Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92768 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Older XP Laptop Needs Resurrection


  • Please log in to reply
38 replies to this topic

#1 Christopher_35

Christopher_35

    Authentic Member

  • Authentic Member
  • PipPip
  • 90 posts

Posted 21 March 2020 - 06:23 PM

Am trying to get my old Easy Note laptop back up to speed as it has quite a lot files that I need to save. I know that there are security issues with XP, but will eventually save files to USB and run from Windows 10 machine. The problem I have at the moment is that it is sooo mega slow that I can hardly do much with in its present state. If this is something you can help me with I will be much obliged.

 

Thank you

Chris


    Advertisements

Register to Remove


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,661 posts
  • Interests:LFC, music, more LFC, more music

Posted 22 March 2020 - 07:08 AM

Hello Christopher_35 and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please complete these tasks in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner by clicking on Scan Now
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
  • if it asks to reboot, allow the reboot
  • on reboot, click on View Log File; please attach the content of the log to your next reply.

===================================================

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

  • run the program
  • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
  • click on the ‘Scan’ tab, (directly below the Dashboard tab)
  • select the Threat Scan option
  • slick the Scan Now button
  • Threat Scan will begin
  • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
  • if prompted to restart the computer, close all other programs and click Yes to restart your computer
  • once you are back at your desktop, open MBAM once more
  • click on the ‘Reports’ tab
  • double-click on the most recent Scan Report
  • click on Export, then Copy to Clipboard

Logs to include with the next post:

AdwCleaner log
Mbam.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 Christopher_35

Christopher_35

    Authentic Member

  • Authentic Member
  • PipPip
  • 90 posts

Posted 22 March 2020 - 05:55 PM

Hello Satchfan

Thank you for taking time out to reply to my post. I downloaded and ran AdwCleaner and received the following message.

 

adwcleaner_8.0.3.exe is not a valid Win32 application.

 

I then loaded and ran Malwarebytes Anti-Maleware and received the following message.

 

Runtime Error (at 434:1049):

Could not call proc.

OK

 



#4 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,661 posts
  • Interests:LFC, music, more LFC, more music

Posted 22 March 2020 - 06:11 PM

Sorry, that version doesn't support XP. Try this link for AdwCleaner.

 

Try this for Malwarebytes.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#5 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,661 posts
  • Interests:LFC, music, more LFC, more music

Posted 22 March 2020 - 06:13 PM

It's 10 minutes past midnight here in the UK so I won't reply tonight.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#6 Christopher_35

Christopher_35

    Authentic Member

  • Authentic Member
  • PipPip
  • 90 posts

Posted 22 March 2020 - 08:55 PM

Hello Satchfan

 

attached is one of the Logs you requested, but the new link for Malewarebytes, is not a valid Win32 application

 

# AdwCleaner v6.047 - Logfile created 21/03/2020 at 02:27:23
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Susan Bailey - SNNECCI
# Running from : C:\Documents and Settings\Susan Bailey\Desktop\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Viewpoint
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\IObit\Advanced SystemCare
[-] Folder deleted: C:\Program Files\Check Point Software Technologies LTD
[-] Folder deleted: C:\Program Files\Conduit
[-] Folder deleted: C:\Program Files\Viewpoint
[-] Folder deleted: C:\Program Files\Common Files\ParetoLogic
[#] Folder deleted on reboot: C:\Program Files\Common Files\PARETOLOGIC
[-] Folder deleted: C:\Program Files\Common Files\IObit\Advanced SystemCare


***** [ Files ] *****

[-] File deleted: C:\Program Files\Yahoo!\Common\unyt.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[-] Key deleted: HKLM\SOFTWARE\Classes\escort.escortIEPane
[-] Key deleted: HKLM\SOFTWARE\Classes\escort.escortIEPane.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6DBF5819-8634-464E-92F4-1F29C1EFF773}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key deleted: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Check Point Software Technologies LTD
[-] Key deleted: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\ParetoLogic
[-] Key deleted: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\Check Point Software Technologies LTD
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\ParetoLogic
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[-] Key deleted: HKLM\SOFTWARE\Check Point Software Technologies LTD
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\Freeze.com
[-] Key deleted: HKLM\SOFTWARE\ImInstaller
[-] Key deleted: HKLM\SOFTWARE\MetaStream
[-] Key deleted: HKLM\SOFTWARE\ParetoLogic
[-] Key deleted: HKLM\SOFTWARE\Viewpoint
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\IOBIT\ASC
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security Toolbar
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eusing Free Registry Cleaner
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Eusing Free Registry Cleaner
[-] Key deleted: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8360 Bytes] - [21/03/2020 02:27:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [8350 Bytes] - [21/03/2020 02:15:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [8181 Bytes] - [21/03/2020 02:24:56]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8579 Bytes] ##########
 



#7 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,661 posts
  • Interests:LFC, music, more LFC, more music

Posted 23 March 2020 - 02:43 AM

No wonder you PC is slow; there were lots of things cleared up there that are not good.

 

Try this link for Malwarebytes.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#8 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,661 posts
  • Interests:LFC, music, more LFC, more music

Posted 23 March 2020 - 09:32 AM

Please see the previous post.

 

If you need instructions to run this version please let me know, as it's slightly different.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#9 Christopher_35

Christopher_35

    Authentic Member

  • Authentic Member
  • PipPip
  • 90 posts

Posted 23 March 2020 - 11:38 AM

Hello Satchfan

Attached is the missing log for Malwarebytes

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/21/20
Scan Time: 4:05 PM
Log File: c32dd806-6b8d-11ea-a7d2-4c60de838ec1.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.15396
License: Trial

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: SNNECCI\Susan Bailey

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 193032
Threats Detected: 43
Threats Quarantined: 43
Time Elapsed: 1 hr, 14 min, 9 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 18
PUP.Optional.Conduit, C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks, Quarantined, [198], [182116],1.0.15396
PUP.Optional.Conduit, C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\Conduit\Community Alerts\Feeds, Quarantined, [198], [182116],1.0.15396
PUP.Optional.Conduit, C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\Conduit\Community Alerts\Log, Quarantined, [198], [182116],1.0.15396
PUP.Optional.Conduit, C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\Conduit\Community Alerts, Quarantined, [198], [182116],1.0.15396
PUP.Optional.Conduit, C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\Conduit\Toolbar\Facebook, Quarantined, [198], [182116],1.0.15396
PUP.Optional.Conduit, C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\Conduit\Toolbar, Quarantined, [198], [182116],1.0.15396
PUP.Optional.Conduit, C:\DOCUMENTS AND SETTINGS\SUSAN BAILEY\LOCAL SETTINGS\APPLICATION DATA\CONDUIT, Quarantined, [198], [182116],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\communities\ct2611275\radio, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\communities\ct2611275, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\MyStuffComponents, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\emailnotifier, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\communities, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\weather, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\radio, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\DOCUMENTS AND SETTINGS\SUSAN BAILEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\78XLA3IC.DEFAULT\CT2611275, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\conduit\cachedIcons, Quarantined, [1349], [726325],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\conduit\facebook, Quarantined, [1349], [726325],1.0.15396
PUP.Optional.Conduit.Generic, C:\DOCUMENTS AND SETTINGS\SUSAN BAILEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\78XLA3IC.DEFAULT\CONDUIT, Quarantined, [1349], [726325],1.0.15396

File: 25
PUP.Optional.Conduit, C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=1004080&alertFeedId=999795.xml, Quarantined, [198], [182116],1.0.15396
PUP.Optional.Conduit, C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks\en.xml, Quarantined, [198], [182116],1.0.15396
PUP.Optional.Conduit, C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=5_5_3_2.xml, Quarantined, [198], [182116],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\communities\ct2611275\radio\Predefined_Media_List.xml, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\communities\ct2611275\LanguagePack.xml, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\communities\ct2611275\LocalSettings.txt, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\communities\ct2611275\searchInNewTabData.xml, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\communities\ct2611275\ThirdPartyComponents.xml, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\emailnotifier\acc, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\MyStuffComponents\list.json, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\radio\IP_Media_List.xml, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\radio\Recent_Media_List.xml, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\radio\User_Media_List.xml, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\weather\forecast_en.xml, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\weather\history.xml, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\LanguagePack.xml, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\LocalSettings.txt, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\ThirdPartyComponents.xml, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\CT2611275\UserAdditionalComponents.xml, Quarantined, [1349], [443542],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\conduit\cachedIcons\http___storage_conduit_com_75_261_CT2611275_Images_634084960850172500.png, Quarantined, [1349], [726325],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\conduit\facebook\menu-en.xml, Quarantined, [1349], [726325],1.0.15396
PUP.Optional.Conduit.Generic, C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\78xla3ic.default\conduit\facebook\settings.xml, Quarantined, [1349], [726325],1.0.15396
PUP.Optional.Conduit, C:\DOCUMENTS AND SETTINGS\SUSAN BAILEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\78XLA3IC.DEFAULT\PREFS.JS, Replaced, [198], [301525],1.0.15396
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\REGISTRYDEFRAGBOOTTIME.EXE, Quarantined, [3823], [396386],1.0.15396
PUP.Optional.AdvancedSystemCare, C:\DOCUMENTS AND SETTINGS\SUSAN BAILEY\LOCAL SETTINGS\TEMP\ASC_FREEBIGUPGRADE_DOWNLOADER\ASC.EXE, Quarantined, [3823], [396386],1.0.15396

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)



#10 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,661 posts
  • Interests:LFC, music, more LFC, more music

Posted 23 March 2020 - 12:56 PM

Good, that’s some more cleaned up. Let’s see what is on your computer.

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system, ie, 32 bit.

  • click Run after receipt of Windows Security Warning - Open File. When the tool opens click Yes to the disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

Frst.txt
Addition.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#11 Christopher_35

Christopher_35

    Authentic Member

  • Authentic Member
  • PipPip
  • 90 posts

Posted 23 March 2020 - 04:18 PM

Hello Satchfan

Here are the logs you required

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-03-2020
Ran by Susan Bailey (administrator) on SNNECCI (NEC Computers International PB EASYNOTE) (21-03-2020 20:49:17)
Running from C:\Documents and Settings\Susan Bailey\Desktop
Loaded Profiles: Susan Bailey (Available Profiles: Susan Bailey)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgmfapx.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(BillP Studios -> BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\alg.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Silicon Integrated Systems Corporation) [File not signed] C:\WINDOWS\system32\sistray.exe
(Sun Microsystems, Inc. -> Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [230976 2006-06-28] (BillP Studios -> BillP Studios)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0AMwA3A (the data entry has 302 more characters).
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03] (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\MountPoints2: {3eeb5217-a8ff-11dd-afd0-00038a000015} - ie.exe
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\MountPoints2: {d074ff8d-1bae-11de-8283-00038a000015} - E:\AutoRun.exe
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\MountPoints2: {d0750133-1bae-11de-8283-00038a000015} - E:\AutoRun.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] -> C:\WINDOWS\system32\ieudinit.exe [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\inf\unregmp2.exe [2007-06-26] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] -> C:\WINDOWS\system32\shmgrate.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] -> C:\WINDOWS\system32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{5945c046-1e7d-11d1-bc44-00c04fd912be}] -> C:\WINDOWS\system32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\system32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7790769C-0471-11d2-AF11-00C04FA35D02}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{C631DF4C-088F-4156-B058-4375F0853CD8}] -> C:\WINDOWS\System32\cscui.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{c6dc5466-785a-11d2-84d0-00c04fb169f7}] -> appmgmts.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk [2010-03-27]
ShortcutTarget: Utility Tray.lnk -> C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation) [File not signed]
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\SetupAVG Technologies00
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Low Battery Alarm Program.job => Fv Susan Bailey
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Registration reminder 2.job => C:\WINDOWS\System32\OOBE\oobebaln.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{9B28CDC3-FD26-469C-BF68-25E03755861C}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ntlworld.com
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
SearchScopes: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
SearchScopes: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006 -> {FF3EE1D4-15AF-43CE-B5E6-9F8072460E6B} URL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15] (Safer Networking Ltd. -> Safer Networking Limited)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2020-03-18] (Google Inc -> Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11] (Sun Microsystems, Inc.) [File not signed]
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2020-03-18] (Google Inc -> Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2020-03-18] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198058148886
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} hxxp://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) [File not signed]
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies SA -> Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\81603wpo.default [2020-03-21]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\81603wpo.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2020-03-19] [Legacy] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008-10-15] [Legacy] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-06-11] [Legacy] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009-11-15] [Legacy] [not signed]
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-11] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_32_0_0_344.dll [2020-03-19] (Adobe Inc. -> ) [File not signed]
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc. -> Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-1391219076-2454486130-4279418029-1006: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2012-11-06]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2012-11-06]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2012-11-06]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2012-11-06]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-19] (Adobe Inc. -> Adobe) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4107808 2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [591256 2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2010-01-25] (Adobe Systems Incorporated -> NOS Microsystems Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2009-10-11] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
S3 jswpsapi; C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe [360529 2009-11-05] (Atheros Communications, Inc.) [File not signed]
S3 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1181328 2011-05-02] (Lavasoft AB -> Lavasoft)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [637952 2009-06-02] (Nokia.) [File not signed]
S3 SwPrv; C:\WINDOWS\System32\dllhost.exe /Processid:{6B1C53D3-3752-41EB-8F0A-7DB80BFD7AA4} [5120 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [5228896 2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R2 WDCS_WNDA3200; C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [167936 2010-06-23] () [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Windows Component Publisher -> Microsoft Corporation)
R0 AliIde; C:\WINDOWS\System32\DRIVERS\aliide.sys [5248 2001-08-17] (Microsoft Windows Component Publisher -> Acer Laboratories Inc.)
R0 amdagp; C:\WINDOWS\System32\DRIVERS\amdagp.sys [43008 2008-04-13] (Microsoft Windows Component Publisher -> Advanced Micro Devices, Inc.)
R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1759584 2010-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 Asapi; C:\Windows\System32\Drivers\Asapi.sys [11264 2002-08-06] (VOB Computersysteme GmbH) [File not signed]
R0 asc; C:\WINDOWS\System32\DRIVERS\asc.sys [26496 2001-08-17] (Microsoft Windows Component Publisher -> Advanced System Products, Inc.)
R0 asc3550; C:\WINDOWS\System32\DRIVERS\asc3550.sys [14848 2001-08-17] (Microsoft Windows Component Publisher -> Advanced System Products, Inc.)
R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2004-07-10] (Windows ® 2000 DDK provider) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [247552 2017-03-23] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [220920 2017-09-04] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2017-04-11] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 CmdIde; C:\WINDOWS\System32\DRIVERS\cmdide.sys [6656 2001-08-17] (Microsoft Windows Component Publisher -> CMD Technology, Inc.)
R0 dac2w2k; C:\WINDOWS\System32\DRIVERS\dac2w2k.sys [179584 2001-08-17] (Microsoft Windows Component Publisher -> Mylex Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [128736 2018-04-26] (Malwarebytes Corporation -> Malwarebytes)
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Windows Component Publisher -> Microsoft Corporation)
S3 INQ1usbser; C:\WINDOWS\System32\DRIVERS\INQ1usbser.sys [103680 2008-03-20] (Microsoft Windows Hardware Compatibility Publisher -> AMOI Incorporated)
R3 JSWSCIMD; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2008-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2010-02-04] (Lavasoft AB -> Lavasoft AB)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [148600 2020-03-21] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40160 2020-03-21] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220896 2020-03-21] (Malwarebytes Corporation -> Malwarebytes)
R1 moufiltr; C:\Windows\System32\Drivers\moufiltr.sys [9548 2003-01-23] (Windows ® 2000 DDK provider) [File not signed]
R0 mraid35x; C:\WINDOWS\System32\DRIVERS\mraid35x.sys [17280 2001-08-17] (Microsoft Windows Component Publisher -> American Megatrends Inc.)
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Windows Component Publisher -> Microsoft Corporation)
R3 Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [226288 2003-10-29] (Microsoft Windows Hardware Compatibility Publisher ->  )
S3 Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [1299976 2003-11-04] (Microsoft Windows Hardware Compatibility Publisher ->  )
S3 NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [180368 2003-10-29] (Microsoft Windows Hardware Compatibility Publisher ->  )
S3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [1897408 2004-08-04] (Microsoft Windows Component Publisher -> NVIDIA Corporation)
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Windows Component Publisher -> Microsoft Corporation)
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2002-08-29] (Microsoft Windows Component Publisher -> Parallel Technologies, Inc.)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17232 2003-08-27] (Sonic Solutions) [File not signed]
R0 ql1080; C:\WINDOWS\System32\DRIVERS\ql1080.sys [40320 2001-08-17] (Microsoft Windows Component Publisher -> QLogic Corporation)
R0 ql12160; C:\WINDOWS\System32\DRIVERS\ql12160.sys [45312 2001-08-17] (Microsoft Windows Component Publisher -> QLogic Corporation)
R0 ql1280; C:\WINDOWS\System32\DRIVERS\ql1280.sys [49024 2001-08-17] (Microsoft Windows Component Publisher -> QLogic Corporation)
R0 RecAgent; C:\WINDOWS\System32\DRIVERS\RecAgent.sys [14160 2003-10-29] (Microsoft Windows Hardware Compatibility Publisher ->  )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Windows Component Publisher -> Microsoft Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Microsoft Windows Component Publisher -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [436608 2004-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Integrated Systems Corporation)
R0 sisagp; C:\WINDOWS\System32\DRIVERS\SISAGPX.sys [36992 2003-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Integrated Systems Corporation)
R1 SiSkp; C:\WINDOWS\System32\drivers\srvkp.sys [11648 2004-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Integrated Systems Corporation)
R3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32256 2002-07-10] (Microsoft Windows Hardware Compatibility Publisher -> SiS Corporation)
R3 Slntamr; C:\WINDOWS\System32\DRIVERS\slntamr.sys [566256 2003-11-09] (Microsoft Windows Hardware Compatibility Publisher ->  )
S3 SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [87656 2003-10-29] (Microsoft Windows Hardware Compatibility Publisher ->  )
R3 SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [15712 2003-10-29] (Microsoft Windows Hardware Compatibility Publisher ->  )
R0 Sparrow; C:\WINDOWS\System32\DRIVERS\sparrow.sys [19072 2001-08-17] (Microsoft Windows Component Publisher -> Adaptec, Inc.)
R0 symc810; C:\WINDOWS\System32\DRIVERS\symc810.sys [16256 2001-08-17] (Microsoft Windows Component Publisher -> Symbios Logic Inc.)
R0 symc8xx; C:\WINDOWS\System32\DRIVERS\symc8xx.sys [32640 2001-08-17] (Microsoft Windows Component Publisher -> LSI Logic)
R0 sym_hi; C:\WINDOWS\System32\DRIVERS\sym_hi.sys [28384 2001-08-17] (Microsoft Windows Component Publisher -> LSI Logic)
R0 sym_u3; C:\WINDOWS\System32\DRIVERS\sym_u3.sys [30688 2001-08-17] (Microsoft Windows Component Publisher -> LSI Logic)
R3 SynTP; C:\WINDOWS\System32\DRIVERS\SynTP.sys [180064 2004-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics, Inc.)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Windows Component Publisher -> Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Netherlands B.V.)
R0 ultra; C:\WINDOWS\System32\DRIVERS\ultra.sys [36736 2001-08-17] (Microsoft Windows Component Publisher -> Promise Technology, Inc.)
R1 UsbFltr; C:\Windows\System32\Drivers\UsbFltr.sys [6144 2003-02-19] (Waytech Development, Inc.) [File not signed]
R3 VIAudio; C:\WINDOWS\System32\drivers\viaudios.sys [115840 2004-02-11] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (Microsoft Windows Hardware Compatibility Publisher -> America Online, Inc.)
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Windows Component Publisher -> Microsoft Corporation)
S3 ZDPSp50; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [17664 2008-10-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 BCM43XX; system32\DRIVERS\bcmwl5.sys [X]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X]
U4 RemoteRegistry; no ImagePath
U4 TlntSvr; no ImagePath
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-21 20:49 - 2020-03-21 21:08 - 000029570 _____ C:\Documents and Settings\Susan Bailey\Desktop\FRST.txt
2020-03-21 20:48 - 2020-03-21 20:52 - 000000000 ____D C:\FRST
2020-03-21 20:46 - 2020-03-21 20:46 - 002008064 _____ (Farbar) C:\Documents and Settings\Susan Bailey\Desktop\FRST.exe
2020-03-21 17:38 - 2020-03-21 17:38 - 000009618 _____ C:\Documents and Settings\Susan Bailey\Desktop\malwarebytesScan.txt
2020-03-21 15:55 - 2020-03-21 15:55 - 000040160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-03-21 15:54 - 2020-03-21 15:54 - 000220896 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2020-03-21 15:54 - 2020-03-21 15:54 - 000148600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2020-03-21 15:52 - 2020-03-21 15:52 - 000001718 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2020-03-21 15:52 - 2020-03-21 15:52 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2020-03-21 15:52 - 2018-04-26 05:36 - 000128736 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae.sys
2020-03-21 15:51 - 2020-03-21 15:51 - 000000000 ____D C:\Program Files\Malwarebytes
2020-03-21 15:51 - 2020-03-21 15:51 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2020-03-21 15:45 - 2020-03-21 15:47 - 076534856 _____ (Malwarebytes ) C:\Documents and Settings\Susan Bailey\Desktop\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.exe
2020-03-21 02:36 - 2020-03-21 02:36 - 000008658 _____ C:\Documents and Settings\Susan Bailey\Desktop\AdwCleaner[C0].txt
2020-03-21 02:07 - 2020-03-21 02:27 - 000000000 ____D C:\AdwCleaner
2020-03-21 02:03 - 2020-03-21 02:03 - 004110280 _____ C:\Documents and Settings\Susan Bailey\Desktop\adwcleaner_6.047.exe
2020-03-19 19:54 - 2020-03-19 19:54 - 000000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2020-03-19 00:15 - 2020-03-19 00:16 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2020-03-19 00:15 - 2020-03-19 00:15 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\{74E9F814-C737-42CC-B721-DBBC4059367A}
2020-03-19 00:14 - 2020-03-21 02:26 - 000000000 ____D C:\Program Files\Common Files\IObit
2020-03-19 00:14 - 2020-03-19 00:14 - 000000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2020-03-19 00:14 - 2020-03-19 00:14 - 000000000 ____D C:\Documents and Settings\Susan Bailey\AppData\LocalLow\IObit
2020-03-19 00:12 - 2020-03-19 00:12 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Application Data\Apple Computer
2020-03-18 23:23 - 2020-03-18 23:23 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\AVG
2020-03-18 23:23 - 2019-01-10 13:07 - 000039776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2020-03-18 20:40 - 2020-03-18 20:40 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Application Data\AVG
2020-03-18 20:27 - 2020-03-18 20:27 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Application Data\TuneUp Software
2020-03-18 20:27 - 2020-03-18 20:27 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2020-03-18 20:26 - 2020-03-18 20:26 - 000001457 _____ C:\Documents and Settings\All Users\Desktop\eBay Turbo Lister 2.lnk
2020-03-18 20:05 - 2020-03-21 20:49 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2020-03-18 20:05 - 2020-03-18 20:05 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\MFAData
2020-03-18 19:42 - 2020-03-19 12:19 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\AvgSetupLog
2020-03-18 18:08 - 2020-03-21 02:31 - 000000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2020-03-18 18:08 - 2020-03-18 19:54 - 000000230 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2020-03-18 17:55 - 2020-03-19 00:54 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\Avg
2020-03-18 17:55 - 2020-03-18 17:55 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\CEF
2020-03-18 17:54 - 2020-03-18 17:54 - 000000617 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2020-03-18 17:54 - 2020-03-18 17:54 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
2020-03-18 17:51 - 2020-03-21 14:29 - 000000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2020-03-18 17:49 - 2020-03-18 23:15 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2020-03-18 14:33 - 2013-07-03 02:12 - 000025088 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2020-03-18 14:31 - 2013-07-17 00:58 - 000123008 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2020-03-18 14:30 - 2014-02-26 01:59 - 000013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2020-03-18 14:30 - 2014-02-26 01:59 - 000013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2020-03-18 14:30 - 2013-08-09 00:55 - 000144128 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2020-03-18 14:30 - 2013-08-09 00:55 - 000005376 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2020-03-18 14:30 - 2009-03-18 11:02 - 000030336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2020-03-18 13:37 - 2020-03-21 04:58 - 000032526 _____ C:\WINDOWS\SchedLgU.Txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-21 21:08 - 2004-10-22 17:12 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Local Settings\Temp
2020-03-21 20:59 - 2010-02-12 01:52 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2020-03-21 20:49 - 2013-08-31 19:07 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2020-03-21 20:13 - 2010-08-13 19:42 - 000000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
2020-03-21 19:58 - 2010-02-12 01:52 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2020-03-21 16:13 - 2002-09-19 19:53 - 000000000 __SHD C:\Documents and Settings\LocalService
2020-03-21 15:51 - 2009-04-22 22:41 - 000000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2020-03-21 14:13 - 2012-11-10 20:17 - 000000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
2020-03-21 08:13 - 2010-07-26 16:43 - 000000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
2020-03-21 02:31 - 2002-09-19 19:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-03-21 02:28 - 2004-10-22 17:12 - 000000178 ___SH C:\Documents and Settings\Susan Bailey\ntuser.ini
2020-03-21 02:13 - 2012-11-08 08:15 - 000000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
2020-03-20 02:13 - 2013-08-31 19:41 - 000000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2020-03-19 19:53 - 2013-08-31 19:07 - 000842296 _____ (Adobe) C:\WINDOWS\system32\FlashPlayerApp.exe
2020-03-19 19:53 - 2012-11-03 22:17 - 000175160 _____ (Adobe) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2020-03-19 19:51 - 2002-09-19 19:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-03-19 12:24 - 2009-10-20 17:17 - 000000000 ____D C:\Program Files\IObit
2020-03-19 11:58 - 2004-10-26 20:29 - 000000000 __SHD C:\Documents and Settings\Susan Bailey\UserData
2020-03-19 11:58 - 2004-10-22 17:12 - 000000000 ____D C:\Documents and Settings\Susan Bailey
2020-03-19 11:34 - 2010-07-28 09:51 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2020-03-19 11:24 - 2009-10-20 17:28 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Application Data\IObit
2020-03-18 23:11 - 2008-06-09 02:14 - 000000000 ____D C:\Program Files\AVG
2020-03-18 21:31 - 2004-10-22 17:12 - 000001602 _____ C:\Documents and Settings\Susan Bailey\Start Menu\Programs\Remote Assistance.lnk
2020-03-18 20:26 - 2002-09-19 19:34 - 000000000 ___HD C:\WINDOWS\inf
2020-03-18 20:22 - 2012-11-29 15:35 - 000000000 ____D C:\Documents and Settings\All Users\eBay
2020-03-18 19:51 - 2010-02-01 23:51 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\avg9
2020-03-18 18:06 - 2002-09-19 19:36 - 000251088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-03-18 15:30 - 2002-09-19 19:34 - 000000000 ____D C:\WINDOWS\system32\dllcache
2020-03-18 15:27 - 2002-09-19 19:37 - 000489288 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-03-18 13:06 - 2008-04-15 15:15 - 000000000 ____D C:\Documents and Settings\Susan Bailey\My Documents\MyBackups
2020-03-18 12:45 - 2002-09-19 19:26 - 000001170 _____ C:\WINDOWS\system32\wpa.dbl
2020-03-18 12:40 - 2007-05-31 22:59 - 000000000 ____D C:\Program Files\Google
2020-03-18 12:32 - 2010-02-13 02:17 - 000000000 ____D C:\Documents and Settings\Susan Bailey\My Documents\Arri Excel

==================== Files in the root of some directories ========

2002-03-11 08:45 - 2002-03-11 08:45 - 001708856 _____ (Microsoft Corporation) C:\Program Files\instmsia.exe
2002-03-11 09:06 - 2002-03-11 09:06 - 001822520 _____ (Microsoft Corporation) C:\Program Files\instmsiw.exe
2008-09-30 17:06 - 2008-09-30 17:06 - 128535711 _____ () C:\Program Files\openofficeorg1.cab
2008-09-30 16:29 - 2008-09-30 16:29 - 009772544 _____ () C:\Program Files\openofficeorg30.msi
2008-09-30 16:29 - 2008-09-30 16:29 - 000000217 _____ () C:\Program Files\setup.ini
2009-07-25 10:09 - 2009-07-25 10:09 - 000003584 _____ () C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-07-27 09:15 - 2010-07-27 09:15 - 000000036 _____ () C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\housecall.guid.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-03-2020
Ran by Susan Bailey (21-03-2020 21:21:33)
Running from C:\Documents and Settings\Susan Bailey\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2004-10-21 15:06:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1391219076-2454486130-4279418029-500 - Administrator - Enabled)
Guest (S-1-5-21-1391219076-2454486130-4279418029-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1391219076-2454486130-4279418029-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1391219076-2454486130-4279418029-1002 - Limited - Disabled)
Susan Bailey (S-1-5-21-1391219076-2454486130-4279418029-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Susan Bailey

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: AVG Internet Security (Enabled - Out of date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware (HKLM\...\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) (Version: 8.2.0 - Lavasoft) Hidden
Ad-Aware (HKLM\...\Ad-Aware) (Version:  - Lavasoft)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.60 - NOS Microsystems Ltd.)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.344 - Adobe)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AVG (HKLM\...\{AE3C6D0D-A06B-4789-9089-5FC8E46CE114}) (Version: 16.161.8048 - AVG Technologies) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.116.3.1052 - AVG Technologies)
AVG 2016 (HKLM\...\{BEE08A84-BB55-4307-AC14-E579F5C4D100}) (Version: 16.0.4793 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM\...\{29BA5B43-1BFC-468D-8C8D-4DAC29524387}) (Version: 16.80.3 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.80.3.38236 - AVG Technologies)
AVG Protection (HKLM\...\AVG) (Version: 16.161.8048 - AVG Technologies)
AVG Zen (HKLM\...\{3D8C5CBA-DDCF-44CE-AD7D-B0AEF74E989E}) (Version: 1.116.2 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.11 - Piriform)
Eraser (HKLM\...\{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}) (Version: 5.86 - Heidi Computers Ltd.) Hidden
Eraser (HKLM\...\Eraser) (Version:  - Heidi Computers Ltd.)
FMW 1 (HKLM\...\{A2B92392-DC17-416B-88F6-A6A55E053E32}) (Version: 1.143.3 - AVG Technologies) Hidden
GIMP 2.6.7 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.153 - Google Inc.) Hidden
IncrediMail Xe (HKLM\...\IncrediMail) (Version:  - )
INQ1 Modem (HKLM\...\{65F6D129-8EB6-4DC1-A5C0-E5EB1C6755AB}) (Version: 1.10.0000 - amoi)
Java™ 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Labtec Mouse Software 2.0 (HKLM\...\{77E6239B-BF3B-496B-9634-2AC9589B61BB}) (Version:  - )
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MetaTrader 4.00 (HKLM\...\{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.7 (HKLM\...\Wudf01007) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox (3.6.28) (HKLM\...\Mozilla Firefox (3.6.28)) (Version: 3.6.28 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
NETGEAR WNDA3200 wireless adapter Setup (HKLM\...\{9B02F55E-7E6B-4226-8E67-76514D33FD41}_is1) (Version: 1.0.0.11 - NETGEAR)
OpenOffice.org 3.0 (HKLM\...\{F44DA61E-720D-4E79-871F-F6E628B33242}) (Version: 3.0.9358 - OpenOffice.org)
Packard Bell Companion (HKLM\...\{09B44E78-A988-4BC0-962F-63ECD3333708}) (Version: 1.1.5.1 - Packard Bell) Hidden
PC Connectivity Solution (HKLM\...\{0C973594-7DDF-4BD0-84ED-3517F7622037}) (Version: 9.23.3.0 - Nokia)
Recuva (HKLM\...\Recuva) (Version: 1.37 - Piriform)
SiS 900 PCI Fast Ethernet Adapter Driver (HKLM\...\SiSLan) (Version:  - )
SiS VGA Utilities (HKLM\...\SiS VGA Utilities) (Version:  - )
Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Smart Defrag (HKLM\...\Smart Defrag_is1) (Version: 1.3.0 - IObit)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.7.0 - Sonic Solutions)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.41.1000 - SUPERAntiSpyware.com)
Turbo Lister 2 (HKLM\...\InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}) (Version: 2.0.0 - eBay)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VoipCheap (HKLM\...\VoipCheap_is1) (Version: 2.09 build 321 - Finarea S.A. Switzerland)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.6513 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\WinDirStat) (Version:  - )
Windows Driver Package - Amoi Incorporated (INQ1usbser) Modem  (01/01/2007 2.0.5.0) (HKLM\...\75F6C4F084A18C2A71179397570DD3BE34BA2679) (Version: 01/01/2007 2.0.5.0 - Amoi Incorporated)
Windows Driver Package - Amoi Incorporated (INQ1usbser) Ports  (01/01/2007 2.0.5.0) (HKLM\...\3448AA55E35CFBCE2DBCEED25E4046660049CDBD) (Version: 01/01/2007 2.0.5.0 - Amoi Incorporated)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.5.0532.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPatrol (HKLM\...\WinPatrol) (Version:  - )
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 11.0.768.000 - Check Point)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8462848 2012-06-08] (Microsoft Windows Component Publisher -> Microsoft Corporation)
ShellExecuteHooks: No Name - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  -> No File
ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files\AVG\Av\avgse.dll [2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2007-12-22] (Heidi Computers Ltd -> -)
ContextMenuHandlers1: [FileTerminator] -> -{EBDF1F20-C829-1010-8233-0020AFCE97A9} =>  -> No File
ContextMenuHandlers1: [IMMenuShellExt] -> {F8984111-38B6-11D5-8725-0050DA2761C4} =>  -> No File
ContextMenuHandlers2: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2007-12-22] (Heidi Computers Ltd -> -)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files\AVG\AVG PC TuneUp\DseShExt-x86.dll [2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files\AVG\Av\avgse.dll [2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2007-12-22] (Heidi Computers Ltd -> -)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.trspch] => C:\WINDOWS\system32\tssoft32.acm [8192 2002-08-29] (Microsoft Windows Component Publisher -> DSP GROUP, INC.)
HKLM\...\Drivers32: [vidc.I420] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.iv31] => C:\WINDOWS\system32\ir32_32.dll [199168 2002-08-29] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [vidc.iv32] => C:\WINDOWS\system32\ir32_32.dll [199168 2002-08-29] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [msacm.msg723] => C:\WINDOWS\system32\msg723.acm [118784 2002-08-29] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M263] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M261] => C:\WINDOWS\system32\msh261.drv [188416 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.msaudio1] => C:\WINDOWS\system32\msaud32.acm [282654 2009-09-01] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.sl_anet] => C:\WINDOWS\system32\sl_anet.acm [86016 2008-04-14] (Microsoft Windows Component Publisher -> Sipro Lab Telecom Inc.)
HKLM\...\Drivers32: [vidc.iv41] => C:\WINDOWS\system32\ir41_32.ax [848384 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [msacm.iac2] => C:\WINDOWS\system32\iac25_32.ax [199680 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [vidc.iv50] => C:\WINDOWS\system32\ir50_32.dll [755200 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\"::
WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control::[Query => SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario']
Shortcut: C:\Documents and Settings\Susan Bailey\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) =============

2020-03-18 17:50 - 2020-03-18 17:50 - 048920064 _____ () [File not signed] C:\Program Files\AVG\UiDll\2623\libcef.dll
2009-11-15 18:42 - 2004-06-15 07:00 - 000116736 _____ (CANON INC.) [File not signed] C:\WINDOWS\system32\CNMLM61.DLL
2009-11-15 18:42 - 2004-06-15 07:00 - 000017920 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD61.DLL
2020-03-21 15:52 - 2018-05-01 11:10 - 001137152 _____ (Igor Pavlov) [File not signed] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll
2004-01-29 14:08 - 2004-01-29 14:08 - 001277952 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
2004-01-29 14:08 - 2004-01-29 14:08 - 000086016 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMWS.DLL
2009-06-11 19:25 - 2009-06-11 19:25 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Java\jre6\bin\MSVCR71.dll
2011-05-13 20:04 - 2011-05-13 20:04 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80.DLL
2011-05-13 19:45 - 2011-05-13 19:45 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL
2004-07-10 10:54 - 2004-02-27 03:04 - 000176128 ____N (Silicon Integrated Systems Corporation) [File not signed] C:\WINDOWS\system32\SiSApCom.dll
2008-07-29 14:43 - 2008-07-29 14:43 - 000596480 _____ (STLport Consulting, Inc.) [File not signed] C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll
2008-08-28 14:56 - 2008-08-28 14:56 - 000357888 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
2007-02-27 19:39 - 2007-02-27 19:39 - 000061440 _____ (SUPERAntiSpyware.com) [File not signed] C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
2009-09-03 22:21 - 2009-09-03 22:21 - 000548352 _____ (SUPERAntiSpyware.com) [File not signed] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
2020-03-21 15:51 - 2018-01-18 16:16 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2020-03-21 15:51 - 2018-01-18 16:15 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qgif.dll
2020-03-21 15:51 - 2018-01-18 16:16 - 000031232 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qicns.dll
2020-03-21 15:51 - 2018-01-18 16:15 - 000025088 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2020-03-21 15:51 - 2018-01-18 16:15 - 000242688 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll
2020-03-21 15:51 - 2018-01-18 16:16 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2020-03-21 15:51 - 2018-01-18 16:16 - 000018944 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtga.dll
2020-03-21 15:51 - 2018-01-18 16:16 - 000318976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtiff.dll
2020-03-21 15:51 - 2018-01-18 16:16 - 000017920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll
2020-03-21 15:51 - 2018-01-18 16:16 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwebp.dll
2020-03-21 15:51 - 2018-01-18 16:15 - 000993792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2020-03-21 15:51 - 2018-01-18 16:22 - 000044032 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
2020-03-21 15:51 - 2018-01-18 16:22 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmlsettingsplugin.dll
2020-03-21 15:51 - 2018-05-09 09:35 - 004809728 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2020-03-21 15:51 - 2018-01-18 16:12 - 005100032 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2020-03-21 15:51 - 2018-01-18 16:10 - 002012672 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2020-03-21 15:51 - 2018-01-18 16:18 - 002522112 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2020-03-21 15:51 - 2018-01-18 16:20 - 002570752 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2020-03-21 15:51 - 2018-01-18 16:16 - 000247808 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2020-03-21 15:51 - 2018-01-18 16:14 - 004482048 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2020-03-21 15:51 - 2018-01-18 16:24 - 000206336 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2020-03-21 15:51 - 2018-01-18 16:22 - 000013312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2020-03-21 15:51 - 2018-01-18 16:22 - 000013824 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2020-03-21 15:51 - 2018-01-18 16:27 - 000698368 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-03-21 15:51 - 2018-01-18 16:27 - 000173056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2020-03-21 15:51 - 2018-01-18 16:26 - 000035328 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\dialogsprivateplugin.dll
2020-03-21 15:51 - 2018-01-18 16:26 - 000069632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-03-21 15:51 - 2018-01-18 16:27 - 000097280 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2020-03-21 15:51 - 2018-01-18 16:22 - 000013312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2020-03-21 15:51 - 2018-01-18 16:25 - 000074752 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qml_winextras.dll
2020-03-21 15:51 - 2018-01-18 16:29 - 000102400 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\scenegraph\softwarecontext.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [119]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\batfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <==== ATTENTION
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.reg:  =>  <==== ATTENTION
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.bat: batfile =>  <==== ATTENTION
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.cmd:  =>  <==== ATTENTION
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.com:  =>  <==== ATTENTION

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk

There are 5356 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com

There are 2043 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com

There are 2043 more sites.

IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\100sexlinks.com -> 100sexlinks.com

There are 5613 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2002-09-19 19:26 - 2008-06-06 17:25 - 000249518 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.1001-search.info
127.0.0.1    1001-search.info
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.123topsearch.com
127.0.0.1    123topsearch.com
127.0.0.1    www.132.com
127.0.0.1    132.com
127.0.0.1    www.136136.net
127.0.0.1    136136.net
127.0.0.1    www.139mm.com
127.0.0.1    139mm.com
127.0.0.1    www.163ns.com
127.0.0.1    163ns.com
127.0.0.1    171203.com

There are 8693 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Nokia\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\TVNAVI~1;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\WINDOWS\system32\WindowsPowerShell\v1.0
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName3 -> C:\WINDOWS\system32\ipconf.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName4 -> C:\WINDOWS\system32\h323.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: RealTray => C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
MSCONFIG\startupreg: SiSUSBRG => C:\WINDOWS\SiSUSBrg.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\MSN Messenger\msnmsgr.exe] => Enabled:MSN Messenger 7.5
StandardProfile\AuthorizedApplications: [C:\Program Files\IncrediMail\bin\IncMail.exe] => Enabled:IncrediMail
StandardProfile\AuthorizedApplications: [C:\Program Files\IncrediMail\bin\IMApp.exe] => Enabled:IncrediMail
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\VoipCheap\VoipCheap.exe] => Enabled:VoipCheap
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\ZoneLabs\vsmon.exe] => Enabled:vsmon
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe] => Enabled:SP_FF
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

==================== Restore Points =========================

18-03-2020 17:46:43 Avg Update
18-03-2020 19:49:42 Removed AVG Free 9.0
18-03-2020 19:52:45 Installed AVG Free 9.0
18-03-2020 20:09:47 Installed AVG 2016
18-03-2020 20:16:00 Installed AVG
19-03-2020 20:36:55 System Checkpoint
20-03-2020 20:41:54 System Checkpoint
21-03-2020 21:42:25 System Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/21/2020 08:54:26 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.

Error: (03/21/2020 08:54:26 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.

Error: (03/21/2020 08:54:16 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.

Error: (03/21/2020 08:54:16 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.

Error: (03/21/2020 08:54:06 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.

Error: (03/21/2020 08:54:04 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.

Error: (03/21/2020 08:53:55 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.

Error: (03/21/2020 08:53:54 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.


System errors:
=============
Error: (03/21/2020 02:33:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG PC TuneUp Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/21/2020 02:33:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the AVG PC TuneUp Service service to connect.

Error: (03/21/2020 02:33:45 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (03/21/2020 02:33:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/21/2020 02:25:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/21/2020 02:25:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NETGEAR WNDA3200 Device Checking Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (03/21/2020 02:25:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG PC TuneUp Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 500 milliseconds: Restart the service.

Error: (03/21/2020 02:19:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG PC TuneUp Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 250 milliseconds: Restart the service.


==================== Memory info ===========================

BIOS: Insyde Software INSYDE - 1 09/02/2002
Motherboard: NEC Computers International Titan N
Processor:  Intel® Celeron® CPU 2.80GHz
Percentage of memory in use: 74%
Total physical RAM: 703.48 MB
Available physical RAM: 181.21 MB
Total Virtual: 2539.29 MB
Available Virtual: 481.34 MB

==================== Drives ================================

Drive c: (HDD) (Fixed) (Total:33.25 GB) (Free:16.65 GB) NTFS ==>[drive with boot components (Windows XP)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 37.3 GB) (Disk ID: E02AE02A)
Partition 1: (Not Active) - (Size=4 GB) - (Type=1B)
Partition 2: (Active) - (Size=33.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 

 

 

Thankyou

Christopher



#12 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,661 posts
  • Interests:LFC, music, more LFC, more music

Posted 23 March 2020 - 04:30 PM

Thanks Christopher.

 

I'll look at the kogs and get back as soon as I can

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#13 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,661 posts
  • Interests:LFC, music, more LFC, more music

Posted 23 March 2020 - 06:32 PM

Quite a bit needs to be dealt with so we’ll start with what was found in those logs.

===================================================

Note: Please follow these instructions in the order given.

===================================================

Run Farbar Recovery Scan Tool

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below and paste it into Notepad.

CloseProcesses:
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0AMwA3A (the data entry has 302 more characters).
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\MountPoints2: {3eeb5217-a8ff-11dd-afd0-00038a000015} - ie.exe
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\MountPoints2: {d074ff8d-1bae-11de-8283-00038a000015} - E:\AutoRun.exe
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\MountPoints2: {d0750133-1bae-11de-8283-00038a000015} - E:\AutoRun.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
SearchScopes: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006 -> {FF3EE1D4-15AF-43CE-B5E6-9F8072460E6B} URL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
Toolbar: HKU\.DEFAULT -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc. -> Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-1391219076-2454486130-4279418029-1006: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [No File]
S3 BCM43XX; system32\DRIVERS\bcmwl5.sys [X]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X]
U4 RemoteRegistry; no ImagePath
U4 TlntSvr; no ImagePath
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
2020-03-19 00:15 - 2020-03-19 00:16 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2020-03-19 00:15 - 2020-03-19 00:15 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\{74E9F814-C737-42CC-B721-DBBC4059367A}
2020-03-19 00:14 - 2020-03-21 02:26 - 000000000 ____D C:\Program Files\Common Files\IObit
2020-03-19 00:14 - 2020-03-19 00:14 - 000000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2020-03-19 00:14 - 2020-03-19 00:14 - 000000000 ____D C:\Documents and Settings\Susan Bailey\AppData\LocalLow\IObit
2020-03-18 18:08 - 2020-03-21 02:31 - 000000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2020-03-18 18:08 - 2020-03-18 19:54 - 000000230 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2020-03-19 12:24 - 2009-10-20 17:17 - 000000000 ____D C:\Program Files\IObit
2020-03-19 11:34 - 2010-07-28 09:51 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2020-03-19 11:24 - 2009-10-20 17:28 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Application Data\IObit
2002-03-11 08:45 - 2002-03-11 08:45 - 001708856 _____ (Microsoft Corporation) C:\Program Files\instmsia.exe
2002-03-11 09:06 - 2002-03-11 09:06 - 001822520 _____ (Microsoft Corporation) C:\Program Files\instmsiw.exe
2008-09-30 17:06 - 2008-09-30 17:06 - 128535711 _____ () C:\Program Files\openofficeorg1.cab
2008-09-30 16:29 - 2008-09-30 16:29 - 009772544 _____ () C:\Program Files\openofficeorg30.msi
2008-09-30 16:29 - 2008-09-30 16:29 - 000000217 _____ () C:\Program Files\setup.ini
2009-07-25 10:09 - 2009-07-25 10:09 - 000003584 _____ () C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-07-27 09:15 - 2010-07-27 09:15 - 000000036 _____ () C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\housecall.guid.cache
Ad-Aware (HKLM\...\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) (Version: 8.2.0 - Lavasoft) Hidden
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.153 - Google Inc.) Hidden
ShellExecuteHooks: No Name - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  -> No File
ContextMenuHandlers1: [FileTerminator] -> -{EBDF1F20-C829-1010-8233-0020AFCE97A9} =>  -> No File
ContextMenuHandlers1: [IMMenuShellExt] -> {F8984111-38B6-11D5-8725-0050DA2761C4} =>  -> No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\...\batfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <==== ATTENTION
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.reg:  =>  <==== ATTENTION
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.bat: batfile =>  <==== ATTENTION
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.cmd:  =>  <==== ATTENTION
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.com:  =>  <==== ATTENTION
StandardProfile\AuthorizedApplications: [C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe] => Enabled:SP_FF
EmptyTemp:

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Uninstall programmes

Please uninstall these programs:

Ad-Aware
Google Update Helper
Java™ 6 Update 17
Java™ 6 Update 7
Spybot - Search & Destroy

 

  • click Start, Settings, Control Panel, Add or Remove Programs
  • click on each programme in turn and then on Uninstall.

================================================

Please run FRST again and make sure there is a checkmark next to ‘Addition.txt’ before you hit Scan.

Logs to include with next post:

New Frst.txt
New Addition.txt


Thanks

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#14 Christopher_35

Christopher_35

    Authentic Member

  • Authentic Member
  • PipPip
  • 90 posts

Posted 24 March 2020 - 10:58 AM

Hello Satchfan

 

I believe all has been completed in the correct order as requested.

Also attached are the logs in the order requested.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 22-03-2020
Ran by Susan Bailey (22-03-2020 13:29:51) Run:1
Running from C:\Documents and Settings\Susan Bailey\Desktop\New Folder
Loaded Profiles: Susan Bailey (Available Profiles: Susan Bailey)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0AMwA3A (the data entry has 302 more characters).
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\MountPoints2: {3eeb5217-a8ff-11dd-afd0-00038a000015} - ie.exe
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\MountPoints2: {d074ff8d-1bae-11de-8283-00038a000015} - E:\AutoRun.exe
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\MountPoints2: {d0750133-1bae-11de-8283-00038a000015} - E:\AutoRun.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
SearchScopes: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006 -> {FF3EE1D4-15AF-43CE-B5E6-9F8072460E6B} URL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
Toolbar: HKU\.DEFAULT -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc. -> Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-1391219076-2454486130-4279418029-1006: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [No File]
S3 BCM43XX; system32\DRIVERS\bcmwl5.sys [X]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X]
U4 RemoteRegistry; no ImagePath
U4 TlntSvr; no ImagePath
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
2020-03-19 00:15 - 2020-03-19 00:16 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2020-03-19 00:15 - 2020-03-19 00:15 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\{74E9F814-C737-42CC-B721-DBBC4059367A}
2020-03-19 00:14 - 2020-03-21 02:26 - 000000000 ____D C:\Program Files\Common Files\IObit
2020-03-19 00:14 - 2020-03-19 00:14 - 000000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2020-03-19 00:14 - 2020-03-19 00:14 - 000000000 ____D C:\Documents and Settings\Susan Bailey\AppData\LocalLow\IObit
2020-03-18 18:08 - 2020-03-21 02:31 - 000000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2020-03-18 18:08 - 2020-03-18 19:54 - 000000230 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2020-03-19 12:24 - 2009-10-20 17:17 - 000000000 ____D C:\Program Files\IObit
2020-03-19 11:34 - 2010-07-28 09:51 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2020-03-19 11:24 - 2009-10-20 17:28 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Application Data\IObit
2002-03-11 08:45 - 2002-03-11 08:45 - 001708856 _____ (Microsoft Corporation) C:\Program Files\instmsia.exe
2002-03-11 09:06 - 2002-03-11 09:06 - 001822520 _____ (Microsoft Corporation) C:\Program Files\instmsiw.exe
2008-09-30 17:06 - 2008-09-30 17:06 - 128535711 _____ () C:\Program Files\openofficeorg1.cab
2008-09-30 16:29 - 2008-09-30 16:29 - 009772544 _____ () C:\Program Files\openofficeorg30.msi
2008-09-30 16:29 - 2008-09-30 16:29 - 000000217 _____ () C:\Program Files\setup.ini
2009-07-25 10:09 - 2009-07-25 10:09 - 000003584 _____ () C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-07-27 09:15 - 2010-07-27 09:15 - 000000036 _____ () C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\housecall.guid.cache
Ad-Aware (HKLM\...\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) (Version: 8.2.0 - Lavasoft) Hidden
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.153 - Google Inc.) Hidden
ShellExecuteHooks: No Name - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  -> No File
ContextMenuHandlers1: [FileTerminator] -> -{EBDF1F20-C829-1010-8233-0020AFCE97A9} =>  -> No File
ContextMenuHandlers1: [IMMenuShellExt] -> {F8984111-38B6-11D5-8725-0050DA2761C4} =>  -> No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\...\batfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <==== ATTENTION
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.reg:  =>  <==== ATTENTION
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.bat: batfile =>  <==== ATTENTION
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.cmd:  =>  <==== ATTENTION
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.com:  =>  <==== ATTENTION
StandardProfile\AuthorizedApplications: [C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe] => Enabled:SP_FF
EmptyTemp:
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL" => removed successfully.
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eeb5217-a8ff-11dd-afd0-00038a000015} => removed successfully.
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d074ff8d-1bae-11de-8283-00038a000015} => removed successfully.
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0750133-1bae-11de-8283-00038a000015} => removed successfully.
HKLM\Software\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9} => removed successfully.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => moved successfully
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => moved successfully
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FF3EE1D4-15AF-43CE-B5E6-9F8072460E6B} => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" => removed successfully.
"HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" => removed successfully.
"HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1F2F4C9E-6F09-47BC-970D-3C54734667FE} => removed successfully.
HKLM\Software\Classes\CLSID\{1F2F4C9E-6F09-47BC-970D-3C54734667FE} => removed successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3451DEDE-631F-421C-8127-FD793AFC6CC8} => removed successfully.
HKLM\Software\Classes\CLSID\{3451DEDE-631F-421C-8127-FD793AFC6CC8} => removed successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990200-3C9D-426D-81DF-AAB636FA4345} => removed successfully.
HKLM\Software\Classes\CLSID\{44990200-3C9D-426D-81DF-AAB636FA4345} => removed successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990301-3C9D-426D-81DF-AAB636FA4345} => removed successfully.
HKLM\Software\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345} => removed successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => removed successfully.
HKLM\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => removed successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} => removed successfully.
HKLM\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} => removed successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} => removed successfully.
HKLM\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} => removed successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => removed successfully.
HKLM\Software\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => removed successfully.
"HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc." => not found
C:\Program Files\Yahoo!\Common\npyaxmpb.dll => moved successfully
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\MozillaPlugins\@adobe.com/FlashPlayer => removed successfully.
"C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" => not found
HKLM\System\CurrentControlSet\Services\BCM43XX => removed successfully.
BCM43XX => service removed successfully.
HKLM\System\CurrentControlSet\Services\nmwcdnsu => removed successfully.
nmwcdnsu => service removed successfully.
HKLM\System\CurrentControlSet\Services\nmwcdnsuc => removed successfully.
nmwcdnsuc => service removed successfully.
HKLM\System\CurrentControlSet\Services\RemoteRegistry => removed successfully.
RemoteRegistry => service removed successfully.
HKLM\System\CurrentControlSet\Services\TlntSvr => removed successfully.
TlntSvr => service removed successfully.
HKLM\System\CurrentControlSet\Services\upperdev => removed successfully.
upperdev => service removed successfully.
C:\Documents and Settings\All Users\Application Data\ProductData => moved successfully
C:\Documents and Settings\All Users\Application Data\{74E9F814-C737-42CC-B721-DBBC4059367A} => moved successfully
C:\Program Files\Common Files\IObit => moved successfully
C:\WINDOWS\Tasks\ImCleanDisabled => moved successfully
C:\Documents and Settings\Susan Bailey\AppData\LocalLow\IObit => moved successfully
"C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job" => not found
"C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job" => not found
C:\Program Files\IObit => moved successfully
C:\Documents and Settings\All Users\Application Data\IObit => moved successfully
C:\Documents and Settings\Susan Bailey\Application Data\IObit => moved successfully
C:\Program Files\instmsia.exe => moved successfully
C:\Program Files\instmsiw.exe => moved successfully
C:\Program Files\openofficeorg1.cab => moved successfully
C:\Program Files\openofficeorg30.msi => moved successfully
C:\Program Files\setup.ini => moved successfully
C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\housecall.guid.cache => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\\SystemComponent" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" => removed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\FileTerminator => removed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IMMenuShellExt => removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => removed successfully.
HKLM\Software\Classes\batfile\DefaultIcon\\"Default"="%SystemRoot%\System32\shell32.dll,-153" => value restored successfully
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.reg => removed successfully.
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.bat => removed successfully.
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.cmd => removed successfully.
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Classes\.com => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe" => removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10365 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 51053 B
Java, Flash, Steam htmlcache => 470 B
Windows/system/dllcache/drivers => 62082480 B
Edge => 0 B
Chrome => 0 B
Firefox => 74648421 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 49958 B
All Users => 49958 B
systemprofile => 146392506 B
LocalService => 146475054 B
NetworkService => 146557602 B
Susan Bailey => 248355036 B

RecycleBin => 76464764 B
EmptyTemp: => 859.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:32:02 ====

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-03-2020
Ran by Susan Bailey (administrator) on SNNECCI (NEC Computers International PB EASYNOTE) (22-03-2020 15:21:34)
Running from C:\Documents and Settings\Susan Bailey\Desktop\New Folder
Loaded Profiles: Susan Bailey (Available Profiles: Susan Bailey)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(BillP Studios -> BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\alg.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Silicon Integrated Systems Corporation) [File not signed] C:\WINDOWS\system32\sistray.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [230976 2006-06-28] (BillP Studios -> BillP Studios)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03] (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] -> C:\WINDOWS\system32\ieudinit.exe [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\inf\unregmp2.exe [2007-06-26] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] -> C:\WINDOWS\system32\shmgrate.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] -> C:\WINDOWS\system32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{5945c046-1e7d-11d1-bc44-00c04fd912be}] -> C:\WINDOWS\system32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\system32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7790769C-0471-11d2-AF11-00C04FA35D02}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{C631DF4C-088F-4156-B058-4375F0853CD8}] -> C:\WINDOWS\System32\cscui.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{c6dc5466-785a-11d2-84d0-00c04fb169f7}] -> appmgmts.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk [2010-03-27]
ShortcutTarget: Utility Tray.lnk -> C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation) [File not signed]
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\SetupAVG Technologies00
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Low Battery Alarm Program.job => Fv Susan Bailey
Task: C:\WINDOWS\Tasks\Registration reminder 2.job => C:\WINDOWS\System32\OOBE\oobebaln.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{9B28CDC3-FD26-469C-BF68-25E03755861C}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ntlworld.com
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
SearchScopes: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2020-03-18] (Google Inc -> Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2020-03-18] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2020-03-18] (Google Inc -> Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198058148886
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} hxxp://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) [File not signed]
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) [File not signed]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies SA -> Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\81603wpo.default [2020-03-22]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Documents and Settings\Susan Bailey\Application Data\Mozilla\Firefox\Profiles\81603wpo.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2020-03-19] [Legacy] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-06-11] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_32_0_0_344.dll [2020-03-19] (Adobe Inc. -> ) [File not signed]
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2012-11-06]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2012-11-06]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2012-11-06]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2012-11-06]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-19] (Adobe Inc. -> Adobe) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4107808 2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [591256 2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2010-01-25] (Adobe Systems Incorporated -> NOS Microsystems Ltd.)
S3 jswpsapi; C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe [360529 2009-11-05] (Atheros Communications, Inc.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [637952 2009-06-02] (Nokia.) [File not signed]
S3 SwPrv; C:\WINDOWS\System32\dllhost.exe /Processid:{6B1C53D3-3752-41EB-8F0A-7DB80BFD7AA4} [5120 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [5228896 2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R2 WDCS_WNDA3200; C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [167936 2010-06-23] () [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Windows Component Publisher -> Microsoft Corporation)
R0 AliIde; C:\WINDOWS\System32\DRIVERS\aliide.sys [5248 2001-08-17] (Microsoft Windows Component Publisher -> Acer Laboratories Inc.)
R0 amdagp; C:\WINDOWS\System32\DRIVERS\amdagp.sys [43008 2008-04-13] (Microsoft Windows Component Publisher -> Advanced Micro Devices, Inc.)
R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1759584 2010-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 Asapi; C:\Windows\System32\Drivers\Asapi.sys [11264 2002-08-06] (VOB Computersysteme GmbH) [File not signed]
R0 asc; C:\WINDOWS\System32\DRIVERS\asc.sys [26496 2001-08-17] (Microsoft Windows Component Publisher -> Advanced System Products, Inc.)
R0 asc3550; C:\WINDOWS\System32\DRIVERS\asc3550.sys [14848 2001-08-17] (Microsoft Windows Component Publisher -> Advanced System Products, Inc.)
R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2004-07-10] (Windows ® 2000 DDK provider) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [247552 2017-03-23] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [220920 2017-09-04] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2017-04-11] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 CmdIde; C:\WINDOWS\System32\DRIVERS\cmdide.sys [6656 2001-08-17] (Microsoft Windows Component Publisher -> CMD Technology, Inc.)
R0 dac2w2k; C:\WINDOWS\System32\DRIVERS\dac2w2k.sys [179584 2001-08-17] (Microsoft Windows Component Publisher -> Mylex Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [128736 2018-04-26] (Malwarebytes Corporation -> Malwarebytes)
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Windows Component Publisher -> Microsoft Corporation)
S3 INQ1usbser; C:\WINDOWS\System32\DRIVERS\INQ1usbser.sys [103680 2008-03-20] (Microsoft Windows Hardware Compatibility Publisher -> AMOI Incorporated)
R3 JSWSCIMD; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2008-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [148600 2020-03-21] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40160 2020-03-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220896 2020-03-22] (Malwarebytes Corporation -> Malwarebytes)
R1 moufiltr; C:\Windows\System32\Drivers\moufiltr.sys [9548 2003-01-23] (Windows ® 2000 DDK provider) [File not signed]
R0 mraid35x; C:\WINDOWS\System32\DRIVERS\mraid35x.sys [17280 2001-08-17] (Microsoft Windows Component Publisher -> American Megatrends Inc.)
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Windows Component Publisher -> Microsoft Corporation)
R3 Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [226288 2003-10-29] (Microsoft Windows Hardware Compatibility Publisher ->  )
S3 Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [1299976 2003-11-04] (Microsoft Windows Hardware Compatibility Publisher ->  )
S3 NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [180368 2003-10-29] (Microsoft Windows Hardware Compatibility Publisher ->  )
S3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [1897408 2004-08-04] (Microsoft Windows Component Publisher -> NVIDIA Corporation)
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Windows Component Publisher -> Microsoft Corporation)
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2002-08-29] (Microsoft Windows Component Publisher -> Parallel Technologies, Inc.)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17232 2003-08-27] (Sonic Solutions) [File not signed]
R0 ql1080; C:\WINDOWS\System32\DRIVERS\ql1080.sys [40320 2001-08-17] (Microsoft Windows Component Publisher -> QLogic Corporation)
R0 ql12160; C:\WINDOWS\System32\DRIVERS\ql12160.sys [45312 2001-08-17] (Microsoft Windows Component Publisher -> QLogic Corporation)
R0 ql1280; C:\WINDOWS\System32\DRIVERS\ql1280.sys [49024 2001-08-17] (Microsoft Windows Component Publisher -> QLogic Corporation)
R0 RecAgent; C:\WINDOWS\System32\DRIVERS\RecAgent.sys [14160 2003-10-29] (Microsoft Windows Hardware Compatibility Publisher ->  )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Windows Component Publisher -> Microsoft Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Microsoft Windows Component Publisher -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [436608 2004-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Integrated Systems Corporation)
R0 sisagp; C:\WINDOWS\System32\DRIVERS\SISAGPX.sys [36992 2003-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Integrated Systems Corporation)
R1 SiSkp; C:\WINDOWS\System32\drivers\srvkp.sys [11648 2004-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Integrated Systems Corporation)
R3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32256 2002-07-10] (Microsoft Windows Hardware Compatibility Publisher -> SiS Corporation)
R3 Slntamr; C:\WINDOWS\System32\DRIVERS\slntamr.sys [566256 2003-11-09] (Microsoft Windows Hardware Compatibility Publisher ->  )
S3 SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [87656 2003-10-29] (Microsoft Windows Hardware Compatibility Publisher ->  )
R3 SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [15712 2003-10-29] (Microsoft Windows Hardware Compatibility Publisher ->  )
R0 Sparrow; C:\WINDOWS\System32\DRIVERS\sparrow.sys [19072 2001-08-17] (Microsoft Windows Component Publisher -> Adaptec, Inc.)
R0 symc810; C:\WINDOWS\System32\DRIVERS\symc810.sys [16256 2001-08-17] (Microsoft Windows Component Publisher -> Symbios Logic Inc.)
R0 symc8xx; C:\WINDOWS\System32\DRIVERS\symc8xx.sys [32640 2001-08-17] (Microsoft Windows Component Publisher -> LSI Logic)
R0 sym_hi; C:\WINDOWS\System32\DRIVERS\sym_hi.sys [28384 2001-08-17] (Microsoft Windows Component Publisher -> LSI Logic)
R0 sym_u3; C:\WINDOWS\System32\DRIVERS\sym_u3.sys [30688 2001-08-17] (Microsoft Windows Component Publisher -> LSI Logic)
R3 SynTP; C:\WINDOWS\System32\DRIVERS\SynTP.sys [180064 2004-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics, Inc.)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Windows Component Publisher -> Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Netherlands B.V.)
R0 ultra; C:\WINDOWS\System32\DRIVERS\ultra.sys [36736 2001-08-17] (Microsoft Windows Component Publisher -> Promise Technology, Inc.)
R1 UsbFltr; C:\Windows\System32\Drivers\UsbFltr.sys [6144 2003-02-19] (Waytech Development, Inc.) [File not signed]
R3 VIAudio; C:\WINDOWS\System32\drivers\viaudios.sys [115840 2004-02-11] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (Microsoft Windows Hardware Compatibility Publisher -> America Online, Inc.)
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Windows Component Publisher -> Microsoft Corporation)
S3 ZDPSp50; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [17664 2008-10-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-22 15:07 - 2020-03-22 15:07 - 000040160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-03-22 15:03 - 2020-03-22 15:01 - 000220896 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2020-03-22 13:15 - 2020-03-22 13:32 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Desktop\New Folder
2020-03-22 13:15 - 2020-03-22 13:15 - 000000058 _____ C:\Documents and Settings\Susan Bailey\Desktop\New Wave Sound.wav
2020-03-22 12:59 - 2020-03-22 12:59 - 000041198 _____ C:\Documents and Settings\Susan Bailey\Desktop\Addition.txt
2020-03-21 20:48 - 2020-03-22 15:22 - 000000000 ____D C:\FRST
2020-03-21 17:38 - 2020-03-21 17:38 - 000009618 _____ C:\Documents and Settings\Susan Bailey\Desktop\malwarebytesScan.txt
2020-03-21 15:54 - 2020-03-21 15:54 - 000148600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2020-03-21 15:52 - 2020-03-21 15:52 - 000001718 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2020-03-21 15:52 - 2020-03-21 15:52 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2020-03-21 15:52 - 2018-04-26 05:36 - 000128736 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae.sys
2020-03-21 15:51 - 2020-03-21 15:51 - 000000000 ____D C:\Program Files\Malwarebytes
2020-03-21 15:51 - 2020-03-21 15:51 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2020-03-21 15:45 - 2020-03-21 15:47 - 076534856 _____ (Malwarebytes ) C:\Documents and Settings\Susan Bailey\Desktop\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.exe
2020-03-21 02:36 - 2020-03-21 02:36 - 000008658 _____ C:\Documents and Settings\Susan Bailey\Desktop\AdwCleaner[C0].txt
2020-03-21 02:07 - 2020-03-21 02:27 - 000000000 ____D C:\AdwCleaner
2020-03-21 02:03 - 2020-03-21 02:03 - 004110280 _____ C:\Documents and Settings\Susan Bailey\Desktop\adwcleaner_6.047.exe
2020-03-19 19:54 - 2020-03-19 19:54 - 000000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2020-03-19 00:12 - 2020-03-19 00:12 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Application Data\Apple Computer
2020-03-18 23:23 - 2020-03-18 23:23 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\AVG
2020-03-18 23:23 - 2019-01-10 13:07 - 000039776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2020-03-18 20:40 - 2020-03-18 20:40 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Application Data\AVG
2020-03-18 20:27 - 2020-03-18 20:27 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Application Data\TuneUp Software
2020-03-18 20:27 - 2020-03-18 20:27 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2020-03-18 20:26 - 2020-03-18 20:26 - 000001457 _____ C:\Documents and Settings\All Users\Desktop\eBay Turbo Lister 2.lnk
2020-03-18 20:05 - 2020-03-22 14:57 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2020-03-18 20:05 - 2020-03-18 20:05 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\MFAData
2020-03-18 19:42 - 2020-03-19 12:19 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\AvgSetupLog
2020-03-18 17:55 - 2020-03-19 00:54 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\Avg
2020-03-18 17:55 - 2020-03-18 17:55 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\CEF
2020-03-18 17:54 - 2020-03-18 17:54 - 000000617 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2020-03-18 17:54 - 2020-03-18 17:54 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
2020-03-18 17:51 - 2020-03-22 14:55 - 000000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2020-03-18 17:49 - 2020-03-18 23:15 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2020-03-18 14:33 - 2013-07-03 02:12 - 000025088 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2020-03-18 14:31 - 2013-07-17 00:58 - 000123008 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2020-03-18 14:30 - 2014-02-26 01:59 - 000013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2020-03-18 14:30 - 2014-02-26 01:59 - 000013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2020-03-18 14:30 - 2013-08-09 00:55 - 000144128 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2020-03-18 14:30 - 2013-08-09 00:55 - 000005376 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2020-03-18 14:30 - 2009-03-18 11:02 - 000030336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2020-03-18 13:37 - 2020-03-22 14:51 - 000032598 _____ C:\WINDOWS\SchedLgU.Txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-22 15:31 - 2004-10-22 17:12 - 000000000 ____D C:\Documents and Settings\Susan Bailey\Local Settings\Temp
2020-03-22 14:58 - 2010-02-12 01:52 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2020-03-22 14:54 - 2010-02-12 01:52 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2020-03-22 14:53 - 2002-09-19 19:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-03-22 14:50 - 2004-10-22 17:12 - 000000178 ___SH C:\Documents and Settings\Susan Bailey\ntuser.ini
2020-03-22 14:49 - 2013-08-31 19:07 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2020-03-22 14:49 - 2004-10-29 23:47 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy
2020-03-22 14:49 - 2004-10-29 23:47 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2020-03-22 14:42 - 2008-10-15 00:23 - 000000000 ____D C:\Program Files\Java
2020-03-22 14:13 - 2012-11-10 20:17 - 000000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
2020-03-22 13:55 - 2007-05-31 23:36 - 000000000 ____D C:\Program Files\Lavasoft
2020-03-22 13:54 - 2008-03-12 23:12 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft
2020-03-22 08:13 - 2010-07-26 16:43 - 000000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
2020-03-22 02:13 - 2012-11-08 08:15 - 000000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
2020-03-21 20:13 - 2010-08-13 19:42 - 000000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
2020-03-21 16:13 - 2002-09-19 19:53 - 000000000 __SHD C:\Documents and Settings\LocalService
2020-03-20 02:13 - 2013-08-31 19:41 - 000000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2020-03-19 19:53 - 2013-08-31 19:07 - 000842296 _____ (Adobe) C:\WINDOWS\system32\FlashPlayerApp.exe
2020-03-19 19:53 - 2012-11-03 22:17 - 000175160 _____ (Adobe) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2020-03-19 19:51 - 2002-09-19 19:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-03-19 11:58 - 2004-10-26 20:29 - 000000000 __SHD C:\Documents and Settings\Susan Bailey\UserData
2020-03-19 11:58 - 2004-10-22 17:12 - 000000000 ____D C:\Documents and Settings\Susan Bailey
2020-03-18 23:11 - 2008-06-09 02:14 - 000000000 ____D C:\Program Files\AVG
2020-03-18 21:31 - 2004-10-22 17:12 - 000001602 _____ C:\Documents and Settings\Susan Bailey\Start Menu\Programs\Remote Assistance.lnk
2020-03-18 20:26 - 2002-09-19 19:34 - 000000000 ___HD C:\WINDOWS\inf
2020-03-18 20:22 - 2012-11-29 15:35 - 000000000 ____D C:\Documents and Settings\All Users\eBay
2020-03-18 19:51 - 2010-02-01 23:51 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\avg9
2020-03-18 18:06 - 2002-09-19 19:36 - 000251088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-03-18 15:30 - 2002-09-19 19:34 - 000000000 ____D C:\WINDOWS\system32\dllcache
2020-03-18 15:27 - 2002-09-19 19:37 - 000489288 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-03-18 13:06 - 2008-04-15 15:15 - 000000000 ____D C:\Documents and Settings\Susan Bailey\My Documents\MyBackups
2020-03-18 12:45 - 2002-09-19 19:26 - 000001170 _____ C:\WINDOWS\system32\wpa.dbl
2020-03-18 12:40 - 2007-05-31 22:59 - 000000000 ____D C:\Program Files\Google
2020-03-18 12:32 - 2010-02-13 02:17 - 000000000 ____D C:\Documents and Settings\Susan Bailey\My Documents\Arri Excel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-03-2020
Ran by Susan Bailey (22-03-2020 15:33:19)
Running from C:\Documents and Settings\Susan Bailey\Desktop\New Folder
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2004-10-21 15:06:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1391219076-2454486130-4279418029-500 - Administrator - Enabled)
Guest (S-1-5-21-1391219076-2454486130-4279418029-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1391219076-2454486130-4279418029-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1391219076-2454486130-4279418029-1002 - Limited - Disabled)
Susan Bailey (S-1-5-21-1391219076-2454486130-4279418029-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Susan Bailey

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: AVG Internet Security (Enabled - Out of date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.60 - NOS Microsystems Ltd.)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.344 - Adobe)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AVG (HKLM\...\{AE3C6D0D-A06B-4789-9089-5FC8E46CE114}) (Version: 16.161.8048 - AVG Technologies) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.116.3.1052 - AVG Technologies)
AVG 2016 (HKLM\...\{BEE08A84-BB55-4307-AC14-E579F5C4D100}) (Version: 16.0.4793 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM\...\{29BA5B43-1BFC-468D-8C8D-4DAC29524387}) (Version: 16.80.3 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.80.3.38236 - AVG Technologies)
AVG Protection (HKLM\...\AVG) (Version: 16.161.8048 - AVG Technologies)
AVG Zen (HKLM\...\{3D8C5CBA-DDCF-44CE-AD7D-B0AEF74E989E}) (Version: 1.116.2 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.11 - Piriform)
Eraser (HKLM\...\{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}) (Version: 5.86 - Heidi Computers Ltd.) Hidden
Eraser (HKLM\...\Eraser) (Version:  - Heidi Computers Ltd.)
FMW 1 (HKLM\...\{A2B92392-DC17-416B-88F6-A6A55E053E32}) (Version: 1.143.3 - AVG Technologies) Hidden
GIMP 2.6.7 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC)
IncrediMail Xe (HKLM\...\IncrediMail) (Version:  - )
INQ1 Modem (HKLM\...\{65F6D129-8EB6-4DC1-A5C0-E5EB1C6755AB}) (Version: 1.10.0000 - amoi)
Labtec Mouse Software 2.0 (HKLM\...\{77E6239B-BF3B-496B-9634-2AC9589B61BB}) (Version:  - )
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MetaTrader 4.00 (HKLM\...\{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.7 (HKLM\...\Wudf01007) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox (3.6.28) (HKLM\...\Mozilla Firefox (3.6.28)) (Version: 3.6.28 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
NETGEAR WNDA3200 wireless adapter Setup (HKLM\...\{9B02F55E-7E6B-4226-8E67-76514D33FD41}_is1) (Version: 1.0.0.11 - NETGEAR)
OpenOffice.org 3.0 (HKLM\...\{F44DA61E-720D-4E79-871F-F6E628B33242}) (Version: 3.0.9358 - OpenOffice.org)
Packard Bell Companion (HKLM\...\{09B44E78-A988-4BC0-962F-63ECD3333708}) (Version: 1.1.5.1 - Packard Bell) Hidden
PC Connectivity Solution (HKLM\...\{0C973594-7DDF-4BD0-84ED-3517F7622037}) (Version: 9.23.3.0 - Nokia)
Recuva (HKLM\...\Recuva) (Version: 1.37 - Piriform)
SiS 900 PCI Fast Ethernet Adapter Driver (HKLM\...\SiSLan) (Version:  - )
SiS VGA Utilities (HKLM\...\SiS VGA Utilities) (Version:  - )
Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Smart Defrag (HKLM\...\Smart Defrag_is1) (Version: 1.3.0 - IObit)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.7.0 - Sonic Solutions)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.41.1000 - SUPERAntiSpyware.com)
Turbo Lister 2 (HKLM\...\InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}) (Version: 2.0.0 - eBay)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VoipCheap (HKLM\...\VoipCheap_is1) (Version: 2.09 build 321 - Finarea S.A. Switzerland)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.6513 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\WinDirStat) (Version:  - )
Windows Driver Package - Amoi Incorporated (INQ1usbser) Modem  (01/01/2007 2.0.5.0) (HKLM\...\75F6C4F084A18C2A71179397570DD3BE34BA2679) (Version: 01/01/2007 2.0.5.0 - Amoi Incorporated)
Windows Driver Package - Amoi Incorporated (INQ1usbser) Ports  (01/01/2007 2.0.5.0) (HKLM\...\3448AA55E35CFBCE2DBCEED25E4046660049CDBD) (Version: 01/01/2007 2.0.5.0 - Amoi Incorporated)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.5.0532.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPatrol (HKLM\...\WinPatrol) (Version:  - )
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 11.0.768.000 - Check Point)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8462848 2012-06-08] (Microsoft Windows Component Publisher -> Microsoft Corporation)
ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files\AVG\Av\avgse.dll [2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2007-12-22] (Heidi Computers Ltd -> -)
ContextMenuHandlers2: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2007-12-22] (Heidi Computers Ltd -> -)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files\AVG\AVG PC TuneUp\DseShExt-x86.dll [2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll [2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files\AVG\Av\avgse.dll [2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\system32\erasext.dll [2007-12-22] (Heidi Computers Ltd -> -)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.trspch] => C:\WINDOWS\system32\tssoft32.acm [8192 2002-08-29] (Microsoft Windows Component Publisher -> DSP GROUP, INC.)
HKLM\...\Drivers32: [vidc.I420] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.iv31] => C:\WINDOWS\system32\ir32_32.dll [199168 2002-08-29] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [vidc.iv32] => C:\WINDOWS\system32\ir32_32.dll [199168 2002-08-29] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [msacm.msg723] => C:\WINDOWS\system32\msg723.acm [118784 2002-08-29] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M263] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M261] => C:\WINDOWS\system32\msh261.drv [188416 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.msaudio1] => C:\WINDOWS\system32\msaud32.acm [282654 2009-09-01] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.sl_anet] => C:\WINDOWS\system32\sl_anet.acm [86016 2008-04-14] (Microsoft Windows Component Publisher -> Sipro Lab Telecom Inc.)
HKLM\...\Drivers32: [vidc.iv41] => C:\WINDOWS\system32\ir41_32.ax [848384 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [msacm.iac2] => C:\WINDOWS\system32\iac25_32.ax [199680 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [vidc.iv50] => C:\WINDOWS\system32\ir50_32.dll [755200 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\"::
WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control::[Query => SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario']
Shortcut: C:\Documents and Settings\Susan Bailey\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) =============

2003-11-06 05:00 - 2003-11-06 05:00 - 000073728 _____ () [File not signed] c:\Apps\RecordNow\shlext.dll
2020-03-18 17:50 - 2020-03-18 17:50 - 048920064 _____ () [File not signed] C:\Program Files\AVG\UiDll\2623\libcef.dll
2009-11-15 18:42 - 2004-06-15 07:00 - 000116736 _____ (CANON INC.) [File not signed] C:\WINDOWS\system32\CNMLM61.DLL
2009-11-15 18:42 - 2004-06-15 07:00 - 000017920 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD61.DLL
2020-03-21 15:52 - 2018-05-01 11:10 - 001137152 _____ (Igor Pavlov) [File not signed] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll
2002-01-05 02:37 - 2002-01-05 02:37 - 000344064 _____ (Microsoft Corporation) [File not signed] c:\Apps\RecordNow\MSVCR70.dll
2004-01-29 14:08 - 2004-01-29 14:08 - 001277952 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
2004-01-29 14:08 - 2004-01-29 14:08 - 000086016 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMWS.DLL
2011-05-13 20:04 - 2011-05-13 20:04 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80.DLL
2011-05-13 19:45 - 2011-05-13 19:45 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL
2004-07-10 10:54 - 2004-02-27 03:04 - 000176128 ____N (Silicon Integrated Systems Corporation) [File not signed] C:\WINDOWS\system32\SiSApCom.dll
2008-07-29 14:43 - 2008-07-29 14:43 - 000596480 _____ (STLport Consulting, Inc.) [File not signed] C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll
2008-08-28 14:56 - 2008-08-28 14:56 - 000357888 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
2007-02-27 19:39 - 2007-02-27 19:39 - 000061440 _____ (SUPERAntiSpyware.com) [File not signed] C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
2009-09-03 22:21 - 2009-09-03 22:21 - 000548352 _____ (SUPERAntiSpyware.com) [File not signed] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
2020-03-21 15:51 - 2018-01-18 16:15 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qgif.dll
2020-03-21 15:51 - 2018-01-18 16:16 - 000031232 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qicns.dll
2020-03-21 15:51 - 2018-01-18 16:15 - 000025088 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2020-03-21 15:51 - 2018-01-18 16:15 - 000242688 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll
2020-03-21 15:51 - 2018-01-18 16:16 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2020-03-21 15:51 - 2018-01-18 16:16 - 000018944 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtga.dll
2020-03-21 15:51 - 2018-01-18 16:16 - 000318976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtiff.dll
2020-03-21 15:51 - 2018-01-18 16:16 - 000017920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll
2020-03-21 15:51 - 2018-01-18 16:16 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwebp.dll
2020-03-21 15:51 - 2018-01-18 16:15 - 000993792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2020-03-21 15:51 - 2018-05-09 09:35 - 004809728 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2020-03-21 15:51 - 2018-01-18 16:12 - 005100032 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2020-03-21 15:51 - 2018-01-18 16:10 - 002012672 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2020-03-21 15:51 - 2018-01-18 16:18 - 002522112 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2020-03-21 15:51 - 2018-01-18 16:20 - 002570752 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2020-03-21 15:51 - 2018-01-18 16:16 - 000247808 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2020-03-21 15:51 - 2018-01-18 16:14 - 004482048 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2020-03-21 15:51 - 2018-01-18 16:24 - 000206336 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2020-03-21 15:51 - 2018-01-18 16:22 - 000013312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2020-03-21 15:51 - 2018-01-18 16:22 - 000013824 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2020-03-21 15:51 - 2018-01-18 16:27 - 000698368 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-03-21 15:51 - 2018-01-18 16:27 - 000173056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2020-03-21 15:51 - 2018-01-18 16:26 - 000069632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-03-21 15:51 - 2018-01-18 16:27 - 000097280 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2020-03-21 15:51 - 2018-01-18 16:22 - 000013312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [119]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\batfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <==== ATTENTION

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk

There are 5356 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com

There are 2043 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com

There are 2043 more sites.

IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\...\100sexlinks.com -> 100sexlinks.com

There are 5613 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2002-09-19 19:26 - 2008-06-06 17:25 - 000249518 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.1001-search.info
127.0.0.1    1001-search.info
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.123topsearch.com
127.0.0.1    123topsearch.com
127.0.0.1    www.132.com
127.0.0.1    132.com
127.0.0.1    www.136136.net
127.0.0.1    136136.net
127.0.0.1    www.139mm.com
127.0.0.1    139mm.com
127.0.0.1    www.163ns.com
127.0.0.1    163ns.com
127.0.0.1    171203.com

There are 8693 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Nokia\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\TVNAVI~1;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\WINDOWS\system32\WindowsPowerShell\v1.0
HKU\S-1-5-21-1391219076-2454486130-4279418029-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Susan Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName3 -> C:\WINDOWS\system32\ipconf.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName4 -> C:\WINDOWS\system32\h323.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: RealTray => C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
MSCONFIG\startupreg: SiSUSBRG => C:\WINDOWS\SiSUSBrg.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\MSN Messenger\msnmsgr.exe] => Enabled:MSN Messenger 7.5
StandardProfile\AuthorizedApplications: [C:\Program Files\IncrediMail\bin\IncMail.exe] => Enabled:IncrediMail
StandardProfile\AuthorizedApplications: [C:\Program Files\IncrediMail\bin\IMApp.exe] => Enabled:IncrediMail
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\VoipCheap\VoipCheap.exe] => Enabled:VoipCheap
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\ZoneLabs\vsmon.exe] => Enabled:vsmon
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:Personal Email Scanner
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

==================== Restore Points =========================

19-03-2020 20:36:55 System Checkpoint
20-03-2020 20:41:54 System Checkpoint
21-03-2020 21:42:25 System Checkpoint
22-03-2020 14:30:20 Removed Google Update Helper
22-03-2020 14:33:10 Removed Java™ 6 Update 13
22-03-2020 14:41:41 Removed Java™ 6 Update 7

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/22/2020 03:24:26 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.

Error: (03/22/2020 03:24:26 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.

Error: (03/22/2020 03:24:16 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.

Error: (03/22/2020 03:24:15 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.

Error: (03/22/2020 03:24:05 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.

Error: (03/22/2020 03:24:04 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.

Error: (03/22/2020 03:23:55 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.

Error: (03/22/2020 03:23:54 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: Invalid algorithm specified.


System errors:
=============
Error: (03/22/2020 02:56:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (03/22/2020 02:56:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/22/2020 02:20:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (03/22/2020 02:20:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/22/2020 02:01:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/22/2020 02:01:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (03/22/2020 02:01:45 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1053 = The service did not respond to the start or control request in a timely fashion." attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (03/22/2020 01:40:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.


==================== Memory info ===========================

BIOS: Insyde Software INSYDE - 1 09/02/2002
Motherboard: NEC Computers International Titan N
Processor:  Intel® Celeron® CPU 2.80GHz
Percentage of memory in use: 84%
Total physical RAM: 703.48 MB
Available physical RAM: 109.06 MB
Total Virtual: 2420.89 MB
Available Virtual: 464.38 MB

==================== Drives ================================

Drive c: (HDD) (Fixed) (Total:33.25 GB) (Free:17.91 GB) NTFS ==>[drive with boot components (Windows XP)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 37.3 GB) (Disk ID: E02AE02A)
Partition 1: (Not Active) - (Size=4 GB) - (Type=1B)
Partition 2: (Active) - (Size=33.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 

 

Regards

Christopher



#15 Christopher_35

Christopher_35

    Authentic Member

  • Authentic Member
  • PipPip
  • 90 posts

Posted 24 March 2020 - 11:04 AM

As an update, there is no difference in performance at the moment.

 

Regards

Christopher


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users