: 07/01/2016 12:01:12 PM
Type: error Category: 102
Event: 1003 Source: System Error
Error code 10000050, parameter1 e112d818, parameter2 00000000, parameter3 806203ba, parameter4 00000001.

Log: 'System' Date/Time: 07/01/2016 12:00:57 PM
Type: error Category: 102
Event: 1003 Source: System Error
Error code 10000050, parameter1 e10a0010, parameter2 00000001, parameter3 8054c0d1, parameter4 00000001.

Log: 'System' Date/Time: 07/01/2016 12:00:55 PM
Type: error Category: 102
Event: 1003 Source: System Error
Error code 1000008e, parameter1 c0000005, parameter2 8060e28f, parameter3 b3859914, parameter4 00000000.

Log: 'System' Date/Time: 07/01/2016 12:00:53 PM
Type: error Category: 102
Event: 1003 Source: System Error
Error code 00000024, parameter1 001902fe, parameter2 b28ce540, parameter3 b28ce23c, parameter4 b7e7fe4d.

Log: 'System' Date/Time: 07/01/2016 12:00:21 PM
Type: error Category: 102
Event: 1003 Source: System Error
Error code 1000008e, parameter1 c0000005, parameter2 b432685c, parameter3 b3108990, parameter4 00000000.

Log: 'System' Date/Time: 07/01/2016 12:00:14 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SSPORT service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 07/01/2016 12:00:14 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The DgiVecp service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 07/01/2016 12:00:02 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\WINDOWS\WindowsShell.Manifest. Reference error message: The operation completed successfully. .

Log: 'System' Date/Time: 07/01/2016 12:00:01 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: The system cannot find the path specified. .

Log: 'System' Date/Time: 07/01/2016 11:57:09 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SSPORT service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 07/01/2016 11:57:09 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The DgiVecp service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 07/01/2016 11:55:54 AM
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The Automatic Updates service hung on starting.

Log: 'System' Date/Time: 07/01/2016 11:54:03 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SSPORT service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2016-01-07, 22:01
https://support.microsoft.com/en-us/kb/317277
You receive a "System Has Recovered from a Serious Error" message scroll down to Workaround

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

All the errors but one are related to ComboFix

Open Task Manager and look for the following
GREP.exe
PEV.exe
any file that has the extension *.3XE

One at a time, right-click and select End Process.

Application corrupt, means your download was no good. Either it was not complete or it was partially blocked.

The last photo was a picture of ComboFix trying to run.....

Delete the one you have now, try to download it again.


Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

Place ComboFix.exe on your Desktop <--Important
[LIST]
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------

Juliet
2016-01-08, 02:14
Forgot to post info for errors found in the Vino's Event Viewer

The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswVmm Fips intelppm

aswRvrt aswSnx aswSP aswVmm <-- antivirus. Were you in safe mode when running the tool? I think your were and have you seen any problems while using AVAST?
Does this Avast also include internet security as in firewall too?

intelppm <-- seems to be an intel processor driver

fips is also a windows core driver

bbmoon
2016-01-14, 01:08
Sorry for slow response, I am temporarily out of town and away from the computer.

I will try you latest suggestions as soon as I am back

Juliet
2016-01-14, 01:14
Was worried about you, so glad you posted.

bbmoon
2016-01-26, 19:42
I have removed the old Combofix and downloaded a copy to a USB drive from another computer and then copied from the USB drive to the problem computer.

Is it ok to run Combofix from Safe Mode, I thinking it will run in Safe Mode? The computer in Normal Mode is not stable enough to run Combofix. Things keep crashing. I did get Combofix running for a short time but it crashed pretty quickly.

I have attached some new photos of error messages I got while attempting to run Combofix. Most of the time the computer crashed before I ever had a chance to even run Combofix.

Juliet
2016-01-26, 23:05
Is it ok to run Combofix from Safe Mode
Yes it is

From the error messages I think there are some driver issues

disk space seems to be an issue

IMAPI imaging service is necessary to burn CD/DVDs
found in misconfig, if there and listed as "stopped" enabled it.

Juliet
2016-02-04, 01:06
Still need help?

Juliet
2016-02-06, 17:06
still with me?

Juliet
2016-03-03, 01:16
Since this issue appears resolved ... this Topic is closed.