Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Spybot will not scan anymore. Help requested.

  1. #1
    Junior Member
    Join Date
    Apr 2016
    Posts
    8

    Default Spybot will not scan anymore. Help requested.

    Hi. My registered version of Spybot has just recently started acting up. The scan button has become an inactive icon with 3 dots instead of 'scan' on it. So I can't run any scans. It also says I haven't run a scan for over 50 days which is not correct. Would be more like 10 - 15 days ago. Additionally, updating sometimes takes a few go's before saying it's successful and the Immunization progress bar has disappeared. I have read the Malware removal thread and generated the reports as instructed. Please help!

    Results are copied below:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-04-2016
    Ran by Administrator (administrator) on HP-1AC38496D8C6 (29-04-2016 02:03:37)
    Running from C:\Documents and Settings\Administrator\Desktop\Furbar
    Loaded Profiles: Administrator (Available Profiles: Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
    (Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
    (Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    (Acresso Corporation) C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Intel) C:\Program Files\Intel\AMT\LMS.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    () C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
    (Acresso Corporation) C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [570664 2008-07-09] (Nero AG)
    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16871936 2008-06-14] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [404288 2007-01-10] (Intel Corporation)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7391632 2016-04-29] (AVAST Software)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKU\S-1-5-21-343818398-583907252-842925246-500\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-06-24] (Nero AG)
    HKU\S-1-5-21-343818398-583907252-842925246-500\...\Run: [ISUSPM] => C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe [222496 2010-11-17] (Acresso Corporation)
    HKU\S-1-5-21-343818398-583907252-842925246-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6675672 2016-04-16] (Piriform Ltd)
    HKU\S-1-5-21-343818398-583907252-842925246-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-343818398-583907252-842925246-500\...\MountPoints2: {3c23e4cf-2530-11e1-854d-806d6172696f} - D:\AutoRun.exe
    HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
    AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => No File
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-04-29] (AVAST Software)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2012-04-03]
    ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-343818398-583907252-842925246-500] => Proxy is enabled.
    ProxyServer: [S-1-5-21-343818398-583907252-842925246-500] => localhost:21320
    AutoConfigURL: [S-1-5-21-343818398-583907252-842925246-500] => localhost:21320
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
    Tcpip\..\Interfaces\{B4C60E7B-3E45-4949-BEDB-E5F8F136E2C9}: [DhcpNameServer] 10.0.0.138

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-343818398-583907252-842925246-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
    HKU\S-1-5-21-343818398-583907252-842925246-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/?gws_rd=ssl
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {9DE01FD3-7964-4314-A72C-720A0613A71A} URL = hxxps://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {AE37FC0C-DACD-4948-833C-541422D9ED26} URL = hxxp://www.ant.com/search?s=browser&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_au&p={searchTerms}
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-25] (AVAST Software)
    BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-343818398-583907252-842925246-500 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxps://h50203.www5.hp.com/WCLWeb/cabs/HPISDataManager.CAB
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
    DPF: {A487136E-913C-11D7-B6F7-0002B310AC06} hxxp://usqwcprod.netspot.com.au/util/HZLA1010.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1403596507&from=epom&uid=SAMSUNGXHD103SI_S1VSJ90Z801931

    FireFox:
    ========
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files\PDFlite\npPdfViewer.dll [2014-02-27] (Simon Bünzli)
    FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll [2012-08-22] (RocketLife, LLP)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-03-05] [not signed]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-29]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-29]

    Chrome:
    =======
    CHR HomePage: Default -> hxxps://www.google.com.au/
    CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-28]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-28]
    CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-28]
    CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-28]
    CHR Extension: (Avast Online Security) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-29]
    CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-28]
    CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-28]
    CHR HKLM\...\Chrome\Extension: [bkpdbnikbinamgnlpdocdofjnoplcpji] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bkpdbnikbinamgnlpdocdofjnoplcpji.crx <not found>
    CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path\update_url>
    CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path\update_url>
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-25]
    CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx <not found>
    CHR HKU\S-1-5-21-343818398-583907252-842925246-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bkpdbnikbinamgnlpdocdofjnoplcpji] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bkpdbnikbinamgnlpdocdofjnoplcpji.crx <not found>

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [183112 2007-01-10] (Intel Corporation)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-29] (AVAST Software)
    R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2010-11-16] (Nuance Communications, Inc.)
    R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-02-25] (Hewlett-Packard Company) [File not signed]
    R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [98304 2006-12-06] (Intel) [File not signed]
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
    R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-04-29] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-04-29] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-04-29] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-04-29] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-04-29] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [815792 2016-04-29] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [449640 2016-04-29] (AVAST Software)
    R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [187208 2016-04-29] (AVAST Software)
    S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [67216 2016-04-29] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [221368 2016-04-29] (AVAST Software)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
    S3 HPx9G+; C:\WINDOWS\System32\DRIVERS\HPx9G2k.sys [25528 2009-11-13] (Hewlett Packard Development LLC)
    R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2008-07-23] (Infineon Technologies AG)
    S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30816 2008-05-23] (Intel Corporation )
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
    R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
    S4 IntelIde; no ImagePath
    S3 JL2005C; System32\Drivers\jl2005c.sys [X]
    S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
    S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
    U1 WS2IFSL; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-29 02:03 - 2016-04-29 02:03 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Furbar
    2016-04-29 01:56 - 2016-04-29 02:03 - 00000000 ____D C:\FRST
    2016-04-29 01:50 - 2016-04-29 01:50 - 00000000 ____D C:\RegBackup
    2016-04-29 01:49 - 2016-04-29 01:50 - 00017482 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2016-04-29 01:49 - 2016-04-29 01:49 - 00001876 _____ C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
    2016-04-29 01:49 - 2016-04-29 01:49 - 00000000 ____D C:\Program Files\Tweaking.com
    2016-04-29 01:49 - 2016-04-29 01:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
    2016-04-29 01:19 - 2016-04-29 01:19 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Pro Antivirus.lnk
    2016-04-29 01:19 - 2016-04-29 01:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
    2016-04-29 01:16 - 2016-04-29 01:16 - 00334280 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2016-04-29 01:16 - 2016-04-29 01:16 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2016-04-28 11:13 - 2016-04-28 11:13 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
    2016-04-25 20:31 - 2016-04-29 01:22 - 00000474 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1461580294.job
    2016-04-25 20:31 - 2016-04-25 20:31 - 00000756 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-04-25 20:31 - 2016-04-25 20:31 - 00000756 _____ C:\Documents and Settings\All Users\Desktop\Avast SafeZone Browser.lnk
    2016-04-06 00:30 - 2016-03-25 22:38 - 00451567 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160406-003044.backup

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-29 02:04 - 2010-03-26 09:45 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
    2016-04-29 01:33 - 2014-08-17 23:39 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
    2016-04-29 01:27 - 2014-04-17 14:01 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
    2016-04-29 01:23 - 2014-08-17 23:39 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
    2016-04-29 01:23 - 2003-04-01 00:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
    2016-04-29 01:22 - 2015-08-29 10:47 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-04-29 01:22 - 2014-03-29 15:01 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2016-04-29 01:22 - 2010-03-26 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-04-29 01:18 - 2010-03-26 01:27 - 00000000 ___HD C:\WINDOWS\inf
    2016-04-29 01:16 - 2016-03-23 18:23 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2016-04-29 01:16 - 2015-07-29 12:03 - 00187208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
    2016-04-29 01:16 - 2014-05-11 10:38 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2016-04-29 01:16 - 2014-04-17 14:01 - 00815792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2016-04-29 01:16 - 2014-04-17 14:01 - 00449640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2016-04-29 01:16 - 2014-04-17 14:01 - 00221368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2016-04-29 01:16 - 2014-04-17 14:01 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2016-04-29 01:16 - 2014-04-17 14:01 - 00067216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2016-04-29 01:16 - 2014-04-17 14:01 - 00064272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2016-04-29 01:16 - 2014-04-17 14:01 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2016-04-29 01:15 - 2012-03-05 19:41 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Outlook Files
    2016-04-29 01:12 - 2012-03-13 14:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
    2016-04-29 01:09 - 2015-08-29 10:47 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-04-29 01:09 - 2010-03-26 09:45 - 00032574 _____ C:\WINDOWS\SchedLgU.Txt
    2016-04-28 21:29 - 2016-03-13 04:22 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Azureus
    2016-04-28 21:29 - 2010-03-26 09:45 - 00000000 ____D C:\Documents and Settings\Administrator
    2016-04-28 14:48 - 2012-02-13 10:12 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
    2016-04-28 14:48 - 2010-03-26 09:45 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
    2016-04-28 11:13 - 2012-03-06 18:55 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
    2016-04-28 11:12 - 2012-03-06 18:55 - 00000000 ____D C:\Program Files\Google
    2016-04-28 10:55 - 2012-04-06 00:43 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Vuze Downloads
    2016-04-28 10:43 - 2014-11-15 11:52 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Azureus
    2016-04-28 10:39 - 2010-03-26 01:27 - 00000000 ____D C:\WINDOWS\Network Diagnostic
    2016-04-28 10:20 - 2012-03-05 19:26 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\CCleaner Backups
    2016-04-28 10:19 - 2012-02-13 10:08 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    2016-04-25 22:47 - 2012-07-09 09:02 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Media Player Classic
    2016-04-25 22:24 - 2014-06-25 17:49 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
    2016-04-25 19:43 - 2010-03-26 09:45 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
    2016-04-25 19:42 - 2012-11-29 20:59 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Paint.NET
    2016-04-25 19:37 - 2010-03-26 09:37 - 00000000 ____D C:\WINDOWS\Registration
    2016-04-25 14:06 - 2014-04-18 19:45 - 00000000 ____D C:\Program Files\7-Zip
    2016-04-25 14:06 - 2014-04-18 19:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
    2016-04-21 11:13 - 2012-03-06 10:33 - 00137728 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-04-16 04:26 - 2012-02-13 10:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2016-04-16 03:03 - 2012-02-13 10:12 - 132539272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-04-13 19:33 - 2012-03-05 19:29 - 00000000 ____D C:\BBasics1
    2016-04-13 19:33 - 2012-03-05 19:27 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\MYOB Backup
    2016-04-13 19:30 - 2012-03-05 19:29 - 00000181 _____ C:\WINDOWS\MYOBP.INI
    2016-04-13 19:30 - 2012-03-05 19:29 - 00000041 _____ C:\WINDOWS\MYOB.INI
    2016-04-11 10:47 - 2012-03-13 15:55 - 00001514 _____ C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
    2016-04-11 10:46 - 2012-03-13 14:34 - 00002539 _____ C:\Documents and Settings\All Users\Desktop\Dragon NaturallySpeaking 11.0.lnk
    2016-04-06 00:30 - 2014-08-17 23:39 - 00000618 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job

    ==================== Files in the root of some directories =======

    2016-03-13 03:55 - 2016-03-13 03:56 - 0000000 _____ () C:\Program Files\TempWmicBatchFile.bat
    2013-01-15 19:27 - 2013-01-15 19:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
    2012-08-12 03:15 - 2012-08-12 11:09 - 0000607 _____ () C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
    2012-07-27 11:12 - 2013-11-24 16:47 - 0000042 _____ () C:\Documents and Settings\Administrator\Application Data\default.pls
    2012-03-13 15:55 - 2016-04-11 10:47 - 0001514 _____ () C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
    2015-10-21 16:09 - 2015-10-21 16:09 - 0000664 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.tmp
    2012-03-06 10:33 - 2016-04-21 11:13 - 0137728 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\setup.txt

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-04-2016
    Ran by Administrator (2016-04-29 02:04:47)
    Running from C:\Documents and Settings\Administrator\Desktop\Furbar
    Microsoft Windows XP Professional Service Pack 3 (X86) (2010-03-25 23:42:46)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-343818398-583907252-842925246-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    Guest (S-1-5-21-343818398-583907252-842925246-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-343818398-583907252-842925246-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-343818398-583907252-842925246-1002 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.14 (HKLM\...\{23170F69-40C1-2701-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
    Adobe Flash Player 9 ActiveX (HKLM\...\ShockwaveFlash) (Version: 9 - Adobe Systems)
    Any Video Converter 5.9.1 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
    Avast Pro Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
    BigPond Broadband ADSL (HKLM\...\{2A36014E-DF1D-4840-A209-3185B17BFC71}) (Version: 11.0 - BigPond)
    CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
    DivXLand Bitrate Calculator (HKLM\...\DivXLand Bitrate Calculator) (Version: - )
    Dragon NaturallySpeaking 11 (HKLM\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
    DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
    Embedded Security for HP ProtectTools Driver (Version: 5.5.100 - Hewlett-Packard) Hidden
    Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 4.30 - Philipp Winterberg)
    Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
    Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
    HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
    HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
    HP Product Detection (HKLM\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
    HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
    HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.4 - Hewlett-Packard)
    HP48g,49g,50g series Calculator Connectivity Kit (HKLM\...\HP48g,49g,50g series Calculator Connectivity Kit) (Version: 2.3 Build 2439 - Hewlett-Packard)
    Inkscape 0.48.2 (HKLM\...\Inkscape) (Version: 0.48.2 - )
    Intel(R) Active Management Technology LMS Service and SOL Driver (HKLM\...\MESOL) (Version: - )
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
    Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - )
    Intel(R) Network Connections 13.1.33.0 (HKLM\...\{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}) (Version: 13.1.33.0 - Intel)
    Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
    K-Lite Codec Pack 8.4.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.4.0 - )
    LightScribe System Software (HKLM\...\{8BA510D1-045B-4E1A-AF52-2282BBF69D5D}) (Version: 1.18.2.1 - LightScribe)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
    MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MYOB BusinessBasics v1 (HKLM\...\InstallShield_{A06176AF-7494-4B29-BE74-F01323AD3233}) (Version: 1 - MYOB Technology Pty Ltd)
    MYOB BusinessBasics v1 (Version: 1 - MYOB Technology Pty Ltd) Hidden
    Nero 8 Essentials (HKLM\...\{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91033}) (Version: 8.3.569 - Nero AG)
    NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
    Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC)
    PDFlite 2.0.0.0 (HKLM\...\PDFlite) (Version: 2.0.0.0 - Amnis Technology Ltd)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5645 - Realtek Semiconductor Corp.)
    SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
    Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    System Requirements Lab for Intel (HKLM\...\{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}) (Version: 4.5.5.0 - Husdawg, LLC)
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
    VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
    Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
    Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.1.0 - Azureus Software, Inc.)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131) (HKLM\...\8ABEA6D4578549FADD34471076DFC5C22976C6D9) (Version: 09/23/2008 3.0.0.131 - Atheros)
    Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7) (HKLM\...\EDE780BB5DCF2C3476C105BAE4CC1175516E9173) (Version: 02/22/2005 3.1.1.7 - NETGEAR)
    Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007) (HKLM\...\0D5BC5DD5940677F9B5623C12951388F5EF72436) (Version: 02/07/2007 5.1283.0207.2007 - NETGEAR Inc.)
    Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3) (HKLM\...\84261EAEDFA5240ACFFEDFB145134E295B649795) (Version: 02/16/2004 1.0.0.3 - Thomson)
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    XviD MPEG4 Video Codec (remove only) (HKLM\...\XviD MPEG4 Video Codec) (Version: - )
    YTD Video Downloader 5.1.0 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.1.0 - GreenTree Applications SRL) <==== ATTENTION

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-343818398-583907252-842925246-500_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\PDFlite\PdfPreview.dll (Simon Bünzli)
    CustomCLSID: HKU\S-1-5-21-343818398-583907252-842925246-500_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\PDFlite\PdfFilter.dll (Simon Bünzli)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job.bak => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job.bak => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-583907252-842925246-500Core.job.bak => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-583907252-842925246-500UA.job.bak => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1461580294.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
    Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-03-22 01:48 - 2016-04-29 01:16 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-03-22 01:48 - 2016-04-29 01:16 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-04-29 01:17 - 2016-04-29 01:17 - 02891264 _____ () C:\Program Files\AVAST Software\Avast\defs\16042801\algo.dll
    2016-04-15 16:21 - 2016-04-29 01:16 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2015-12-18 01:18 - 2016-04-29 01:16 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
    2014-08-17 23:39 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-08-17 23:39 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2015-09-18 00:13 - 2013-08-26 22:12 - 00116224 _____ () C:\WINDOWS\system32\redmonnt.dll
    2015-03-15 10:06 - 2015-12-18 01:19 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-08-17 23:39 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-12-22 11:52 - 2014-06-04 10:21 - 00571904 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
    2014-12-22 11:52 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
    2014-08-17 23:39 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2012-04-23 10:54 - 2010-08-26 17:48 - 00285152 _____ () C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    2012-04-23 10:54 - 2010-07-09 16:38 - 00286720 _____ () C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
    2008-04-14 14:41 - 2008-04-14 14:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2008-04-14 14:42 - 2008-04-14 14:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0FF263E8 [486]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7888 more sites.

    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-343818398-583907252-842925246-500\...\123simsen.com -> www.123simsen.com

    There are 7888 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2003-04-01 00:00 - 2016-04-06 00:30 - 00451855 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 IntelAMT.intel.com127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 15502 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-343818398-583907252-842925246-500\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 10.0.0.138
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: DNS7reminder => "C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking11\Ereg.ini"
    MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
    StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
    StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
    StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe] => :LocalSubNet:Enabled:HP Device Setup
    StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Vuze\Azureus.exe] => Enabled:Azureus / Vuze
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Disabled:Microsoft Management Console
    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
    DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
    DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
    DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
    DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [123:UDP] => Enabled:NTP Port
    StandardProfile\GloballyOpenPorts: [51001:TCP] => Enabled:Dragon Smart Phone Server
    StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
    StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
    StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
    StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
    StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
    StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ==================== Restore Points =========================

    01-02-2016 18:25:11 System Checkpoint
    04-02-2016 19:48:09 System Checkpoint
    05-02-2016 20:20:47 System Checkpoint
    09-02-2016 11:24:33 System Checkpoint
    11-02-2016 10:52:19 Software Distribution Service 3.0
    11-02-2016 14:35:33 Software Distribution Service 3.0
    11-02-2016 23:53:55 Software Distribution Service 3.0
    13-02-2016 12:32:38 System Checkpoint
    16-02-2016 23:10:20 System Checkpoint
    21-02-2016 10:20:59 Installed Windows XP Wdf01009.
    23-02-2016 13:56:16 System Checkpoint
    27-02-2016 22:45:53 System Checkpoint
    29-02-2016 12:18:45 System Checkpoint
    02-03-2016 09:07:51 System Checkpoint
    03-03-2016 22:05:06 System Checkpoint
    05-03-2016 09:40:35 System Checkpoint
    08-03-2016 09:11:09 System Checkpoint
    09-03-2016 16:30:54 System Checkpoint
    10-03-2016 23:33:32 System Checkpoint
    11-03-2016 02:54:32 Software Distribution Service 3.0
    13-03-2016 04:00:40 Removed Nokia Connectivity Cable Driver
    13-03-2016 04:03:51 Removed PC Connectivity Solution
    17-03-2016 20:38:31 Software Distribution Service 3.0
    23-03-2016 19:35:10 System Checkpoint
    28-03-2016 15:29:29 System Checkpoint
    31-03-2016 15:58:30 System Checkpoint
    05-04-2016 22:42:34 System Checkpoint
    09-04-2016 13:12:54 System Checkpoint
    10-04-2016 20:56:47 System Checkpoint
    13-04-2016 19:53:50 System Checkpoint
    15-04-2016 16:25:16 Software Distribution Service 3.0
    16-04-2016 03:00:56 Software Distribution Service 3.0
    16-04-2016 04:24:24 Software Distribution Service 3.0
    18-04-2016 16:16:58 System Checkpoint
    19-04-2016 17:11:42 System Checkpoint
    20-04-2016 17:35:40 System Checkpoint
    21-04-2016 17:53:40 System Checkpoint
    25-04-2016 15:52:10 System Checkpoint
    25-04-2016 20:27:50 Installed Windows XP Wdf01009.
    28-04-2016 16:23:00 System Checkpoint
    29-04-2016 01:19:23 Installed Windows XP Wdf01009.

    ==================== Faulty Device Manager Devices =============

    Name: PS/2 Compatible Mouse
    Description: PS/2 Compatible Mouse
    Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Manufacturer: (Standard keyboards)
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/22/2016 07:03:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application ytd.exe, version 5.1.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (04/22/2016 11:01:17 AM) (Source: Windows Search Service) (EventID: 3024) (User: )
    Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

    Context: Application, SystemIndex Catalog


    System errors:
    =============
    Error: (04/29/2016 01:23:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    i8042prt

    Error: (04/29/2016 01:22:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
    %%1053

    Error: (04/29/2016 01:22:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

    Error: (04/29/2016 01:22:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Parallel port driver service failed to start due to the following error:
    %%1058

    Error: (04/29/2016 01:22:17 AM) (Source: 0) (EventID: 1) (User: )
    Description: 0xC0000043HarddiskVolume1

    Error: (04/28/2016 03:55:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    i8042prt

    Error: (04/28/2016 03:55:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
    %%1053

    Error: (04/28/2016 03:55:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

    Error: (04/28/2016 03:55:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Parallel port driver service failed to start due to the following error:
    %%1058

    Error: (04/28/2016 09:25:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    i8042prt


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
    Percentage of memory in use: 57%
    Total physical RAM: 2031.23 MB
    Available physical RAM: 856.64 MB
    Total Virtual: 3924.07 MB
    Available Virtual: 2644.36 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.51 GB) (Free:586.88 GB) NTFS ==>[drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 8A0E2576)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2016-04-29 02:26:52
    -----------------------------
    02:26:52.453 OS Version: Windows 5.1.2600 Service Pack 3
    02:26:52.453 Number of processors: 2 586 0xF06
    02:26:52.453 ComputerName: HP-1AC38496D8C6 UserName: Administrator
    02:26:54.343 Initialize success
    02:26:54.343 VM: initialized successfully
    02:26:54.343 VM: Intel CPU BiosDisabled
    02:26:57.781 AVAST engine defs: 16042801
    02:27:29.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
    02:27:29.734 Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 3
    02:27:29.921 Disk 0 MBR read successfully
    02:27:29.921 Disk 0 MBR scan
    02:27:29.953 Disk 0 Windows XP default MBR code
    02:27:29.984 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953868 MB offset 2048
    02:27:30.000 Disk 0 default boot code
    02:27:30.234 Disk 0 scanning sectors +1953523712
    02:27:30.796 Disk 0 scanning C:\WINDOWS\system32\drivers
    02:27:39.203 Service scanning
    02:27:52.625 Modules scanning
    02:27:52.687 Disk 0 trace - called modules:
    02:27:52.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    02:27:52.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a530ab8]
    02:27:52.781 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000064[0x8a5a69e8]
    02:27:52.781 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x8a54bd98]
    02:27:55.406 AVAST engine scan C:\WINDOWS
    02:28:01.953 AVAST engine scan C:\WINDOWS\system32
    02:34:24.375 AVAST engine scan C:\WINDOWS\system32\drivers
    02:35:21.562 AVAST engine scan C:\Documents and Settings\Administrator
    03:01:57.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\Furbar\MBR.dat"
    03:01:57.828 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\Furbar\aswMBR.txt"

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    According to listed errors you might be having trouble with Keyboard and mouse ports or they need updated drivers.

    Are you using SpyBot's proxy settings?, also it appears SpyBot is having connection problems.
    ~~~~~~~~~~~~~~`

    Please uninstall/remove
    YTD Video Downloader 5.1.0 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.1.0 - GreenTree Applications SRL) <==== ATTENTION

    ~~~~~~~~~~~~~~~~~~`

    Running from C:\Documents and Settings\Administrator\Desktop\Furbar

    It's best we move Farbar's to desktop.

    Please go to your C:\Documents and Settings\Administrator\Desktop\Furbar, locate Farbar Recovery Scan Tool, right click and select CUT
    Go to an open spot on your desktop, right click and select PASTE
    You should now have Farbar Recovery Scan Tool on your desktop.


    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => No File
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {9DE01FD3-7964-4314-A72C-720A0613A71A} URL = hxxps://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {AE37FC0C-DACD-4948-833C-541422D9ED26} URL = hxxp://www.ant.com/search?s=browser&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_au&p={searchTerms}
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
    Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-343818398-583907252-842925246-500 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1403596507&from=epom&uid=SAMSUNGXHD103SI_S1VSJ90Z801931
    CHR HKLM\...\Chrome\Extension: [bkpdbnikbinamgnlpdocdofjnoplcpji] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bkpdbnikbinamgnlpdocdofjnoplcpji.crx <not found>
    CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path\update_url>
    CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path\update_url>
    CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx <not found>
    CHR HKU\S-1-5-21-343818398-583907252-842925246-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bkpdbnikbinamgnlpdocdofjnoplcpji] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bkpdbnikbinamgnlpdocdofjnoplcpji.crx <not found>
    S4 IntelIde; no ImagePath
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0FF263E8 [486]
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: bitsadmin /reset /allusers
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.




    ======================================================



    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~~~~
    please post
    Fixlog.txt
    AdwCleaner[C1].txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Apr 2016
    Posts
    8

    Default

    Thank you for your quick response and support. I have been away for work and have not had time to perform your suggested procedure yet. I intend to get this done by tomorrow and will post you the results.

    Kind regards and many thanks for your help so far.

  4. #4
    Junior Member
    Join Date
    Apr 2016
    Posts
    8

    Default Suggested steps taken

    Hi. I have now completed all the steps you have outlined for me. Report logs are attached.

    Fix result of Farbar Recovery Scan Tool (x86) Version:27-04-2016
    Ran by Administrator (2016-05-02 13:07:18) Run:3
    Running from C:\Documents and Settings\Administrator\Desktop
    Loaded Profiles: Administrator (Available Profiles: Administrator)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => No File
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {9DE01FD3-7964-4314-A72C-720A0613A71A} URL = hxxps://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {AE37FC0C-DACD-4948-833C-541422D9ED26} URL = hxxp://www.ant.com/search?s=browser&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-343818398-583907252-842925246-500 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_au&p={searchTerms}
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
    Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-343818398-583907252-842925246-500 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1403596507&from=epom&uid=SAMSUNGXHD103SI_S1VSJ90Z801931
    CHR HKLM\...\Chrome\Extension: [bkpdbnikbinamgnlpdocdofjnoplcpji] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bkpdbnikbinamgnlpdocdofjnoplcpji.crx <not found>
    CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path\update_url>
    CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path\update_url>
    CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx <not found>
    CHR HKU\S-1-5-21-343818398-583907252-842925246-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bkpdbnikbinamgnlpdocdofjnoplcpji] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bkpdbnikbinamgnlpdocdofjnoplcpji.crx <not found>
    S4 IntelIde; no ImagePath
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0FF263E8 [486]
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: bitsadmin /reset /allusers
    EmptyTemp:
    Hosts:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
    "C:\PROGRA~1\SupTab\SEARCH~1.DLL" => Value data not found.
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
    HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
    HKU\S-1-5-21-343818398-583907252-842925246-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9DE01FD3-7964-4314-A72C-720A0613A71A} => key not found.
    HKCR\CLSID\{9DE01FD3-7964-4314-A72C-720A0613A71A} => key not found.
    HKU\S-1-5-21-343818398-583907252-842925246-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE37FC0C-DACD-4948-833C-541422D9ED26} => key not found.
    HKCR\CLSID\{AE37FC0C-DACD-4948-833C-541422D9ED26} => key not found.
    HKU\S-1-5-21-343818398-583907252-842925246-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
    HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
    HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
    HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value not found.
    HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
    HKU\S-1-5-21-343818398-583907252-842925246-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value not found.
    HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
    HKCR\PROTOCOLS\Handler\livecall => key not found.
    HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
    HKCR\PROTOCOLS\Handler\msnim => key not found.
    HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
    HKCR\PROTOCOLS\Handler\skype-ie-addon-data => key not found.
    HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => key not found.
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
    HKLM\SOFTWARE\Google\Chrome\Extensions\bkpdbnikbinamgnlpdocdofjnoplcpji => key not found.
    HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf => key not found.
    HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh => key not found.
    HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma => key not found.
    HKU\S-1-5-21-343818398-583907252-842925246-500\SOFTWARE\Google\Chrome\Extensions\bkpdbnikbinamgnlpdocdofjnoplcpji => key not found.
    IntelIde => service not found.
    "C:\Documents and Settings\All Users\Application Data\TEMP" => ":0FF263E8" ADS not found.

    ========= ipconfig /flushdns =========



    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.


    ========= End of CMD: =========


    ========= netsh winsock reset all =========


    Sucessfully reset the Winsock Catalog.
    You must restart the machine in order to complete the reset.


    ========= End of CMD: =========


    ========= netsh int ipv4 reset =========

    The following command was not found: int ipv4 reset.

    ========= End of CMD: =========


    ========= netsh int ipv6 reset =========

    IPv6 is not installed.


    ========= End of CMD: =========


    ========= bitsadmin /reset /allusers =========

    'bitsadmin' is not recognized as an internal or external command,
    operable program or batch file.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    EmptyTemp: => 647.2 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 13:07:55 ====


    # AdwCleaner v5.115 - Logfile created 02/05/2016 at 13:27:58
    # Updated 01/05/2016 by Xplode
    # Database : 2016-05-01.2 [Server]
    # Operating system : Microsoft Windows XP Service Pack 3 (X86)
    # Username : Administrator - HP-1AC38496D8C6
    # Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
    # Option : Clean
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Browse2Save
    [-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\IePluginServices
    [-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\RightClick
    [-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\WindowsProtectManger
    [#] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Browse2save
    [-] Folder Deleted : C:\Program Files\GreenTree Applications
    [-] Folder Deleted : C:\Program Files\SearchProtect

    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3281024
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    [-] Key Deleted : HKCU\Software\Conduit
    [-] Key Deleted : HKCU\Software\SearchProtect
    [-] Key Deleted : HKCU\Software\Softonic
    [-] Key Deleted : HKCU\Software\YahooPartnerToolbar
    [-] Key Deleted : HKCU\Software\madFlac
    [-] Key Deleted : HKLM\SOFTWARE\Conduit
    [-] Key Deleted : HKLM\SOFTWARE\SearchProtect
    [-] Key Deleted : HKLM\SOFTWARE\supWindowsProtectManger
    [-] Key Deleted : HKLM\SOFTWARE\systweak
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US Toolbar
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WindowsProtectManger

    ***** [ Web browsers ] *****


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [4186 bytes] - [02/05/2016 13:27:58]
    C:\AdwCleaner\AdwCleaner[S1].txt - [4472 bytes] - [02/05/2016 13:15:03]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4332 bytes] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Microsoft Windows XP x86
    Ran by Administrator (Administrator) on Mon 02/05/2016 at 13:38:59.51
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 11

    Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2KZ81YE0 (Temporary Internet Files Folder)
    Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\J20EBXEG (Temporary Internet Files Folder)
    Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JLNQ0TNU (Temporary Internet Files Folder)
    Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XD8VPX2H (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\Administrator\Application Data\nico mak computing (Folder)
    Successfully deleted: C:\user.js (File)
    Successfully deleted: C:\WINDOWS\wininit.ini (File)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2KZ81YE0 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\J20EBXEG (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JLNQ0TNU (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XD8VPX2H (Temporary Internet Files Folder)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 02/05/2016 at 13:41:35.50
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  5. #5
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Please download the Malwarebytes Anti-Malware setup file to your Desktop.

    OR from this location Malwarebytes' Anti-Malware

    • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
    • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
    • Upon completion of the scan (or after the reboot), click the History tab.
    • Click Application Logs, followed by the first Scan Log.
    • Click Export,followed by Copy to Clipboard. Paste the log in your next reply.



    Also, can you tell me what the computer is doing now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Junior Member
    Join Date
    Apr 2016
    Posts
    8

    Default

    Next lot of procedures are done. Results below.


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/05/2016
    Scan Time: 7:41:31 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.05.02.01
    Rootkit Database: v2016.04.17.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Administrator

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 302553
    Time Elapsed: 16 min, 0 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CLTMNGSVC, Quarantined, [59c05c75c8d1fe3817a1059727dded13],
    PUP.Optional.IEPluginServices, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Quarantined, [c45500d13366d264690fed4e6f9504fc],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 5
    PUP.Optional.InstallCore, C:\Documents and Settings\Administrator\My Documents\Downloads\Unconfirmed 868099.crdownload, Quarantined, [d04922aff8a1c175b65416d1946df709],
    PUP.Optional.OpenCandy, C:\Documents and Settings\Administrator\My Documents\Downloads\wzdrvupdt.exe, Quarantined, [30e92ba6257459ddee0dc59f7a8b9f61],
    PUP.Optional.InstallCore, C:\Documents and Settings\Administrator\My Documents\Downloads\installer.exe, Quarantined, [bc5da62bb8e176c0cd3d2fb82cd50ff1],
    PUP.Optional.InstallCore, C:\Documents and Settings\Administrator\My Documents\Downloads\setup-pdflite-2.exe, Quarantined, [15048849d3c6cb6b44239ad7e1200ef2],
    PUP.Optional.SofTonic, C:\Documents and Settings\Administrator\My Documents\Downloads\SoftonicDownloader_for_lyrics-plugin-for-windows-media-player.exe, Quarantined, [c8510cc5a5f40b2b989fdd7846bb1ce4],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  7. #7
    Junior Member
    Join Date
    Apr 2016
    Posts
    8

    Default

    Hi. Immunization & system scan still not working correctly.

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Quote Originally Posted by Strato1 View Post
    Hi. Immunization & system scan still not working correctly.
    After we see the machine is clear and free of malware I'll send you to another forum here that helps with SpyBot.

    How is the computer now?


    What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.



    ESET Online Scan
    Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
    • Please download ESET Online Scan and save the file to your Desktop.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Double-click esetsmartinstaller_enu.exe to run the programme.
    • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
    • Agree to the Terms of Use once more and click Start. Allow components to download.
    • Place a checkmark next to Enable detection of potentially unwanted applications.
    • Click Advanced settings. Place a checkmark next to:
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

    • Ensure Remove found threats is unchecked.
    • Click Start.
    • Wait for the scan to finish. Please be patient as this can take some time.
    • Upon completion, click . If no threats were found, skip the next two bullet points.
    • Click and save the file to your Desktop, naming it something such as "MyEsetScan".
    • Push the Back button.
    • Place a checkmark next to and click .
    • Re-enable your anti-virus software.
    • Copy the contents of the log and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Junior Member
    Join Date
    Apr 2016
    Posts
    8

    Default Eset scan results

    Hi. Thanks for your continued support.

    The computer is functioning stably and maybe a touch faster now. So far, everything is still working properly as far as I can tell.

    Have completed the Eset instructions given. Results below.


    C:\AdwCleaner\FileQuarantine\C\Documents and Settings\All Users\Application Data\Browse2Save\511a40fd9ca2b.dll.vir a variant of Win32/Adware.MultiPlug.I application
    C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.7.0_45\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\Documents and Settings\Administrator\My Documents\Downloads\av-sync.exe Win32/InstallMonetizer.AF potentially unwanted application
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BarowwsoeSave4.zip Win32/Bagle.gen.zip worm
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip worm

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    The computer is functioning stably and maybe a touch faster now
    Good deal.

    A few items are already held in quarantine so we'll leave those alone.

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

    start
    CreateRestorePoint:
    CloseProcesses:
    C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.7.0_45\java_sp.dll
    C:\Documents and Settings\Administrator\My Documents\Downloads\av-sync.exe
    EmptyTemp:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~~~~~~~~~`

    Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, next we'll download the latest Java from the following link and install it:

    Java
    ----------
    Install Java:

    Please go here to install Java
    • click on the Free Java Download Button
    • click on Agree and start Free download
    • click on Run
    • click on run again
    • click on install
    • when install is complete click on close

    See this page for instructions on how to clear java's cache.

    Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
    • Under Temporary Internet Files, click the Delete Files button.
    • There are three options in the window to clear the cache - Leave ALL 3 Checked
      • Downloaded Applets
        Downloaded Applications
        Installed Applications and Applets

    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Java Control Panel.

    ----------

    Important information regarding Windows XP
    https://forums.whatthetech.com/index...owtopic=127901


    ~~~~~~~~~~~~~~~~~

    Tell me what issues remain.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •