PDA

View Full Version : Spybot will not scan anymore. Help requested.



Strato1
2016-04-28, 20:11
Hi. My registered version of Spybot has just recently started acting up. The scan button has become an inactive icon with 3 dots instead of 'scan' on it. So I can't run any scans. It also says I haven't run a scan for over 50 days which is not correct. Would be more like 10 - 15 days ago. Additionally, updating sometimes takes a few go's before saying it's successful and the Immunization progress bar has disappeared. I have read the Malware removal thread and generated the reports as instructed. Please help!

Results are copied below:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-04-2016
Ran by Administrator (administrator) on HP-1AC38496D8C6 (29-04-2016 02:03:37)
Running from C:\Documents and Settings\Administrator\Desktop\Furbar
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Acresso Corporation) C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Intel) C:\Program Files\Intel\AMT\LMS.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Acresso Corporation) C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [570664 2008-07-09] (Nero AG)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16871936 2008-06-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [404288 2007-01-10] (Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7391632 2016-04-29] (AVAST Software)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-343818398-583907252-842925246-500\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-06-24] (Nero AG)
HKU\S-1-5-21-343818398-583907252-842925246-500\...\Run: [ISUSPM] => C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe [222496 2010-11-17] (Acresso Corporation)
HKU\S-1-5-21-343818398-583907252-842925246-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6675672 2016-04-16] (Piriform Ltd)
HKU\S-1-5-21-343818398-583907252-842925246-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-343818398-583907252-842925246-500\...\MountPoints2: {3c23e4cf-2530-11e1-854d-806d6172696f} - D:\AutoRun.exe
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => No File
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-04-29] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2012-04-03]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-343818398-583907252-842925246-500] => Proxy is enabled.
ProxyServer: [S-1-5-21-343818398-583907252-842925246-500] => localhost:21320
AutoConfigURL: [S-1-5-21-343818398-583907252-842925246-500] => localhost:21320
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{B4C60E7B-3E45-4949-BEDB-E5F8F136E2C9}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-343818398-583907252-842925246-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
HKU\S-1-5-21-343818398-583907252-842925246-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/?gws_rd=ssl
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {9DE01FD3-7964-4314-A72C-720A0613A71A} URL = hxxps://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {AE37FC0C-DACD-4948-833C-541422D9ED26} URL = hxxp://www.ant.com/search?s=browser&q={searchTerms}
SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_au&p={searchTerms}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-25] (AVAST Software)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-343818398-583907252-842925246-500 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxps://h50203.www5.hp.com/WCLWeb/cabs/HPISDataManager.CAB
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
DPF: {A487136E-913C-11D7-B6F7-0002B310AC06} hxxp://usqwcprod.netspot.com.au/util/HZLA1010.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1403596507&from=epom&uid=SAMSUNGXHD103SI_S1VSJ90Z801931

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files\PDFlite\npPdfViewer.dll [2014-02-27] (Simon Bünzli)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll [2012-08-22] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-03-05] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-29]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-29]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com.au/
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-28]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-28]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-28]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-28]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-29]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-28]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-28]
CHR HKLM\...\Chrome\Extension: [bkpdbnikbinamgnlpdocdofjnoplcpji] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bkpdbnikbinamgnlpdocdofjnoplcpji.crx <not found>
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-25]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx <not found>
CHR HKU\S-1-5-21-343818398-583907252-842925246-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bkpdbnikbinamgnlpdocdofjnoplcpji] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bkpdbnikbinamgnlpdocdofjnoplcpji.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [183112 2007-01-10] (Intel Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-29] (AVAST Software)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2010-11-16] (Nuance Communications, Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-02-25] (Hewlett-Packard Company) [File not signed]
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [98304 2006-12-06] (Intel) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-04-29] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-04-29] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-04-29] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-04-29] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-04-29] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [815792 2016-04-29] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [449640 2016-04-29] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [187208 2016-04-29] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [67216 2016-04-29] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [221368 2016-04-29] (AVAST Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S3 HPx9G+; C:\WINDOWS\System32\DRIVERS\HPx9G2k.sys [25528 2009-11-13] (Hewlett Packard Development LLC)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2008-07-23] (Infineon Technologies AG)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30816 2008-05-23] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S4 IntelIde; no ImagePath
S3 JL2005C; System32\Drivers\jl2005c.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-29 02:03 - 2016-04-29 02:03 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Furbar
2016-04-29 01:56 - 2016-04-29 02:03 - 00000000 ____D C:\FRST
2016-04-29 01:50 - 2016-04-29 01:50 - 00000000 ____D C:\RegBackup
2016-04-29 01:49 - 2016-04-29 01:50 - 00017482 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-04-29 01:49 - 2016-04-29 01:49 - 00001876 _____ C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
2016-04-29 01:49 - 2016-04-29 01:49 - 00000000 ____D C:\Program Files\Tweaking.com
2016-04-29 01:49 - 2016-04-29 01:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2016-04-29 01:19 - 2016-04-29 01:19 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Pro Antivirus.lnk
2016-04-29 01:19 - 2016-04-29 01:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2016-04-29 01:16 - 2016-04-29 01:16 - 00334280 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-04-29 01:16 - 2016-04-29 01:16 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-04-28 11:13 - 2016-04-28 11:13 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-04-25 20:31 - 2016-04-29 01:22 - 00000474 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1461580294.job
2016-04-25 20:31 - 2016-04-25 20:31 - 00000756 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-25 20:31 - 2016-04-25 20:31 - 00000756 _____ C:\Documents and Settings\All Users\Desktop\Avast SafeZone Browser.lnk
2016-04-06 00:30 - 2016-03-25 22:38 - 00451567 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160406-003044.backup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-29 02:04 - 2010-03-26 09:45 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-04-29 01:33 - 2014-08-17 23:39 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-04-29 01:27 - 2014-04-17 14:01 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-04-29 01:23 - 2014-08-17 23:39 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-04-29 01:23 - 2003-04-01 00:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-04-29 01:22 - 2015-08-29 10:47 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-29 01:22 - 2014-03-29 15:01 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-04-29 01:22 - 2010-03-26 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-29 01:18 - 2010-03-26 01:27 - 00000000 ___HD C:\WINDOWS\inf
2016-04-29 01:16 - 2016-03-23 18:23 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-04-29 01:16 - 2015-07-29 12:03 - 00187208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2016-04-29 01:16 - 2014-05-11 10:38 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-04-29 01:16 - 2014-04-17 14:01 - 00815792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-04-29 01:16 - 2014-04-17 14:01 - 00449640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-04-29 01:16 - 2014-04-17 14:01 - 00221368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-04-29 01:16 - 2014-04-17 14:01 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-04-29 01:16 - 2014-04-17 14:01 - 00067216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2016-04-29 01:16 - 2014-04-17 14:01 - 00064272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2016-04-29 01:16 - 2014-04-17 14:01 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-04-29 01:15 - 2012-03-05 19:41 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Outlook Files
2016-04-29 01:12 - 2012-03-13 14:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2016-04-29 01:09 - 2015-08-29 10:47 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-29 01:09 - 2010-03-26 09:45 - 00032574 _____ C:\WINDOWS\SchedLgU.Txt
2016-04-28 21:29 - 2016-03-13 04:22 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Azureus
2016-04-28 21:29 - 2010-03-26 09:45 - 00000000 ____D C:\Documents and Settings\Administrator
2016-04-28 14:48 - 2012-02-13 10:12 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2016-04-28 14:48 - 2010-03-26 09:45 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-04-28 11:13 - 2012-03-06 18:55 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2016-04-28 11:12 - 2012-03-06 18:55 - 00000000 ____D C:\Program Files\Google
2016-04-28 10:55 - 2012-04-06 00:43 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Vuze Downloads
2016-04-28 10:43 - 2014-11-15 11:52 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Azureus
2016-04-28 10:39 - 2010-03-26 01:27 - 00000000 ____D C:\WINDOWS\Network Diagnostic
2016-04-28 10:20 - 2012-03-05 19:26 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\CCleaner Backups
2016-04-28 10:19 - 2012-02-13 10:08 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2016-04-25 22:47 - 2012-07-09 09:02 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2016-04-25 22:24 - 2014-06-25 17:49 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-04-25 19:43 - 2010-03-26 09:45 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2016-04-25 19:42 - 2012-11-29 20:59 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Paint.NET
2016-04-25 19:37 - 2010-03-26 09:37 - 00000000 ____D C:\WINDOWS\Registration
2016-04-25 14:06 - 2014-04-18 19:45 - 00000000 ____D C:\Program Files\7-Zip
2016-04-25 14:06 - 2014-04-18 19:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2016-04-21 11:13 - 2012-03-06 10:33 - 00137728 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-16 04:26 - 2012-02-13 10:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-04-16 03:03 - 2012-02-13 10:12 - 132539272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 19:33 - 2012-03-05 19:29 - 00000000 ____D C:\BBasics1
2016-04-13 19:33 - 2012-03-05 19:27 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\MYOB Backup
2016-04-13 19:30 - 2012-03-05 19:29 - 00000181 _____ C:\WINDOWS\MYOBP.INI
2016-04-13 19:30 - 2012-03-05 19:29 - 00000041 _____ C:\WINDOWS\MYOB.INI
2016-04-11 10:47 - 2012-03-13 15:55 - 00001514 _____ C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
2016-04-11 10:46 - 2012-03-13 14:34 - 00002539 _____ C:\Documents and Settings\All Users\Desktop\Dragon NaturallySpeaking 11.0.lnk
2016-04-06 00:30 - 2014-08-17 23:39 - 00000618 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job

==================== Files in the root of some directories =======

2016-03-13 03:55 - 2016-03-13 03:56 - 0000000 _____ () C:\Program Files\TempWmicBatchFile.bat
2013-01-15 19:27 - 2013-01-15 19:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2012-08-12 03:15 - 2012-08-12 11:09 - 0000607 _____ () C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
2012-07-27 11:12 - 2013-11-24 16:47 - 0000042 _____ () C:\Documents and Settings\Administrator\Application Data\default.pls
2012-03-13 15:55 - 2016-04-11 10:47 - 0001514 _____ () C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
2015-10-21 16:09 - 2015-10-21 16:09 - 0000664 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.tmp
2012-03-06 10:33 - 2016-04-21 11:13 - 0137728 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\setup.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-04-2016
Ran by Administrator (2016-04-29 02:04:47)
Running from C:\Documents and Settings\Administrator\Desktop\Furbar
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-03-25 23:42:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-343818398-583907252-842925246-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-343818398-583907252-842925246-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-343818398-583907252-842925246-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-343818398-583907252-842925246-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (HKLM\...\{23170F69-40C1-2701-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
Adobe Flash Player 9 ActiveX (HKLM\...\ShockwaveFlash) (Version: 9 - Adobe Systems)
Any Video Converter 5.9.1 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Avast Pro Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
BigPond Broadband ADSL (HKLM\...\{2A36014E-DF1D-4840-A209-3185B17BFC71}) (Version: 11.0 - BigPond)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
DivXLand Bitrate Calculator (HKLM\...\DivXLand Bitrate Calculator) (Version: - )
Dragon NaturallySpeaking 11 (HKLM\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
Embedded Security for HP ProtectTools Driver (Version: 5.5.100 - Hewlett-Packard) Hidden
Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 4.30 - Philipp Winterberg)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Product Detection (HKLM\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.4 - Hewlett-Packard)
HP48g,49g,50g series Calculator Connectivity Kit (HKLM\...\HP48g,49g,50g series Calculator Connectivity Kit) (Version: 2.3 Build 2439 - Hewlett-Packard)
Inkscape 0.48.2 (HKLM\...\Inkscape) (Version: 0.48.2 - )
Intel(R) Active Management Technology LMS Service and SOL Driver (HKLM\...\MESOL) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - )
Intel(R) Network Connections 13.1.33.0 (HKLM\...\{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}) (Version: 13.1.33.0 - Intel)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
K-Lite Codec Pack 8.4.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.4.0 - )
LightScribe System Software (HKLM\...\{8BA510D1-045B-4E1A-AF52-2282BBF69D5D}) (Version: 1.18.2.1 - LightScribe)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MYOB BusinessBasics v1 (HKLM\...\InstallShield_{A06176AF-7494-4B29-BE74-F01323AD3233}) (Version: 1 - MYOB Technology Pty Ltd)
MYOB BusinessBasics v1 (Version: 1 - MYOB Technology Pty Ltd) Hidden
Nero 8 Essentials (HKLM\...\{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91033}) (Version: 8.3.569 - Nero AG)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC)
PDFlite 2.0.0.0 (HKLM\...\PDFlite) (Version: 2.0.0.0 - Amnis Technology Ltd)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5645 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
System Requirements Lab for Intel (HKLM\...\{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}) (Version: 4.5.5.0 - Husdawg, LLC)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.1.0 - Azureus Software, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131) (HKLM\...\8ABEA6D4578549FADD34471076DFC5C22976C6D9) (Version: 09/23/2008 3.0.0.131 - Atheros)
Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7) (HKLM\...\EDE780BB5DCF2C3476C105BAE4CC1175516E9173) (Version: 02/22/2005 3.1.1.7 - NETGEAR)
Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007) (HKLM\...\0D5BC5DD5940677F9B5623C12951388F5EF72436) (Version: 02/07/2007 5.1283.0207.2007 - NETGEAR Inc.)
Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3) (HKLM\...\84261EAEDFA5240ACFFEDFB145134E295B649795) (Version: 02/16/2004 1.0.0.3 - Thomson)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
XviD MPEG4 Video Codec (remove only) (HKLM\...\XviD MPEG4 Video Codec) (Version: - )
YTD Video Downloader 5.1.0 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.1.0 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-343818398-583907252-842925246-500_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\PDFlite\PdfPreview.dll (Simon Bünzli)
CustomCLSID: HKU\S-1-5-21-343818398-583907252-842925246-500_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\PDFlite\PdfFilter.dll (Simon Bünzli)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job.bak => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job.bak => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-583907252-842925246-500Core.job.bak => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-583907252-842925246-500UA.job.bak => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1461580294.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-22 01:48 - 2016-04-29 01:16 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-22 01:48 - 2016-04-29 01:16 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-29 01:17 - 2016-04-29 01:17 - 02891264 _____ () C:\Program Files\AVAST Software\Avast\defs\16042801\algo.dll
2016-04-15 16:21 - 2016-04-29 01:16 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-18 01:18 - 2016-04-29 01:16 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2014-08-17 23:39 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-17 23:39 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-18 00:13 - 2013-08-26 22:12 - 00116224 _____ () C:\WINDOWS\system32\redmonnt.dll
2015-03-15 10:06 - 2015-12-18 01:19 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-17 23:39 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-22 11:52 - 2014-06-04 10:21 - 00571904 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-12-22 11:52 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-08-17 23:39 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2012-04-23 10:54 - 2010-08-26 17:48 - 00285152 _____ () C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
2012-04-23 10:54 - 2010-07-09 16:38 - 00286720 _____ () C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
2008-04-14 14:41 - 2008-04-14 14:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 14:42 - 2008-04-14 14:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0FF263E8 [486]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7888 more sites.

IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\123simsen.com -> www.123simsen.com

There are 7888 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-04-01 00:00 - 2016-04-06 00:30 - 00451855 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 IntelAMT.intel.com127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 15502 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-343818398-583907252-842925246-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: DNS7reminder => "C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking11\Ereg.ini"
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe] => :LocalSubNet:Enabled:HP Device Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Vuze\Azureus.exe] => Enabled:Azureus / Vuze
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Disabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [123:UDP] => Enabled:NTP Port
StandardProfile\GloballyOpenPorts: [51001:TCP] => Enabled:Dragon Smart Phone Server
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Restore Points =========================

01-02-2016 18:25:11 System Checkpoint
04-02-2016 19:48:09 System Checkpoint
05-02-2016 20:20:47 System Checkpoint
09-02-2016 11:24:33 System Checkpoint
11-02-2016 10:52:19 Software Distribution Service 3.0
11-02-2016 14:35:33 Software Distribution Service 3.0
11-02-2016 23:53:55 Software Distribution Service 3.0
13-02-2016 12:32:38 System Checkpoint
16-02-2016 23:10:20 System Checkpoint
21-02-2016 10:20:59 Installed Windows XP Wdf01009.
23-02-2016 13:56:16 System Checkpoint
27-02-2016 22:45:53 System Checkpoint
29-02-2016 12:18:45 System Checkpoint
02-03-2016 09:07:51 System Checkpoint
03-03-2016 22:05:06 System Checkpoint
05-03-2016 09:40:35 System Checkpoint
08-03-2016 09:11:09 System Checkpoint
09-03-2016 16:30:54 System Checkpoint
10-03-2016 23:33:32 System Checkpoint
11-03-2016 02:54:32 Software Distribution Service 3.0
13-03-2016 04:00:40 Removed Nokia Connectivity Cable Driver
13-03-2016 04:03:51 Removed PC Connectivity Solution
17-03-2016 20:38:31 Software Distribution Service 3.0
23-03-2016 19:35:10 System Checkpoint
28-03-2016 15:29:29 System Checkpoint
31-03-2016 15:58:30 System Checkpoint
05-04-2016 22:42:34 System Checkpoint
09-04-2016 13:12:54 System Checkpoint
10-04-2016 20:56:47 System Checkpoint
13-04-2016 19:53:50 System Checkpoint
15-04-2016 16:25:16 Software Distribution Service 3.0
16-04-2016 03:00:56 Software Distribution Service 3.0
16-04-2016 04:24:24 Software Distribution Service 3.0
18-04-2016 16:16:58 System Checkpoint
19-04-2016 17:11:42 System Checkpoint
20-04-2016 17:35:40 System Checkpoint
21-04-2016 17:53:40 System Checkpoint
25-04-2016 15:52:10 System Checkpoint
25-04-2016 20:27:50 Installed Windows XP Wdf01009.
28-04-2016 16:23:00 System Checkpoint
29-04-2016 01:19:23 Installed Windows XP Wdf01009.

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2016 07:03:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application ytd.exe, version 5.1.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/22/2016 11:01:17 AM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog


System errors:
=============
Error: (04/29/2016 01:23:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (04/29/2016 01:22:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (04/29/2016 01:22:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (04/29/2016 01:22:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (04/29/2016 01:22:17 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000043HarddiskVolume1

Error: (04/28/2016 03:55:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (04/28/2016 03:55:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (04/28/2016 03:55:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (04/28/2016 03:55:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (04/28/2016 09:25:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 57%
Total physical RAM: 2031.23 MB
Available physical RAM: 856.64 MB
Total Virtual: 3924.07 MB
Available Virtual: 2644.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:586.88 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 8A0E2576)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-04-29 02:26:52
-----------------------------
02:26:52.453 OS Version: Windows 5.1.2600 Service Pack 3
02:26:52.453 Number of processors: 2 586 0xF06
02:26:52.453 ComputerName: HP-1AC38496D8C6 UserName: Administrator
02:26:54.343 Initialize success
02:26:54.343 VM: initialized successfully
02:26:54.343 VM: Intel CPU BiosDisabled
02:26:57.781 AVAST engine defs: 16042801
02:27:29.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
02:27:29.734 Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 3
02:27:29.921 Disk 0 MBR read successfully
02:27:29.921 Disk 0 MBR scan
02:27:29.953 Disk 0 Windows XP default MBR code
02:27:29.984 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953868 MB offset 2048
02:27:30.000 Disk 0 default boot code
02:27:30.234 Disk 0 scanning sectors +1953523712
02:27:30.796 Disk 0 scanning C:\WINDOWS\system32\drivers
02:27:39.203 Service scanning
02:27:52.625 Modules scanning
02:27:52.687 Disk 0 trace - called modules:
02:27:52.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
02:27:52.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a530ab8]
02:27:52.781 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000064[0x8a5a69e8]
02:27:52.781 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x8a54bd98]
02:27:55.406 AVAST engine scan C:\WINDOWS
02:28:01.953 AVAST engine scan C:\WINDOWS\system32
02:34:24.375 AVAST engine scan C:\WINDOWS\system32\drivers
02:35:21.562 AVAST engine scan C:\Documents and Settings\Administrator
03:01:57.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\Furbar\MBR.dat"
03:01:57.828 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\Furbar\aswMBR.txt"

Juliet
2016-04-28, 23:22
According to listed errors you might be having trouble with Keyboard and mouse ports or they need updated drivers.

Are you using SpyBot's proxy settings?, also it appears SpyBot is having connection problems.
~~~~~~~~~~~~~~`

Please uninstall/remove
YTD Video Downloader 5.1.0 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.1.0 - GreenTree Applications SRL) <==== ATTENTION

~~~~~~~~~~~~~~~~~~`

Running from C:\Documents and Settings\Administrator\Desktop\Furbar

It's best we move Farbar's to desktop.

Please go to your C:\Documents and Settings\Administrator\Desktop\Furbar, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {9DE01FD3-7964-4314-A72C-720A0613A71A} URL = hxxps://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {AE37FC0C-DACD-4948-833C-541422D9ED26} URL = hxxp://www.ant.com/search?s=browser&q={searchTerms}
SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_au&p={searchTerms}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-343818398-583907252-842925246-500 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1403596507&from=epom&uid=SAMSUNGXHD103SI_S1VSJ90Z801931
CHR HKLM\...\Chrome\Extension: - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bkpdbnikbinamgnlpdocdofjnoplcpji.crx <not found>
CHR HKLM\...\Chrome\Extension: - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx <not found>
CHR HKU\S-1-5-21-343818398-583907252-842925246-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bkpdbnikbinamgnlpdocdofjnoplcpji] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bkpdbnikbinamgnlpdocdofjnoplcpji.crx <not found>
S4 IntelIde; no ImagePath
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0FF263E8 [486]
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

http://i.imgur.com/BY4dvz9.png [b]AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

[b]-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.




======================================================



Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~~~
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt

Strato1
2016-05-02, 05:52
Thank you for your quick response and support. I have been away for work and have not had time to perform your suggested procedure yet. I intend to get this done by tomorrow and will post you the results.

Kind regards and many thanks for your help so far.

Strato1
2016-05-02, 06:53
Hi. I have now completed all the steps you have outlined for me. Report logs are attached.

Fix result of Farbar Recovery Scan Tool (x86) Version:27-04-2016
Ran by Administrator (2016-05-02 13:07:18) Run:3
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {9DE01FD3-7964-4314-A72C-720A0613A71A} URL = hxxps://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {AE37FC0C-DACD-4948-833C-541422D9ED26} URL = hxxp://www.ant.com/search?s=browser&q={searchTerms}
SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_au&p={searchTerms}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-343818398-583907252-842925246-500 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1403596507&from=epom&uid=SAMSUNGXHD103SI_S1VSJ90Z801931
CHR HKLM\...\Chrome\Extension: [bkpdbnikbinamgnlpdocdofjnoplcpji] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bkpdbnikbinamgnlpdocdofjnoplcpji.crx <not found>
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx <not found>
CHR HKU\S-1-5-21-343818398-583907252-842925246-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bkpdbnikbinamgnlpdocdofjnoplcpji] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bkpdbnikbinamgnlpdocdofjnoplcpji.crx <not found>
S4 IntelIde; no ImagePath
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0FF263E8 [486]
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
"C:\PROGRA~1\SupTab\SEARCH~1.DLL" => Value data not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\S-1-5-21-343818398-583907252-842925246-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9DE01FD3-7964-4314-A72C-720A0613A71A} => key not found.
HKCR\CLSID\{9DE01FD3-7964-4314-A72C-720A0613A71A} => key not found.
HKU\S-1-5-21-343818398-583907252-842925246-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE37FC0C-DACD-4948-833C-541422D9ED26} => key not found.
HKCR\CLSID\{AE37FC0C-DACD-4948-833C-541422D9ED26} => key not found.
HKU\S-1-5-21-343818398-583907252-842925246-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value not found.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\S-1-5-21-343818398-583907252-842925246-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value not found.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKCR\PROTOCOLS\Handler\livecall => key not found.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
HKCR\PROTOCOLS\Handler\msnim => key not found.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => key not found.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\bkpdbnikbinamgnlpdocdofjnoplcpji => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma => key not found.
HKU\S-1-5-21-343818398-583907252-842925246-500\SOFTWARE\Google\Chrome\Extensions\bkpdbnikbinamgnlpdocdofjnoplcpji => key not found.
IntelIde => service not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":0FF263E8" ADS not found.

========= ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


========= netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.


========= End of CMD: =========


========= netsh int ipv4 reset =========

The following command was not found: int ipv4 reset.

========= End of CMD: =========


========= netsh int ipv6 reset =========

IPv6 is not installed.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 647.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:07:55 ====


# AdwCleaner v5.115 - Logfile created 02/05/2016 at 13:27:58
# Updated 01/05/2016 by Xplode
# Database : 2016-05-01.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (X86)
# Username : Administrator - HP-1AC38496D8C6
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Browse2Save
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\IePluginServices
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\RightClick
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\WindowsProtectManger
[#] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Browse2save
[-] Folder Deleted : C:\Program Files\GreenTree Applications
[-] Folder Deleted : C:\Program Files\SearchProtect

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3281024
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\SearchProtect
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\madFlac
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\supWindowsProtectManger
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WindowsProtectManger

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4186 bytes] - [02/05/2016 13:27:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [4472 bytes] - [02/05/2016 13:15:03]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4332 bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Microsoft Windows XP x86
Ran by Administrator (Administrator) on Mon 02/05/2016 at 13:38:59.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11

Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2KZ81YE0 (Temporary Internet Files Folder)
Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\J20EBXEG (Temporary Internet Files Folder)
Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JLNQ0TNU (Temporary Internet Files Folder)
Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XD8VPX2H (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\nico mak computing (Folder)
Successfully deleted: C:\user.js (File)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2KZ81YE0 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\J20EBXEG (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JLNQ0TNU (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XD8VPX2H (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/05/2016 at 13:41:35.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2016-05-02, 12:11
Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php)


Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.




Also, can you tell me what the computer is doing now?

Strato1
2016-05-02, 13:38
Next lot of procedures are done. Results below.


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/05/2016
Scan Time: 7:41:31 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.02.01
Rootkit Database: v2016.04.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 302553
Time Elapsed: 16 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.SearchProtect.AppFlsh, HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CLTMNGSVC, Quarantined, [59c05c75c8d1fe3817a1059727dded13],
PUP.Optional.IEPluginServices, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Quarantined, [c45500d13366d264690fed4e6f9504fc],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
PUP.Optional.InstallCore, C:\Documents and Settings\Administrator\My Documents\Downloads\Unconfirmed 868099.crdownload, Quarantined, [d04922aff8a1c175b65416d1946df709],
PUP.Optional.OpenCandy, C:\Documents and Settings\Administrator\My Documents\Downloads\wzdrvupdt.exe, Quarantined, [30e92ba6257459ddee0dc59f7a8b9f61],
PUP.Optional.InstallCore, C:\Documents and Settings\Administrator\My Documents\Downloads\installer.exe, Quarantined, [bc5da62bb8e176c0cd3d2fb82cd50ff1],
PUP.Optional.InstallCore, C:\Documents and Settings\Administrator\My Documents\Downloads\setup-pdflite-2.exe, Quarantined, [15048849d3c6cb6b44239ad7e1200ef2],
PUP.Optional.SofTonic, C:\Documents and Settings\Administrator\My Documents\Downloads\SoftonicDownloader_for_lyrics-plugin-for-windows-media-player.exe, Quarantined, [c8510cc5a5f40b2b989fdd7846bb1ce4],

Physical Sectors: 0
(No malicious items detected)


(end)

Strato1
2016-05-02, 13:48
Hi. Immunization & system scan still not working correctly.

Juliet
2016-05-02, 20:31
Hi. Immunization & system scan still not working correctly.

After we see the machine is clear and free of malware I'll send you to another forum here that helps with SpyBot.

How is the computer now?


What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.



http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://i.imgur.com/KN1w2nv.png and click http://i.imgur.com/SzOC1p0.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

Strato1
2016-05-03, 05:50
Hi. Thanks for your continued support.

The computer is functioning stably and maybe a touch faster now. So far, everything is still working properly as far as I can tell.

Have completed the Eset instructions given. Results below.


C:\AdwCleaner\FileQuarantine\C\Documents and Settings\All Users\Application Data\Browse2Save\511a40fd9ca2b.dll.vir a variant of Win32/Adware.MultiPlug.I application
C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.7.0_45\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Documents and Settings\Administrator\My Documents\Downloads\av-sync.exe Win32/InstallMonetizer.AF potentially unwanted application
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BarowwsoeSave4.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip worm

Juliet
2016-05-03, 12:34
The computer is functioning stably and maybe a touch faster now

Good deal.

A few items are already held in quarantine so we'll leave those alone.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CreateRestorePoint:
CloseProcesses:
C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.7.0_45\java_sp.dll
C:\Documents and Settings\Administrator\My Documents\Downloads\av-sync.exe
EmptyTemp:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~`

Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, next we'll download the latest Java from the following link and install it:

http://i.imgur.com/VBJ9QO9.jpgJava
----------
Install Java:

Please go here to install Java (http://www.java.com/en/)

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close

See this page (http://www.java.com/en/download/help/5000020300.xml) for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked


Downloaded Applets
Downloaded Applications
Installed Applications and Applets


Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

----------

Important information regarding Windows XP
https://forums.whatthetech.com/index.php?showtopic=127901


~~~~~~~~~~~~~~~~~

Tell me what issues remain.

Strato1
2016-05-03, 14:19
All procedures completed. Could not open the information link for XP you provided at bottom of message. Error message came up: This site can’t provide a secure connection.

PC still seems to be working fine. Same symptoms for functioning of Spybot as previous. Thank you!

Fix result of Farbar Recovery Scan Tool (x86) Version:27-04-2016
Ran by Administrator (2016-05-03 20:51:58) Run:4
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal


==============================================


fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.7.0_45\java_sp.dll
C:\Documents and Settings\Administrator\My Documents\Downloads\av-sync.exe
EmptyTemp:
End
*****************


Restore point was successfully created.
Processes closed successfully.
C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.7.0_45\java_sp.dll => moved successfully
C:\Documents and Settings\Administrator\My Documents\Downloads\av-sync.exe => moved successfully
EmptyTemp: => 64.8 MB temporary data Removed.




The system needed a reboot.


==== End of Fixlog 20:52:36 ====

Juliet
2016-05-03, 15:26
Don't know whats up with that it opened fine for me.

try this link.

Windows XP - The Elephant In The Room (http://www.malwareremoval.com/forum/viewtopic.php?p=630064#p630064)


I think your good to go

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.

Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools


Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


~~~~~~~~~~~~`


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Strato1
2016-05-03, 16:41
Ok. Thanks for your help with all that.

My issue with Spybot still remains. How do I get that working properly again?

Juliet
2016-05-04, 00:17
Ok. Thanks for your help with all that.

My issue with Spybot still remains. How do I get that working properly again?

From here what we need to do:

Please go here to the Spybot forum to start a new topic:
https://forums.spybot.info/forumdisplay.php?4-Spybot

No logs needed but you can post a link to this topic where I have helped you.

Juliet
2016-05-06, 17:01
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.