Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blank screen with cursor at startup


  • This topic is locked This topic is locked
17 replies to this topic

#1 Dreamchaser_jc

Dreamchaser_jc

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is balmy
  • Local time:07:48 PM

Posted 07 December 2017 - 12:35 AM

Hello BC,

 

I'm sending this on another computer. A PC at the office no couldn't load to the desktop. There are infections that keep coming back as shown by the active AV. Yesterday, I no longer have access to that PC except in Safe Mode. Tinkering with services in msconfing didn't help. Things were back to normal once I uninstalled the AV (initially done simply to install the newest version but - for another post at another time - latest versions won't install on the old OS). I just got to the office here and inherited the PC for work. I have some rusty knowledge on malware security, reading HJT logs and recognize some rogue entries from FRST but I'll leave it to the experts here.

 

Thank you.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-12-2017
Ran by Administrator (administrator) on SEROLOGI-EVOLIS (07-12-2017 13:00:40)
Running from C:\
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [839680 2007-04-27] (Analog Devices, Inc.)
HKLM\...\Run: [SetRefresh] => C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-21] (Hewlett-Packard Company)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [127036 2006-10-08] (Sonic Solutions)
HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [408344 2007-06-07] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272912 2013-05-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\MountPoints2: {169bfb52-4053-11e3-875c-002264b1b1c8} - F:\urDrive.exe
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\MountPoints2: {2e35cf2f-4c0c-11e3-875e-002264b1b1c8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE  .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\MountPoints2: {6a0ada95-f5f2-11e1-8713-002264b1b1c8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\MountPoints2: {a0b4de66-3e68-11e0-8712-002264b1b1c8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\MountPoints2: {bc1a8dfa-fc3f-11e4-87bc-002264b1b1c8} - E:\ActivationTool.exe -p "Q-Capture Pro 7" -i "C:\ProgramData\QImaging, Inc.\Q-Capture Pro 7" -u "hxxp://www.qimaging.com/activate/qcapturepro.php" -e "techsupport@mediacy.com"
HKLM\...\Providers\NetWare or Compatible Network: C:\WINDOWS\system32\nwprovau.dll [142336 2006-10-13] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 nwprovau
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{CD2D6734-CB43-4E34-8FC4-FBB958C307A9}: [NameServer] 8.8.8.8,8.8.4.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
HKU\S-1-5-21-2867267751-978417955-3886269406-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
HKU\S-1-5-21-2867267751-978417955-3886269406-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2867267751-978417955-3886269406-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
URLSearchHook: HKU\S-1-5-21-2867267751-978417955-3886269406-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {12AE554B-98BB-423A-B867-DE329819F10B} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmdtie7-en-gb
SearchScopes: HKLM -> {12AE554B-98BB-423A-B867-DE329819F10B} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmdtie7-en-gb
SearchScopes: HKU\S-1-5-21-2867267751-978417955-3886269406-500 -> DefaultScope {12AE554B-98BB-423A-B867-DE329819F10B} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmdtie7-en-gb
SearchScopes: HKU\S-1-5-21-2867267751-978417955-3886269406-500 -> {12AE554B-98BB-423A-B867-DE329819F10B} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmdtie7-en-gb
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-10-08] (Sonic Solutions)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-28] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-28] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u2ycglyp.default [2017-12-06]
FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u2ycglyp.default -> hxxp://sppa-selatan.moh.gov.my/
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u2ycglyp.default -> type", 0
FF Extension: (Greasemonkey) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u2ycglyp.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-10-04] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll [2015-01-01] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-28] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-21] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Guest Profile [2015-01-11]
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1 [2017-12-07]
CHR Extension: (Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-12]
CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-12]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-28]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-03]
CHR Extension: (Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-12]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-15]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"ekpzvt" => service was unlocked. <==== ATTENTION
 
S2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [183064 2007-06-07] (Intel Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-12] (Hewlett-Packard Co.) [File not signed]
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-28] (Oracle Corporation)
S2 LMS; C:\Program Files\Intel\AMT\LMS.exe [109336 2007-06-07] (Intel)
S3 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [174032 2017-10-01] (Mozilla Foundation) [File not signed]
S3 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S3 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2006-10-13] (Microsoft Corporation)
S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2521880 2007-06-07] (Intel)
S2 ekpzvt; C:\WINDOWS\system32\ackkwo.dll [X]
S2 mhfhwzz; C:\WINDOWS\system32\ackkwo.dll [X]
S4 uvmzv; C:\WINDOWS\system32\ydewf.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S4 adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [105472 2002-05-09] (Adaptec, Inc.) [File not signed]
S2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [86016 2017-07-27] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
S1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
S1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [177864 2013-08-30] ()
S2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [26044 2006-10-08] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2006-03-17] (Sonic Solutions) [File not signed]
S2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2006-10-08] (Sonic Solutions) [File not signed]
S2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [87004 2006-10-08] (Sonic Solutions) [File not signed]
S2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [15068 2006-10-08] (Sonic Solutions) [File not signed]
S2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2006-10-08] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2006-03-17] (Sonic Solutions) [File not signed]
S2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94460 2006-10-08] (Sonic Solutions) [File not signed]
S2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [88476 2006-10-08] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89456 2006-08-18] (Sonic Solutions) [File not signed]
S2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2006-03-17] (Sonic Solutions) [File not signed]
S3 ggsomc; C:\WINDOWS\System32\DRIVERS\ggsomc.sys [26328 2014-08-22] (Sony Mobile Communications)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-09] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-09] (HP)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-04] (Intel® Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-04] (Intel® Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-04] (Intel® Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-04] (Intel® Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-04] (Intel® Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-04] (Intel® Corporation)
S3 iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [11807 2004-08-04] (Intel® Corporation)
S3 iAimFP6; C:\WINDOWS\System32\DRIVERS\wADV08nt.sys [11295 2004-08-04] (Intel® Corporation)
S3 iAimFP7; C:\WINDOWS\System32\DRIVERS\wADV09nt.sys [11871 2004-08-04] (Intel® Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-04] (Intel® Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-04] (Intel® Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-04] (Intel® Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-04] (Intel® Corporation)
S3 iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [25471 2004-08-04] (Intel® Corporation)
S3 iAimTV6; C:\WINDOWS\System32\DRIVERS\wATV06nt.sys [22271 2004-08-04] (Intel® Corporation)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2007-12-18] (Infineon Technologies AG)
S2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88448 2006-02-28] (Microsoft Corporation)
S2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2006-02-28] (Microsoft Corporation)
S2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2006-02-28] (Microsoft Corporation)
S3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2006-10-13] (Microsoft Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42496 2006-02-28] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
S4 Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic) [File not signed]
S3 ouskcyyg; \??\C:\WINDOWS\system32\0F.tmp [X]
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: uvmzv -> C:\WINDOWS\system32\ydewf.dll ==> No File
NETSVC: mhfhwzz -> C:\WINDOWS\system32\ackkwo.dll ==> No File
NETSVC: ekpzvt -> C:\WINDOWS\system32\ackkwo.dll ==> No File
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-07 13:00 - 2017-12-07 13:01 - 000018349 _____ C:\FRST.txt
2017-12-07 13:00 - 2017-12-07 13:00 - 001751040 _____ (Farbar) C:\FRST.exe
2017-12-07 13:00 - 2017-12-07 13:00 - 000000000 ____D C:\FRST
2017-12-07 12:27 - 2017-12-07 12:27 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2017-12-07 12:27 - 2017-12-07 12:27 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
2017-12-07 12:26 - 2017-12-07 12:49 - 000000330 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2017-12-07 12:26 - 2017-12-07 12:26 - 000000000 ____D C:\Program Files\AVAST Software
2017-12-07 12:26 - 2013-08-30 15:48 - 000770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-12-07 12:26 - 2013-08-30 15:48 - 000369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-12-07 12:26 - 2013-08-30 15:48 - 000177864 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-12-07 12:26 - 2013-08-30 15:48 - 000066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-12-07 12:26 - 2013-08-30 15:48 - 000056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2017-12-07 12:26 - 2013-08-30 15:48 - 000049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2017-12-07 12:26 - 2013-08-30 15:48 - 000049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-12-07 12:26 - 2013-08-30 15:48 - 000029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2017-12-07 12:26 - 2013-08-30 15:47 - 000229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-12-07 12:26 - 2013-08-30 15:47 - 000041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2017-12-06 12:34 - 2017-12-06 12:34 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\avastSWCUTemp
2017-12-06 11:35 - 2017-12-06 11:35 - 000000000 __SHD C:\WINDOWS\CSC
2017-12-04 08:07 - 2017-12-04 08:07 - 000106496 _____ C:\WINDOWS\Minidump\Mini120417-01.dmp
2017-11-29 11:40 - 2017-11-29 11:40 - 000001689 _____ C:\Documents and Settings\Administrator\Start Menu\Avast Free Antivirus.lnk
2017-11-28 08:30 - 2017-11-28 08:30 - 000144102 _____ C:\Documents and Settings\Administrator\Desktop\verifikasi stor 2017 SERO(ROHAYA) new.zip
2017-11-22 09:48 - 2017-11-22 09:48 - 000000000 _____ C:\Program Files\moz_update_in_progress.lock
2017-11-16 11:23 - 2017-12-06 12:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-15 16:56 - 2017-11-16 10:22 - 000000000 ___SD C:\Documents and Settings\TEMP.NT AUTHORITY
2017-11-15 16:56 - 2017-11-15 16:56 - 000000000 ____D C:\Documents and Settings\TEMP.NT AUTHORITY\Local Settings\Temp
2017-11-15 16:56 - 2017-11-15 16:56 - 000000000 ____D C:\Documents and Settings\TEMP.NT AUTHORITY\Application Data\Infineon
2017-11-15 16:55 - 2017-11-16 10:22 - 000000000 ___SD C:\Documents and Settings\TEMP
2017-11-15 16:55 - 2017-11-15 16:55 - 000000000 ____D C:\Documents and Settings\TEMP\Application Data\Infineon
2017-11-12 08:07 - 2017-11-12 08:07 - 000070127 _____ C:\Documents and Settings\Administrator\Desktop\BORANG_KEW_PS-10.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-07 13:01 - 2008-08-14 04:52 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2017-12-07 12:57 - 2013-07-25 08:28 - 000684328 ____C C:\WINDOWS\ntbtlog.txt
2017-12-07 12:49 - 2006-04-26 02:05 - 000000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-12-07 12:49 - 2006-04-26 02:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-07 12:26 - 2013-07-24 17:10 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-12-07 12:26 - 2006-04-26 01:32 - 000002577 _____ C:\WINDOWS\system32\CONFIG.NT
2017-12-07 11:23 - 2006-04-26 02:05 - 000032522 _____ C:\WINDOWS\SchedLgU.Txt
2017-12-07 11:22 - 2014-03-14 14:36 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-12-07 11:17 - 2016-10-03 08:29 - 000000480 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1475454543.job
2017-12-07 11:17 - 2014-03-14 14:36 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-12-07 10:55 - 2008-08-14 04:52 - 000000000 ____D C:\Documents and Settings\Administrator
2017-12-07 10:54 - 2006-04-26 01:32 - 000000498 _____ C:\WINDOWS\win.ini
2017-12-07 10:54 - 2006-04-26 01:24 - 000000211 __RSH C:\boot.ini
2017-12-07 10:54 - 2006-04-25 18:19 - 000000246 _____ C:\WINDOWS\system.ini
2017-12-07 10:30 - 2017-01-31 08:29 - 000000000 ____D C:\Documents and Settings\Administrator\Desktop\WAN
2017-12-07 08:57 - 2017-02-19 11:34 - 000589824 _____ C:\Documents and Settings\Administrator\Desktop\verifikasi stor 2017 SERO(ROHAYA) new.xls
2017-12-07 08:52 - 2015-11-18 18:52 - 000000000 ____D C:\Documents and Settings\Administrator\Desktop\ROHAYAH
2017-12-07 08:48 - 2017-08-08 15:34 - 000201216 _____ C:\Documents and Settings\Administrator\Desktop\STOK SEMASA SERO.xls
2017-12-06 11:40 - 2016-10-23 15:57 - 000170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-12-06 11:24 - 2008-08-20 23:04 - 000000000 __HDC C:\WINDOWS\$NtUninstallKB920670$
2017-12-05 16:44 - 2016-08-21 08:54 - 000000000 ____D C:\Documents and Settings\Administrator\Desktop\REKOD LATIHAN STAFF
2017-12-04 08:12 - 2006-04-26 01:43 - 000465894 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-04 08:08 - 2016-06-18 13:14 - 000000000 ____D C:\Program Files\TeamViewer
2017-12-04 08:07 - 2015-07-09 19:55 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-21 12:04 - 2016-05-03 16:12 - 000000000 ____D C:\BFMP 2016
2017-11-19 10:23 - 2006-04-26 01:59 - 000001158 _____ C:\WINDOWS\system32\wpa.dbl
2017-11-16 10:22 - 2008-08-14 04:52 - 000000000 ____D C:\WINDOWS\Registration
2017-11-16 10:21 - 2008-08-14 04:52 - 000000000 ____D C:\Documents and Settings
2017-11-16 10:19 - 2006-04-26 01:41 - 000002213 ____C C:\WINDOWS\OEWABLog.txt
2017-11-15 10:32 - 2014-11-26 15:17 - 000091507 _____ C:\Documents and Settings\Administrator\Desktop\kew.psi hsni 2017.xlsx
2017-11-14 10:05 - 2013-04-26 10:16 - 000002449 _____ C:\Documents and Settings\All Users\Start Menu\New Microsoft Office Document.lnk
 
==================== Files in the root of some directories =======
 
2017-11-22 09:48 - 2017-11-22 09:48 - 000000000 _____ () C:\Program Files\moz_update_in_progress.lock
2017-02-16 15:04 - 2017-02-16 15:04 - 000000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2017-08-01 10:29 - 2017-08-01 10:42 - 000000686 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-12-2017
Ran by Administrator (07-12-2017 13:01:47)
Running from C:\
Microsoft Windows XP Professional Service Pack 2 (X86) (2008-08-15 15:05:15)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
ADMIN (S-1-5-21-2867267751-978417955-3886269406-1009 - Administrator - Enabled)
Administrator (S-1-5-21-2867267751-978417955-3886269406-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2867267751-978417955-3886269406-1003 - Limited - Enabled)
Guest (S-1-5-21-2867267751-978417955-3886269406-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2867267751-978417955-3886269406-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2867267751-978417955-3886269406-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (HKLM\...\{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}) (Version: 1.0.0 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
AIO_Scan (HKLM\...\{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}) (Version: 90.0.222.000 - Hewlett-Packard) Hidden
avast! Free Antivirus (HKLM\...\avast) (Version: 8.0.1497.0 - AVAST Software)
Canon LBP2900 (HKLM\...\Canon LBP2900) (Version:  - )
DJ_AIO_Software_min (HKLM\...\{B4F35A00-24FD-4fb3-BF5E-413D5423434D}) (Version: 90.0.222.000 - Hewlett-Packard) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Evolis (HKLM\...\{6F83287B-2CD8-41F9-844D-69F8F438DFDE}) (Version:  - )
Evolis Service (HKLM\...\{1A5EACFF-956E-4CBD-9A87-027E49217678}) (Version:  - )
GetDataBack for FAT (HKLM\...\{2EEEC858-21F8-419B-8FE2-820621BFFCD7}) (Version: 4.33.000 - Runtime Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{90BBACD9-526F-4AD5-8B92-80BB5F5E1A6D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet All-In-One Software 9.0 (HKLM\...\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}) (Version: 9.0 - HP)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppLaserJetService (HKLM\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (HKLM\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (HKLM\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections 12.1.14.1 (HKLM\...\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}) (Version:  - Intel)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
InterVideo Register Manager (HKLM\...\{F18DB86D-BC16-4E01-BCCE-63F62B931D82}) (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1220 - InterVideo Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (HKLM\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Hotfix (KB928366) (HKLM\...\M928366) (Version:  - )
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version:  - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 52.4.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.4.0 ESR (x86 en-US)) (Version: 52.4.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.4.0.6473 - Mozilla)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Roxio Audio Module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio Copy Module (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio Data Module (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.0.0 - Roxio)
Roxio MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.3 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
SafeZone Stable 1.48.2066.101 (HKLM\...\SafeZone 1.48.2066.101) (Version:  - )
Scan (HKLM\...\{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}) (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Sonic Activation Module (HKLM\...\{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}) (Version: 1.0 - Sonic Solutions) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5460 - Analog Devices)
SumatraPDF 3.0 (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Toolbox (HKLM\...\{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Hotfix - KB815304 (HKLM\...\KB815304) (Version: 20050114.083524 - Microsoft Corporation)
Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
Windows XP Hotfix - KB885222 (HKLM\...\KB885222) (Version: 2 - Microsoft Corporation)
Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
Windows XP Hotfix - KB886185 (HKLM\...\KB886185) (Version: 20041021.090540 - Microsoft Corporation)
Windows XP Hotfix - KB886199 (HKLM\...\KB886199) (Version: 20041006.113435 - Microsoft Corporation)
Windows XP Hotfix - KB887472 (HKLM\...\KB887472) (Version: 20041014.162858 - Microsoft Corporation)
Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation)
Windows XP Hotfix - KB889673 (HKLM\...\KB889673) (Version: 20041116.085848 - Microsoft Corporation)
Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2013-08-30] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2013-08-30] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-10-08] (Sonic Solutions)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2013-08-30] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2007-08-24] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2013-08-30] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [NetWareUNCMenu] -> {e3f2bac0-099f-11cf-8daa-00aa004a5691} => C:\WINDOWS\system32\nwprovau.dll [2006-10-13] (Microsoft Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
 
==================== Scheduled Tasks=============================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1475454543.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Documents and Settings\Administrator\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\doPDF 7\Visit the forum.lnk -> hxxp://www.dopdf.com/forum
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-07 11:03 - 2016-09-06 12:00 - 005197312 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-07 11:03 - 2016-09-06 12:00 - 000147456 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-02-28 10:00 - 2013-07-08 08:35 - 000567880 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  csh.actiondesk.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  cms.ad2click.nl
127.0.0.1  ad2games.com
127.0.0.1  ads.ad2games.com
127.0.0.1  content.ad20.net
127.0.0.1  core.ad20.net
127.0.0.1  banner.ad.nu
127.0.0.1  cl21.v4.adaction.se
127.0.0.1  adadvisor.net
127.0.0.1  tag1.adaptiveads.com
127.0.0.1  www.adbanner.ro
 
There are 13755 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2867267751-978417955-3886269406-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\hp1_1024x768.BMP
DNS Servers: 8.8.8.8 - 8.8.4.4
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [9314:TCP] => Enabled:ojsvx
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/07/2017 11:24:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avir.exe, version 1.1.67.18988, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.
Processing media-specific event for [avir.exe!ws!]
 
Error: (12/07/2017 11:17:27 AM) (Source: Intel® AMT) (EventID: 2002) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.
 
Error: (12/04/2017 09:33:36 AM) (Source: Intel® AMT) (EventID: 2002) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.
 
Error: (12/04/2017 08:07:51 AM) (Source: Intel® AMT) (EventID: 2002) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.
 
Error: (11/29/2017 10:05:42 AM) (Source: Intel® AMT) (EventID: 2002) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.
 
Error: (11/28/2017 12:47:39 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 hplaserjetservice.exe, P2 1.1.0.0, P3 4a425ade, P4 hplaserjetservice, P5 1.1.0.0, P6 4a425ade, P7 f9, P8 51, P9 system.io.ioexception, P10 NIL.
 
Error: (11/28/2017 08:30:07 AM) (Source: Intel® AMT) (EventID: 2002) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.
 
Error: (11/27/2017 02:46:23 PM) (Source: Intel® AMT) (EventID: 2002) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.
 
Error: (11/27/2017 02:31:03 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
Error: (11/23/2017 09:38:59 AM) (Source: Intel® AMT) (EventID: 2002) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.
 
 
System errors:
=============
Error: (12/07/2017 01:00:14 PM) (Source: DCOM) (EventID: 10005) (User: SEROLOGI-EVOLIS)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (12/07/2017 12:58:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
Fips
intelppm
 
Error: (12/07/2017 12:58:13 PM) (Source: DCOM) (EventID: 10005) (User: SEROLOGI-EVOLIS)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
 
Error: (12/07/2017 12:58:10 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (12/07/2017 12:58:07 PM) (Source: DCOM) (EventID: 10005) (User: SEROLOGI-EVOLIS)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
 
Error: (12/07/2017 12:57:17 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (12/07/2017 12:50:04 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (12/07/2017 12:49:03 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (12/07/2017 12:26:51 PM) (Source: DCOM) (EventID: 10005) (User: SEROLOGI-EVOLIS)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (12/07/2017 11:25:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Fips
intelppm
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 430 @ 1.80GHz
Percentage of memory in use: 40%
Total physical RAM: 994.23 MB
Available physical RAM: 593.74 MB
Total Virtual: 2390.63 MB
Available Virtual: 2084.21 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.53 GB) (Free:64.66 GB) NTFS ==>[drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: F743F743)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:48 AM

Posted 08 December 2017 - 09:49 PM

Greetings Dreamchaser_jc and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Did you create this or does it look familiar?

C:\Documents and Settings\TEMP.NT AUTHORITY\Application Data\Infineon

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\MountPoints2: {169bfb52-4053-11e3-875c-002264b1b1c8} - F:\urDrive.exe
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\MountPoints2: {2e35cf2f-4c0c-11e3-875e-002264b1b1c8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE  .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\MountPoints2: {6a0ada95-f5f2-11e1-8713-002264b1b1c8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\MountPoints2: {a0b4de66-3e68-11e0-8712-002264b1b1c8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
S2 ekpzvt; C:\WINDOWS\system32\ackkwo.dll [X]
S2 mhfhwzz; C:\WINDOWS\system32\ackkwo.dll [X]
S4 uvmzv; C:\WINDOWS\system32\ydewf.dll [X]
S3 ouskcyyg; \??\C:\WINDOWS\system32\0F.tmp [X]
U1 WS2IFSL; no ImagePath
NETSVC: uvmzv -> C:\WINDOWS\system32\ydewf.dll ==> No File
NETSVC: mhfhwzz -> C:\WINDOWS\system32\ackkwo.dll ==> No File
NETSVC: ekpzvt -> C:\WINDOWS\system32\ackkwo.dll ==> No File
2017-11-22 09:48 - 2017-11-22 09:48 - 000000000 _____ () C:\Program Files\moz_update_in_progress.lock
StandardProfile\GloballyOpenPorts: [9314:TCP] => Enabled:ojsvx
2017-11-15 16:55 - 2017-11-16 10:22 - 000000000 ___SD C:\Documents and Settings\TEMP
ExportKey: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm
zip: C:\WINDOWS\Minidump\Mini120417-01.dmp
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will also create a zip file on your Desktop with today's date and time, example 05.12.2016_13.04.06.zip. Please attach the file to your reply
  • Attempt to boot your computer normally
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Entry look familiar?
  • Fixlog
  • Attached zip file
  • Boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Dreamchaser_jc

Dreamchaser_jc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is balmy
  • Local time:07:48 PM

Posted 09 December 2017 - 08:00 PM

Hello Gary

 

Thank you for looking at the log. I'm sorry for the late reply. Here are the things you requested.

 

The folder TEMP.NT AUTHORITY and contents were not created by me. I've determined that no programs were installed by users of the PC

 

Log:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 09-12-2017
Ran by Administrator (10-12-2017 08:41:46) Run:1
Running from C:\
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Safe Mode (with Networking)
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\MountPoints2: {169bfb52-4053-11e3-875c-002264b1b1c8} - F:\urDrive.exe
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\MountPoints2: {2e35cf2f-4c0c-11e3-875e-002264b1b1c8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE  .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\MountPoints2: {6a0ada95-f5f2-11e1-8713-002264b1b1c8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\MountPoints2: {a0b4de66-3e68-11e0-8712-002264b1b1c8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
S2 ekpzvt; C:\WINDOWS\system32\ackkwo.dll [X]
S2 mhfhwzz; C:\WINDOWS\system32\ackkwo.dll [X]
S4 uvmzv; C:\WINDOWS\system32\ydewf.dll [X]
S3 ouskcyyg; \??\C:\WINDOWS\system32\0F.tmp [X]
U1 WS2IFSL; no ImagePath
NETSVC: uvmzv -> C:\WINDOWS\system32\ydewf.dll ==> No File
NETSVC: mhfhwzz -> C:\WINDOWS\system32\ackkwo.dll ==> No File
NETSVC: ekpzvt -> C:\WINDOWS\system32\ackkwo.dll ==> No File
2017-11-22 09:48 - 2017-11-22 09:48 - 000000000 _____ () C:\Program Files\moz_update_in_progress.lock
StandardProfile\GloballyOpenPorts: [9314:TCP] => Enabled:ojsvx
2017-11-15 16:55 - 2017-11-16 10:22 - 000000000 ___SD C:\Documents and Settings\TEMP
ExportKey: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm
zip: C:\WINDOWS\Minidump\Mini120417-01.dmp
 
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKU\S-1-5-21-2867267751-978417955-3886269406-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{169bfb52-4053-11e3-875c-002264b1b1c8}" => removed successfully.
HKLM\Software\Classes\CLSID\{169bfb52-4053-11e3-875c-002264b1b1c8} => key not found
"HKU\S-1-5-21-2867267751-978417955-3886269406-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e35cf2f-4c0c-11e3-875e-002264b1b1c8}" => removed successfully.
HKLM\Software\Classes\CLSID\{2e35cf2f-4c0c-11e3-875e-002264b1b1c8} => key not found
"HKU\S-1-5-21-2867267751-978417955-3886269406-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a0ada95-f5f2-11e1-8713-002264b1b1c8}" => removed successfully.
HKLM\Software\Classes\CLSID\{6a0ada95-f5f2-11e1-8713-002264b1b1c8} => key not found
"HKU\S-1-5-21-2867267751-978417955-3886269406-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0b4de66-3e68-11e0-8712-002264b1b1c8}" => removed successfully.
HKLM\Software\Classes\CLSID\{a0b4de66-3e68-11e0-8712-002264b1b1c8} => key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
"HKLM\System\CurrentControlSet\Services\ekpzvt" => removed successfully.
ekpzvt => service removed successfully.
"HKLM\System\CurrentControlSet\Services\mhfhwzz" => removed successfully.
mhfhwzz => service removed successfully.
"HKLM\System\CurrentControlSet\Services\uvmzv" => removed successfully.
uvmzv => service removed successfully.
"HKLM\System\CurrentControlSet\Services\ouskcyyg" => removed successfully.
ouskcyyg => service removed successfully.
"HKLM\System\CurrentControlSet\Services\WS2IFSL" => removed successfully.
WS2IFSL => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs uvmzv => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs mhfhwzz => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ekpzvt => value removed successfully.
C:\Program Files\moz_update_in_progress.lock => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9314:TCP => value removed successfully.
C:\Documents and Settings\TEMP => moved successfully
================== ExportKey: ===================
 
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm]
""="Service"
 
=== End of ExportKey ===
================== Zip: ===================
C:\WINDOWS\Minidump\Mini120417-01.dmp -> copied successfully to C:\Documents and Settings\Administrator\Desktop\10.12.2017_08.42.02.zip
=========== Zip: End ===========
 
 
The system needed a reboot.
 
==== End of Fixlog 08:42:03 ====
 
Boot to desktop was successful.
 
Required file attached.
Attached File  10.12.2017_08.42.02.zip   26.56KB   2 downloads
 
The affected computer is not connected to the Internet but I'd have to at least get it connected to the local network for printing and interfacing with some equipments soon.
 
Thanks again! 7:14!

Edited by Dreamchaser_jc, 09 December 2017 - 08:01 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:48 AM

Posted 09 December 2017 - 08:30 PM

Greetings. 

Thanks again! 7:14!

Brought a smile to my face. :thumbsup2:

Looks like we have made some progress.

See if you have Internet access.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
C:\Documents and Settings\TEMP.NT AUTHORITY
C:\Documents and Settings\TEMP
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Please run a fresh FRST scan and copy/paste the 2 reports in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Internet
  • Fixlog
  • FRST reports

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Dreamchaser_jc

Dreamchaser_jc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is balmy
  • Local time:07:48 PM

Posted 09 December 2017 - 10:04 PM

Hey Gary,

 

I might have caused some confusion here. The reason I disconnected from the LAN and Internet is because I don't have an antivirus installed (determined that if I have the AV installed I couldn't log into the desktop properly). I will reinstall the AV in a bit and post back.

 

You could go ahead and let me know if the latest FRST scan was ok.

 

Here are the logs

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 09-12-2017
Ran by Administrator (10-12-2017 10:38:39) Run:2
Running from C:\
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
C:\Documents and Settings\TEMP.NT AUTHORITY
C:\Documents and Settings\TEMP
emptytemp:
 
*****************
 
C:\Documents and Settings\TEMP.NT AUTHORITY => moved successfully
"C:\Documents and Settings\TEMP" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 9574 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/dllcache/drivers => 870316 B
Edge => 0 B
Chrome => 34137764 B
Firefox => 385579355 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 32918 B
All Users => 0 B
systemprofile => 1798161 B
LocalService => 131612 B
NetworkService => 126672 B
Administrator => 63419896 B
 
RecycleBin => 114478494 B
EmptyTemp: => 572.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:41:31 ====
 
New FRST scan 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2017
Ran by Administrator (administrator) on SEROLOGI-EVOLIS (10-12-2017 10:50:36)
Running from C:\
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\WINDOWS\system32\HPSIsvc.exe
(Intel) C:\Program Files\Intel\AMT\LMS.exe
(Intel) C:\Program Files\Intel\AMT\UNS.exe
(CANON INC.) C:\WINDOWS\system32\CNAB4RPK.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [839680 2007-04-27] (Analog Devices, Inc.)
HKLM\...\Run: [SetRefresh] => C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-21] (Hewlett-Packard Company)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [127036 2006-10-08] (Sonic Solutions)
HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [408344 2007-06-07] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272912 2013-05-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-2867267751-978417955-3886269406-500\...\MountPoints2: {bc1a8dfa-fc3f-11e4-87bc-002264b1b1c8} - E:\ActivationTool.exe -p "Q-Capture Pro 7" -i "C:\ProgramData\QImaging, Inc.\Q-Capture Pro 7" -u "hxxp://www.qimaging.com/activate/qcapturepro.php" -e "techsupport@mediacy.com"
HKLM\...\Providers\NetWare or Compatible Network: C:\WINDOWS\system32\nwprovau.dll [142336 2006-10-13] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 nwprovau
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{CD2D6734-CB43-4E34-8FC4-FBB958C307A9}: [NameServer] 8.8.8.8,8.8.4.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
HKU\S-1-5-21-2867267751-978417955-3886269406-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
HKU\S-1-5-21-2867267751-978417955-3886269406-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2867267751-978417955-3886269406-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
URLSearchHook: HKU\S-1-5-21-2867267751-978417955-3886269406-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {12AE554B-98BB-423A-B867-DE329819F10B} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmdtie7-en-gb
SearchScopes: HKLM -> {12AE554B-98BB-423A-B867-DE329819F10B} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmdtie7-en-gb
SearchScopes: HKU\S-1-5-21-2867267751-978417955-3886269406-500 -> DefaultScope {12AE554B-98BB-423A-B867-DE329819F10B} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmdtie7-en-gb
SearchScopes: HKU\S-1-5-21-2867267751-978417955-3886269406-500 -> {12AE554B-98BB-423A-B867-DE329819F10B} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmdtie7-en-gb
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-10-08] (Sonic Solutions)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-28] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-28] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u2ycglyp.default [2017-12-10]
FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u2ycglyp.default -> hxxp://sppa-selatan.moh.gov.my/
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u2ycglyp.default -> type", 0
FF Extension: (Greasemonkey) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u2ycglyp.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-10-04] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll [2015-01-01] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-28] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-21] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Guest Profile [2017-12-10]
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1 [2017-12-10]
CHR Extension: (Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-12]
CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-12]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-28]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-03]
CHR Extension: (Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-12]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-15]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [183064 2007-06-07] (Intel Corporation)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-12] (Hewlett-Packard Co.) [File not signed]
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-28] (Oracle Corporation)
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [109336 2007-06-07] (Intel)
S3 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [174032 2017-10-01] (Mozilla Foundation) [File not signed]
S3 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S3 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2006-10-13] (Microsoft Corporation)
S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2521880 2007-06-07] (Intel)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S4 adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [105472 2002-05-09] (Adaptec, Inc.) [File not signed]
S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [86016 2017-07-27] (AVAST Software)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [26044 2006-10-08] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2006-03-17] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2006-10-08] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [87004 2006-10-08] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [15068 2006-10-08] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2006-10-08] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2006-03-17] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94460 2006-10-08] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [88476 2006-10-08] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89456 2006-08-18] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2006-03-17] (Sonic Solutions) [File not signed]
S3 ggsomc; C:\WINDOWS\System32\DRIVERS\ggsomc.sys [26328 2014-08-22] (Sony Mobile Communications)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-09] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-09] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-09] (HP)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-04] (Intel® Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-04] (Intel® Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-04] (Intel® Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-04] (Intel® Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-04] (Intel® Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-04] (Intel® Corporation)
S3 iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [11807 2004-08-04] (Intel® Corporation)
S3 iAimFP6; C:\WINDOWS\System32\DRIVERS\wADV08nt.sys [11295 2004-08-04] (Intel® Corporation)
S3 iAimFP7; C:\WINDOWS\System32\DRIVERS\wADV09nt.sys [11871 2004-08-04] (Intel® Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-04] (Intel® Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-04] (Intel® Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-04] (Intel® Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-04] (Intel® Corporation)
S3 iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [25471 2004-08-04] (Intel® Corporation)
S3 iAimTV6; C:\WINDOWS\System32\DRIVERS\wATV06nt.sys [22271 2004-08-04] (Intel® Corporation)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2007-12-18] (Infineon Technologies AG)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88448 2006-02-28] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2006-02-28] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2006-02-28] (Microsoft Corporation)
S3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2006-10-13] (Microsoft Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42496 2006-02-28] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
S4 Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-10 08:41 - 2017-12-10 10:41 - 000001241 _____ C:\Fixlog.txt
2017-12-07 13:01 - 2017-12-10 10:50 - 000000366 _____ C:\Addition.txt
2017-12-07 13:00 - 2017-12-10 10:50 - 000016544 _____ C:\FRST.txt
2017-12-07 13:00 - 2017-12-10 10:46 - 000000000 ____D C:\FRST
2017-12-07 13:00 - 2017-12-10 08:39 - 001751040 _____ (Farbar) C:\FRST.exe
2017-12-07 12:26 - 2017-12-07 12:26 - 000000000 ____D C:\Program Files\AVAST Software
2017-12-07 12:26 - 2013-08-30 15:47 - 000229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-12-06 12:34 - 2017-12-06 12:34 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\avastSWCUTemp
2017-12-06 11:35 - 2017-12-06 11:35 - 000000000 __SHD C:\WINDOWS\CSC
2017-12-04 08:07 - 2017-12-04 08:07 - 000106496 _____ C:\WINDOWS\Minidump\Mini120417-01.dmp
2017-11-29 11:40 - 2017-11-29 11:40 - 000001689 _____ C:\Documents and Settings\Administrator\Start Menu\Avast Free Antivirus.lnk
2017-11-28 08:30 - 2017-11-28 08:30 - 000144102 _____ C:\Documents and Settings\Administrator\Desktop\verifikasi stor 2017 SERO(ROHAYA) new.zip
2017-11-16 11:23 - 2017-12-06 12:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-12 08:07 - 2017-11-12 08:07 - 000070127 _____ C:\Documents and Settings\Administrator\Desktop\BORANG_KEW_PS-10.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-10 10:50 - 2008-08-14 04:52 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2017-12-10 10:44 - 2016-10-03 08:29 - 000000480 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1475454543.job
2017-12-10 10:44 - 2014-03-14 14:36 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-12-10 10:43 - 2006-04-26 02:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-10 10:42 - 2006-04-26 02:05 - 000032614 _____ C:\WINDOWS\SchedLgU.Txt
2017-12-10 10:42 - 2006-04-26 02:05 - 000000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-12-10 10:41 - 2008-08-14 04:52 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2017-12-10 10:38 - 2008-08-14 04:52 - 000000000 ____D C:\Documents and Settings
2017-12-10 10:22 - 2014-03-14 14:36 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-12-10 08:41 - 2013-07-25 08:28 - 000754196 ____C C:\WINDOWS\ntbtlog.txt
2017-12-10 08:35 - 2006-04-26 01:59 - 000001158 _____ C:\WINDOWS\system32\wpa.dbl
2017-12-07 15:06 - 2017-01-31 08:29 - 000000000 ____D C:\Documents and Settings\Administrator\Desktop\WAN
2017-12-07 13:07 - 2013-07-24 17:10 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-12-07 12:26 - 2006-04-26 01:32 - 000002577 _____ C:\WINDOWS\system32\CONFIG.NT
2017-12-07 10:55 - 2008-08-14 04:52 - 000000000 ____D C:\Documents and Settings\Administrator
2017-12-07 10:54 - 2006-04-26 01:32 - 000000498 _____ C:\WINDOWS\win.ini
2017-12-07 10:54 - 2006-04-26 01:24 - 000000211 __RSH C:\boot.ini
2017-12-07 10:54 - 2006-04-25 18:19 - 000000246 _____ C:\WINDOWS\system.ini
2017-12-07 08:57 - 2017-02-19 11:34 - 000589824 _____ C:\Documents and Settings\Administrator\Desktop\verifikasi stor 2017 SERO(ROHAYA) new.xls
2017-12-07 08:52 - 2015-11-18 18:52 - 000000000 ____D C:\Documents and Settings\Administrator\Desktop\ROHAYAH
2017-12-07 08:48 - 2017-08-08 15:34 - 000201216 _____ C:\Documents and Settings\Administrator\Desktop\STOK SEMASA SERO.xls
2017-12-06 11:40 - 2016-10-23 15:57 - 000170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-12-06 11:24 - 2008-08-20 23:04 - 000000000 __HDC C:\WINDOWS\$NtUninstallKB920670$
2017-12-05 16:44 - 2016-08-21 08:54 - 000000000 ____D C:\Documents and Settings\Administrator\Desktop\REKOD LATIHAN STAFF
2017-12-04 08:12 - 2006-04-26 01:43 - 000465894 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-04 08:08 - 2016-06-18 13:14 - 000000000 ____D C:\Program Files\TeamViewer
2017-12-04 08:07 - 2015-07-09 19:55 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-21 12:04 - 2016-05-03 16:12 - 000000000 ____D C:\BFMP 2016
2017-11-16 10:22 - 2008-08-14 04:52 - 000000000 ____D C:\WINDOWS\Registration
2017-11-16 10:19 - 2006-04-26 01:41 - 000002213 ____C C:\WINDOWS\OEWABLog.txt
2017-11-15 10:32 - 2014-11-26 15:17 - 000091507 _____ C:\Documents and Settings\Administrator\Desktop\kew.psi hsni 2017.xlsx
2017-11-14 10:05 - 2013-04-26 10:16 - 000002449 _____ C:\Documents and Settings\All Users\Start Menu\New Microsoft Office Document.lnk
 
==================== Files in the root of some directories =======
 
2017-02-16 15:04 - 2017-02-16 15:04 - 000000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2017-08-01 10:29 - 2017-08-01 10:42 - 000000686 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-12-2017
Ran by Administrator (10-12-2017 10:51:11)
Running from C:\
Microsoft Windows XP Professional Service Pack 2 (X86) (2008-08-15 15:05:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
ADMIN (S-1-5-21-2867267751-978417955-3886269406-1009 - Administrator - Enabled)
Administrator (S-1-5-21-2867267751-978417955-3886269406-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2867267751-978417955-3886269406-1003 - Limited - Enabled)
Guest (S-1-5-21-2867267751-978417955-3886269406-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2867267751-978417955-3886269406-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2867267751-978417955-3886269406-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (HKLM\...\{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}) (Version: 1.0.0 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
AIO_Scan (HKLM\...\{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}) (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Canon LBP2900 (HKLM\...\Canon LBP2900) (Version:  - )
DJ_AIO_Software_min (HKLM\...\{B4F35A00-24FD-4fb3-BF5E-413D5423434D}) (Version: 90.0.222.000 - Hewlett-Packard) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Evolis (HKLM\...\{6F83287B-2CD8-41F9-844D-69F8F438DFDE}) (Version:  - )
Evolis Service (HKLM\...\{1A5EACFF-956E-4CBD-9A87-027E49217678}) (Version:  - )
GetDataBack for FAT (HKLM\...\{2EEEC858-21F8-419B-8FE2-820621BFFCD7}) (Version: 4.33.000 - Runtime Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{90BBACD9-526F-4AD5-8B92-80BB5F5E1A6D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet All-In-One Software 9.0 (HKLM\...\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}) (Version: 9.0 - HP)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppLaserJetService (HKLM\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (HKLM\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (HKLM\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections 12.1.14.1 (HKLM\...\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}) (Version:  - Intel)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
InterVideo Register Manager (HKLM\...\{F18DB86D-BC16-4E01-BCCE-63F62B931D82}) (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1220 - InterVideo Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (HKLM\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Hotfix (KB928366) (HKLM\...\M928366) (Version:  - )
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version:  - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 52.4.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.4.0 ESR (x86 en-US)) (Version: 52.4.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.4.0.6473 - Mozilla)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Roxio Audio Module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio Copy Module (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio Data Module (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.0.0 - Roxio)
Roxio MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.3 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
SafeZone Stable 1.48.2066.101 (HKLM\...\SafeZone 1.48.2066.101) (Version:  - )
Scan (HKLM\...\{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}) (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Sonic Activation Module (HKLM\...\{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}) (Version: 1.0 - Sonic Solutions) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5460 - Analog Devices)
SumatraPDF 3.0 (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Toolbox (HKLM\...\{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Hotfix - KB815304 (HKLM\...\KB815304) (Version: 20050114.083524 - Microsoft Corporation)
Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
Windows XP Hotfix - KB885222 (HKLM\...\KB885222) (Version: 2 - Microsoft Corporation)
Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
Windows XP Hotfix - KB886185 (HKLM\...\KB886185) (Version: 20041021.090540 - Microsoft Corporation)
Windows XP Hotfix - KB886199 (HKLM\...\KB886199) (Version: 20041006.113435 - Microsoft Corporation)
Windows XP Hotfix - KB887472 (HKLM\...\KB887472) (Version: 20041014.162858 - Microsoft Corporation)
Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation)
Windows XP Hotfix - KB889673 (HKLM\...\KB889673) (Version: 20041116.085848 - Microsoft Corporation)
Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-10-08] (Sonic Solutions)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2007-08-24] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [NetWareUNCMenu] -> {e3f2bac0-099f-11cf-8daa-00aa004a5691} => C:\WINDOWS\system32\nwprovau.dll [2006-10-13] (Microsoft Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
 
==================== Scheduled Tasks=============================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1475454543.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Documents and Settings\Administrator\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\doPDF 7\Visit the forum.lnk -> hxxp://www.dopdf.com/forum
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-09-05 01:51 - 2010-03-04 16:55 - 000147456 _____ () C:\WINDOWS\system32\HP1100LM.DLL
2012-09-05 01:51 - 2010-03-04 16:55 - 000069632 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2012-09-05 01:50 - 2010-03-06 15:40 - 000081920 ____R () C:\WINDOWS\system32\mvusbews.dll
2009-08-04 17:23 - 2009-08-04 17:23 - 000063032 _____ () C:\Program Files\HP\HP UT LEDM\bin\HPTools.dll
2009-08-04 17:23 - 2009-08-04 17:23 - 000075320 _____ () C:\Program Files\HP\HP UT LEDM\bin\HPToolkit.dll
2009-08-04 17:22 - 2009-08-04 17:22 - 000136248 _____ () C:\Program Files\HP\HP UT LEDM\bin\DMBaseObjects.dll
2009-08-04 17:22 - 2009-08-04 17:22 - 000678968 _____ () C:\Program Files\HP\HP UT LEDM\bin\LEDMXMLObjects.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-02-28 10:00 - 2013-07-08 08:35 - 000567880 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  csh.actiondesk.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  cms.ad2click.nl
127.0.0.1  ad2games.com
127.0.0.1  ads.ad2games.com
127.0.0.1  content.ad20.net
127.0.0.1  core.ad20.net
127.0.0.1  banner.ad.nu
127.0.0.1  cl21.v4.adaction.se
127.0.0.1  adadvisor.net
127.0.0.1  tag1.adaptiveads.com
127.0.0.1  www.adbanner.ro
 
There are 13755 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2867267751-978417955-3886269406-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\hp1_1024x768.BMP
DNS Servers: 8.8.8.8 - 8.8.4.4
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
==================== Restore Points =========================
 
07-12-2017 13:33:26 System Checkpoint
30-09-3482 06:29:14 System Checkpoint
10-12-2017 09:30:30 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Management Engine Interface
Description: Intel® Management Engine Interface
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: HECI
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/10/2017 10:47:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 9.12.2017.0, faulting module frst.exe, version 9.12.2017.0, fault address 0x000211de.
Processing media-specific event for [frst.exe!ws!]
 
Error: (12/10/2017 10:43:25 AM) (Source: Intel® AMT) (EventID: 2002) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.
 
Error: (12/10/2017 10:43:18 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
Description: LMS Service cannot connect to HECI driver
 
Error: (12/10/2017 08:43:07 AM) (Source: Intel® AMT) (EventID: 2002) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.
 
Error: (12/10/2017 08:42:56 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
Description: LMS Service cannot connect to HECI driver
 
Error: (03/28/1970 06:46:16 PM) (Source: Intel® AMT) (EventID: 2002) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.
 
Error: (03/28/1970 06:46:16 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
Description: LMS Service cannot connect to HECI driver
 
Error: (12/07/2017 01:08:03 PM) (Source: Intel® AMT) (EventID: 2002) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.
 
Error: (12/07/2017 11:24:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avir.exe, version 1.1.67.18988, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.
Processing media-specific event for [avir.exe!ws!]
 
Error: (12/07/2017 11:17:27 AM) (Source: Intel® AMT) (EventID: 2002) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.
 
 
System errors:
=============
Error: (12/10/2017 10:43:30 AM) (Source: 0) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (12/10/2017 10:43:17 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (12/10/2017 08:57:41 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NwlnkNb.
The backup browser is stopping.
 
Error: (12/10/2017 08:43:18 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (12/10/2017 08:43:15 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (12/10/2017 08:43:09 AM) (Source: 0) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (12/10/2017 08:43:03 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (12/10/2017 08:42:55 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (12/10/2017 08:42:17 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (12/10/2017 08:41:35 AM) (Source: DCOM) (EventID: 10005) (User: SEROLOGI-EVOLIS)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 430 @ 1.80GHz
Percentage of memory in use: 30%
Total physical RAM: 1010.23 MB
Available physical RAM: 697.22 MB
Total Virtual: 2401.38 MB
Available Virtual: 2168.32 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.53 GB) (Free:64.36 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: () (Removable) (Total:14.4 GB) (Free:11.56 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: F743F743)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 002992C2)
No partition Table on disk 1.
 
==================== End of Addition.txt ============================

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:48 AM

Posted 09 December 2017 - 10:20 PM

Logs look good. Let me know how you do with the antivirus installation.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Dreamchaser_jc

Dreamchaser_jc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is balmy
  • Local time:07:48 PM

Posted 09 December 2017 - 10:25 PM

Update: Version 8 of Avast (updated definition 171209) has been installed and Windows boot normally!



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:48 AM

Posted 09 December 2017 - 11:15 PM

Are you currently having any issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Dreamchaser_jc

Dreamchaser_jc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is balmy
  • Local time:07:48 PM

Posted 09 December 2017 - 11:47 PM

Are you currently having any issues?

 

So far so good. It's now back to daily use. But before you give the all-clear, Gary, I have some questions:

 

  1. What really happened? Was it malware?
  2. The random strings following Chrome extension are normal right?


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:48 AM

Posted 10 December 2017 - 10:14 AM

Greetings.

We have a little bit more to do but I wanted to get a status report first.
 

What really happened? Was it malware?

There is clear evidence of malware that was once on the computer but appeared to have already been removed. The following is an example:

S2 ekpzvt; C:\WINDOWS\system32\ackkwo.dll [X]

What this example shows is there were randomly named services (malicious) that were scheduled to be launched at computer startup. The information to the left, i.e. S2 ekpzvt, reflects a registry entry that tells the system to launch the corresponding file at the location specified. In this case the file would be found at C:\WINDOWS\system32\ackkwo.dll. In the above entry the [X] after the file location indicates the file is no longer there. In the previous work to remove malware only part of it was removed. The file was the actual malware but the registry entry, which is the triggering mechanism, needs to be removed as well.

This is a simplistic explanation and does not mean these particular entries were the source of the problem. There could be other entries in the fixlist that came into play. Sometimes partial cleaning of malware results in system corruption. In answer to your question, yes you had malware but I can't say whether or not at the time you posted you had active malware on your system. It could be that or we simply reversed a corruption(s).

-----
 

The random strings following Chrome extension are normal right?

They look random, and in a sense they are, but they are legitimate. If you Google the string you will get confirmation they are associated with the extension names. We do check those as part of our analysis.

-----

I would like you to consider updating your computer to XP Service Pack 3 but before doing that I would like to run these.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Questions answered?
  • ESET log
  • Security Analysis log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Dreamchaser_jc

Dreamchaser_jc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is balmy
  • Local time:07:48 PM

Posted 10 December 2017 - 11:59 PM

Thanks for the answers. Completed both scans and here's the log for RGSA. ESET finished without finding any threats and no logs.

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 4th December, 2017
Running from:C:\Documents and Settings\Administrator\My Documents\Downloads (12:57:49 - 12/11/2017)
***---------------------------------------------------------***
Microsoft Windows XP Professional X86 Service Pack 2 ==> Service Pack is out of Date
WARNING! Windows XP is no longer supported
Internet Explorer 6.0.2900.2180 ==> is out of Date
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
avast! Antivirus (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (16.0.0.235) ==> is out of Date
Google Chrome (49.0.2623.112) ==> is out of Date
Java (7.0.670) ==> is out of Date
Malwarebytes (2.2.1.1043) ==> is out of Date
Mozilla Firefox (52.4.0) ==> is out of Date
 
***----------------Analysis Complete-------------------------***

 

 

Edit: Yes, will update to SP3 if the download location at MG (http://www.majorgeeks.com/files/details/microsoft_windows_xp_service_pack_3.html) is ok. The page on Microsoft no longer accessible. 


Edited by Dreamchaser_jc, 11 December 2017 - 12:09 AM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:48 AM

Posted 11 December 2017 - 09:46 AM

Greetings,

Yes, that is a trustworthy source. You should also update the following programs:
 

Adobe Flash Player NPAPI (16.0.0.235) ==> is out of Date
Google Chrome (49.0.2623.112) ==> is out of Date
Java (7.0.670) ==> is out of Date
Malwarebytes (2.2.1.1043) ==> is out of Date
Mozilla Firefox (52.4.0) ==> is out of Date

 

Let me know how it goes.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Dreamchaser_jc

Dreamchaser_jc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is balmy
  • Local time:07:48 PM

Posted 12 December 2017 - 01:17 AM

Hello Gary,

 

Updates went well. Will download SP3 over the weekend. After that will continue with MBAM, Chrome and Firefox (this version shown on Help>About to be up-to-date for SP2 I presume).

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 4th December, 2017
Running from:C:\Documents and Settings\Administrator\My Documents\Downloads (14:16:24 - 12/12/2017)
***---------------------------------------------------------***
Microsoft Windows XP Professional X86 Service Pack 2 ==> Service Pack is out of Date
WARNING! Windows XP is no longer supported
Internet Explorer 6.0.2900.2180 ==> is out of Date
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
avast! Antivirus (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (27.0.0.187)
Google Chrome (49.0.2623.112) ==> is out of Date
Java (8.0.1510.12)
Mozilla Firefox (52.5.2) ==> is out of Date
 
***----------------Analysis Complete-------------------------***
 
Please let me know if everything is in order. Thank you for your assistance.

Edited by Dreamchaser_jc, 12 December 2017 - 03:39 AM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:48 AM

Posted 12 December 2017 - 09:35 AM

You might need an older version of programs that are compatible with XP. As a result programs like Rocket Grannie might continue to show out of date programs. The main concern is updating XP to Service Pack 3, although even with that the operating system is vulnerable because it is no longer supported.

If you are comfortable completing the rest we can close the topic and you can send me a Personal Message if something comes up. Let me know your thoughts on this before I provide some closing information.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Dreamchaser_jc

Dreamchaser_jc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is balmy
  • Local time:07:48 PM

Posted 12 December 2017 - 09:37 PM

The end of support was unfortunate but I don't foresee any upgrades to the system in the near future. I understand the associated risks running an outdated OS and will do most of my work on a personal laptop. The PC is used locally to communicate with machines via programs that run on XP.

 

I believe we've covered much. Will wait for your final words and subsequent closure of the topic.

 

Thanks again! :santa:


Edited by Dreamchaser_jc, 12 December 2017 - 09:37 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users