Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Did it to myself again. svchost.exe problem.


  • This topic is locked This topic is locked
27 replies to this topic

#1 atomicsocks

atomicsocks

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 11 January 2018 - 10:29 AM

I was mistaken as to what site gave me the virus last time and managed to re-infect myself with the same problem as last time as shown in this thread here. Sorry for being such a doofus.
https://www.bleepingcomputer.com/forums/t/663837/possible-svchost-virus/#entry4394566

 

Computer running incredibly slow. Task manager says CPU running at 100%.
A particular svchost process is using up all the processing power.
Killing it in task manager brings everything back up to normal speed but kills my internet after a few minutes.


Here are the results of the latest frst scan.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.01.2018
Ran by Erik (administrator) on ERIKS (11-01-2018 08:46:07)
Running from C:\Documents and Settings\Erik\Desktop
Loaded Profiles: Erik (Available Profiles: Erik & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(GFI Software) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Lavasoft Limited) C:\PROGRA~1\AD-AWA~1\AdAware.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Trimble Navigation Limited) C:\Program Files\Google\Google SketchUp 8\SketchUp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16859648 2008-01-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM\...\Run: [Ad-Aware Antivirus] => "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-09-06] (RealNetworks, Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\Run: [Google Update] => C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-12-08] (Google Inc.)
HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7814600 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-299502267-1336601894-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{9953C2F4-F93F-4222-830B-0494863E96BF}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-299502267-1336601894-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-299502267-1336601894-839522115-1003 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files\MGTEK\Adblock IE\adblockie.dll [2014-01-10] (MGTEK)
BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-01] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-01] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-299502267-1336601894-839522115-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-07-19] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF DefaultProfile: vkc6tiud.default-1380748488578
FF ProfilePath: C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578 [2018-01-11]
FF Extension: (Disconnect) - C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578\Extensions\2.0@disconnect.me.xpi [2017-11-19]
FF Extension: (uBlock Origin) - C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578\Extensions\uBlock0@raymondhill.net.xpi [2017-12-15]
FF Extension: (NoScript) - C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-12-11] [Legacy]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-13]
FF Extension: (Greasemonkey) - C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-12-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-28] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-06] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-09-06] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-09-06] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Erik\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Erik\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Erik\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Erik\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-12-03]
CHR Extension: (Docs) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-17]
CHR Extension: (Google Drive) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-11]
CHR Extension: (YouTube) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-11]
CHR Extension: (Google Search) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-11]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-15]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-17]
CHR Extension: (Gmail) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-06]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1226096 2012-05-03] (Lavasoft Limited)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-01-09] (Adobe Systems Incorporated) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
S3 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [271760 2009-04-27] ()
R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [549144 2014-05-21] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S3 ax88772; C:\WINDOWS\System32\DRIVERS\ax88772.sys [17216 2004-08-06] (ASIX Electronics Corp.) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-21] (Adaptec, Inc.) [File not signed]
R2 EAPPkt; C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [38144 2010-12-06] (Realtek) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59896 2017-12-04] ()
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hidkmdf; C:\WINDOWS\System32\DRIVERS\hidkmdf.sys [12088 2014-03-17] (Windows ® Win 7 DDK provider)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40376 2017-11-30] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2018-01-11] (Malwarebytes)
S3 MpFilter; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [145952 2008-11-12] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [21240 2011-11-29] (GFI Software)
R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [77816 2011-11-29] (GFI Software)
R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [335224 2011-12-19] (GFI Software)
S3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [94584 2011-09-29] (GFI Software)
R3 SBFWIMCLMP; C:\WINDOWS\System32\DRIVERS\SBFWIM.sys [94584 2011-09-29] (GFI Software)
S3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [93816 2011-12-19] (GFI Software)
R1 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
R1 sbtis; C:\WINDOWS\System32\drivers\sbtis.sys [217976 2011-12-19] (GFI Software)
S3 WacHidRouter; C:\WINDOWS\System32\DRIVERS\wachidrouter.sys [80696 2014-03-17] (Wacom Technology)
S3 wacomrouterfilter; C:\WINDOWS\System32\DRIVERS\wacomrouterfilter.sys [13112 2014-03-17] (Wacom Technology)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-11 08:46 - 2018-01-11 08:56 - 000020986 _____ C:\Documents and Settings\Erik\Desktop\FRST.txt
2018-01-11 08:26 - 2018-01-11 08:53 - 000794534 _____ C:\Documents and Settings\Erik\My Documents\AutoSave_delplane2.skp
2018-01-10 14:32 - 2018-01-11 07:25 - 000000640 _____ C:\Documents and Settings\Erik\Desktop\Fixlog.txt
2018-01-10 13:51 - 2018-01-11 08:46 - 000000000 ____D C:\FRST
2018-01-10 03:00 - 2018-01-10 03:03 - 001753600 _____ (Farbar) C:\Documents and Settings\Erik\Desktop\FRST.exe
2018-01-06 18:48 - 2018-01-08 11:48 - 000452316 _____ C:\Documents and Settings\Erik\My Documents\delplane2.skb
2018-01-06 13:29 - 2018-01-10 01:41 - 000801778 _____ C:\Documents and Settings\Erik\My Documents\delplane2.skp
2017-12-29 02:40 - 2018-01-04 22:15 - 004094944 _____ C:\Documents and Settings\Erik\My Documents\stuff.skb
2017-12-28 21:15 - 2017-12-28 21:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-28 01:53 - 2017-12-31 00:04 - 000255353 _____ C:\Documents and Settings\Erik\My Documents\valveplate.skb
2017-12-28 01:51 - 2017-12-31 14:20 - 000255369 _____ C:\Documents and Settings\Erik\My Documents\valveplate.skp
2017-12-27 19:48 - 2018-01-05 01:25 - 004450053 _____ C:\Documents and Settings\Erik\My Documents\stuff.skp
2017-12-22 20:01 - 2017-12-24 17:13 - 001408502 _____ C:\Documents and Settings\Erik\My Documents\turb22.skb
2017-12-22 18:55 - 2017-12-28 23:14 - 001403371 _____ C:\Documents and Settings\Erik\My Documents\turb22.skp
2017-12-12 19:57 - 2018-01-11 08:13 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-12-12 19:56 - 2018-01-09 21:17 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-12-12 19:56 - 2018-01-09 21:17 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-11 08:57 - 2011-12-28 10:21 - 000000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{9F352F51-B56A-46CB-95D5-334D93DDD995}.job
2018-01-11 08:56 - 2012-04-11 05:55 - 000000000 ____D C:\Documents and Settings\Erik\Local Settings\temp
2018-01-11 08:54 - 2013-04-18 19:41 - 000000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1336601894-839522115-1003UA.job
2018-01-11 08:53 - 2011-12-28 09:09 - 000000000 ____D C:\Documents and Settings\Erik
2018-01-11 08:39 - 2012-05-13 16:20 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-01-11 07:27 - 2011-12-27 12:54 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2018-01-11 07:02 - 2011-12-28 08:57 - 000032484 _____ C:\WINDOWS\SchedLgU.Txt
2018-01-11 06:59 - 2017-11-28 04:02 - 000000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2018-01-11 06:59 - 2017-11-22 03:25 - 000000326 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2018-01-11 06:59 - 2017-11-19 04:13 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-01-11 06:59 - 2012-12-24 17:40 - 000000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2018-01-11 06:59 - 2004-08-04 07:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2018-01-11 06:58 - 2014-09-14 15:05 - 000000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2018-01-11 06:57 - 2015-04-20 10:03 - 000000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2018-01-11 06:57 - 2013-10-16 15:12 - 000000298 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2018-01-11 06:57 - 2012-05-23 23:49 - 000001615 _____ C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2018-01-11 06:57 - 2012-05-13 16:20 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-01-11 06:57 - 2012-03-21 23:20 - 000000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2018-01-11 06:57 - 2011-12-28 08:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-11 06:56 - 2011-12-28 09:09 - 000000178 ___SH C:\Documents and Settings\Erik\ntuser.ini
2018-01-11 05:54 - 2012-04-11 05:55 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2018-01-11 05:00 - 2012-03-21 23:20 - 000000284 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2018-01-11 04:35 - 2012-05-23 23:41 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2018-01-11 04:32 - 2013-04-24 19:40 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-01-11 00:30 - 2012-02-09 00:30 - 000000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2018-01-10 11:55 - 2013-04-18 19:41 - 000000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1336601894-839522115-1003Core.job
2018-01-10 00:41 - 2014-09-14 15:05 - 000000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2018-01-09 22:22 - 2013-01-07 01:02 - 000000324 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2018-01-09 21:17 - 2011-12-27 18:05 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-08 17:26 - 2015-04-20 10:03 - 000000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2018-01-08 10:24 - 2013-01-07 01:02 - 000000306 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2018-01-07 04:00 - 2012-05-24 16:32 - 000000942 _____ C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2018-01-05 23:20 - 2012-03-22 22:01 - 000007680 ___SH C:\WINDOWS\Thumbs.db
2018-01-04 16:57 - 2012-11-28 16:43 - 000000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2018-01-03 23:40 - 2012-12-30 19:00 - 000000000 ____D C:\Documents and Settings\Erik\My Documents\My PSP8 Files
2018-01-01 08:38 - 2014-09-14 15:05 - 000000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-12-19 23:34 - 2017-12-02 21:26 - 003418970 _____ C:\Documents and Settings\Erik\My Documents\crow.skp
2017-12-19 23:13 - 2017-12-02 21:36 - 003379648 _____ C:\Documents and Settings\Erik\My Documents\crow.skb
2017-12-12 20:14 - 2011-12-28 15:13 - 000000000 ____D C:\Documents and Settings\Erik\Local Settings\Application Data\Adobe

==================== Files in the root of some directories =======

2015-08-29 07:06 - 2015-08-29 07:06 - 006420480 _____ () C:\Program Files\GUT290F.tmp
2014-03-24 04:15 - 2011-06-22 16:29 - 020714876 _____ (Pixologic                                                    ) C:\Program Files\Sculptris Alpha 6.exe
2012-03-17 15:18 - 2012-03-17 15:18 - 000944264 _____ (Skype Technologies S.A.) C:\Program Files\SkypeSetup.exe
2012-05-23 23:49 - 2012-05-23 23:49 - 000000000 _____ () C:\Documents and Settings\Erik\Application Data\adaware-installer-reboot-required.tmp
2011-12-28 15:12 - 2017-04-13 20:38 - 000000486 _____ () C:\Documents and Settings\Erik\Application Data\wklnhst.dat
2012-03-22 22:01 - 2017-04-08 22:37 - 000018432 _____ () C:\Documents and Settings\Erik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-17 06:51 - 2015-04-17 06:51 - 000000000 _____ () C:\Documents and Settings\Erik\Local Settings\Application Data\{643F3733-FC68-4CEA-B7D4-28FE8B932648}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================




Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.01.2018
Ran by Erik (11-01-2018 09:04:09)
Running from C:\Documents and Settings\Erik\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-12-27 23:08:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-299502267-1336601894-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-299502267-1336601894-839522115-1004 - Limited - Enabled)
Erik (S-1-5-21-299502267-1336601894-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Erik
Guest (S-1-5-21-299502267-1336601894-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-299502267-1336601894-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-299502267-1336601894-839522115-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Lavasoft Ad-Aware (Enabled - Out of date) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware (Disabled) {FF1CD5B7-1553-4625-A258-1775385CED33}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29126 - BitTorrent Inc.)
Ad-Aware Antivirus (HKLM\...\{fc8208f2-b1c1-4253-9e89-d518e983b7bb}) (Version: 10.1.211.3382 - Lavasoft Limited)
Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 0.9.0.2 - Lavasoft)
Ad-Aware Security Toolbar (HKLM\...\adawaretb) (Version: 2.1.0.20 - Lavasoft)
Adblock IE 3.0 (HKLM\...\{56D02496-CD68-4576-B1AE-D572E8EAFF3D}) (Version: 3.0.2496 - MGTEK)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AMDAway INF (HKLM\...\AMDAway INF) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Belkin USB Wireless Adapter (HKLM\...\{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) Hidden
Belkin USB Wireless Adapter (HKLM\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Blast Thru (HKLM\...\Blast Thru) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3518.52 - CyberLink Corp.)
E.M. Total Video Player 1.31 (HKLM\...\E.M. Total Video Player 1.31_is1) (Version:  - EffectMatrix Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High-Definition Video Playback (HKLM\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.1.13500.43.0 - Nero AG) Hidden
Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LEGO Digital Designer (HKLM\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 52.5.3 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.5.3 ESR (x86 en-US)) (Version: 52.5.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.5.3.6569 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG)
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11500.17.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.11100 - Nero AG)
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11300.12.100 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PCGen6000 (HKLM\...\PCGen6000) (Version:  - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (HKLM\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5548 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Screencast-O-Matic (HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Sculptris Alpha 6 (HKLM\...\{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic) Hidden
Sculptris Alpha 6 (HKLM\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic)
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SketchUp 8 (HKLM\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype™ 7.7 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Three Drinks (HKLM\...\Three Drinks_is1) (Version:  - )
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
Unity Web Player (HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\UnityWebPlayer) (Version: 5.0.2f1 - Unity Technologies ApS)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-6 - Wacom Technology Corp.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2014-03-11] (Microsoft Corporation)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\Ad-Aware Antivirus\AdAwareShellExtension.dll [2012-05-03] (Lavasoft Limited)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2014-03-11] (Microsoft Corporation)
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\Ad-Aware Antivirus\AdAwareShellExtension.dll [2012-05-03] (Lavasoft Limited)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2014-03-11] (Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\WINDOWS\system32\nvshell.dll [2009-01-16] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2009-01-16] (NVIDIA Corporation)
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1336601894-839522115-1003Core.job => C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1336601894-839522115-1003UA.job => C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{9F352F51-B56A-46CB-95D5-334D93DDD995}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Erik\Start Menu\Programs\PCGen\PCGen6000\PCGen6000-Low.lnk -> C:\Documents and Settings\Erik\My Documents\mtd\PCGen\PCGen6000\pcgen_low_mem.bat ()

==================== Loaded Modules (Whitelisted) ==============

2013-08-14 14:19 - 2013-08-14 14:19 - 000039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-12-28 14:15 - 2009-04-27 05:22 - 000271760 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2012-05-24 16:33 - 2014-12-19 05:01 - 000192376 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
2012-05-24 16:33 - 2014-12-19 05:01 - 000180088 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2014-09-14 15:04 - 2014-05-13 11:04 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-14 15:04 - 2014-05-13 11:04 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-14 15:04 - 2014-05-13 11:04 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-11-19 04:09 - 2017-12-04 21:36 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2004-08-04 07:00 - 2013-01-02 01:49 - 001292288 _____ () C:\WINDOWS\system32\quartz.dll
2011-11-26 13:34 - 2011-11-26 13:34 - 001597440 _____ () C:\Program Files\Google\Google SketchUp 8\IGCore.dll
2011-11-26 13:34 - 2011-11-26 13:34 - 001724416 _____ () C:\Program Files\Google\Google SketchUp 8\IGSg.dll
2011-11-26 13:34 - 2011-11-26 13:34 - 000778240 _____ () C:\Program Files\Google\Google SketchUp 8\IGAttrs.dll
2011-11-26 13:34 - 2011-11-26 13:34 - 003362816 _____ () C:\Program Files\Google\Google SketchUp 8\IGGfx.dll
2011-11-26 13:34 - 2011-11-26 13:34 - 000380928 _____ () C:\Program Files\Google\Google SketchUp 8\IGUtils.dll
2011-11-26 13:34 - 2011-11-26 13:34 - 000819200 _____ () C:\Program Files\Google\Google SketchUp 8\IGMath.dll
2012-12-04 11:57 - 2012-12-04 11:57 - 000192512 _____ () C:\Program Files\Google\Google SketchUp 8\alchemyext.dll
2011-11-26 13:33 - 2011-11-26 13:33 - 000892998 _____ () C:\Program Files\Google\Google SketchUp 8\msvcrt-ruby18.dll
2018-01-09 21:17 - 2018-01-09 21:17 - 020143104 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_28_0_0_137.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42534003.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\74105433.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42534003.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\74105433.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 07:00 - 2016-02-01 13:28 - 000449906 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 15464 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-299502267-1336601894-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Erik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.76.76 - 75.75.75.75
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe] => Enabled:CyberLink PowerDVD 9.0
StandardProfile\AuthorizedApplications: [C:\Program Files\adawaretb\dtUser.exe] => Enabled:Ad-Aware Security Toolbar DTX Broker
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Erik\Application Data\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe] => Enabled:Google Talk Plugin
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\launch4j-tmp\MegaMek.exe] => Disabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Disabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management

==================== Restore Points =========================

07-12-2017 17:22:26 System Checkpoint
07-12-2017 17:22:27 System Checkpoint
07-12-2017 17:22:27 System Checkpoint
07-12-2017 17:22:27 System Checkpoint
07-12-2017 17:22:28 System Checkpoint
07-12-2017 17:22:28 Software Distribution Service 3.0
07-12-2017 17:22:28 System Checkpoint
07-12-2017 17:22:29 System Checkpoint
07-12-2017 17:22:29 System Checkpoint
07-12-2017 17:22:29 System Checkpoint
07-12-2017 17:22:30 System Checkpoint
07-12-2017 17:22:30 System Checkpoint
07-12-2017 17:22:30 System Checkpoint
07-12-2017 17:22:31 System Checkpoint
07-12-2017 17:22:31 System Checkpoint
07-12-2017 17:22:31 System Checkpoint
07-12-2017 17:22:32 System Checkpoint
07-12-2017 17:22:32 System Checkpoint
07-12-2017 17:22:32 System Checkpoint
07-12-2017 17:22:33 System Checkpoint
07-12-2017 17:22:33 System Checkpoint
07-12-2017 17:22:33 System Checkpoint
07-12-2017 17:22:34 System Checkpoint
07-12-2017 17:22:34 System Checkpoint
07-12-2017 17:22:34 System Checkpoint
07-12-2017 17:22:34 System Checkpoint
07-12-2017 17:22:35 System Checkpoint
07-12-2017 17:22:35 System Checkpoint
07-12-2017 17:22:35 System Checkpoint
07-12-2017 17:22:36 System Checkpoint
07-12-2017 17:22:36 System Checkpoint
07-12-2017 17:22:36 Software Distribution Service 3.0
07-12-2017 17:22:36 System Checkpoint
07-12-2017 17:22:37 System Checkpoint
07-12-2017 17:22:37 System Checkpoint
07-12-2017 17:22:37 System Checkpoint
07-12-2017 17:22:38 System Checkpoint
07-12-2017 17:22:38 System Checkpoint
07-12-2017 17:22:38 System Checkpoint
07-12-2017 17:22:38 System Checkpoint
07-12-2017 17:22:39 System Checkpoint
07-12-2017 17:22:39 System Checkpoint
07-12-2017 17:22:39 System Checkpoint
07-12-2017 17:22:40 System Checkpoint
07-12-2017 17:22:40 System Checkpoint
07-12-2017 17:22:40 System Checkpoint
07-12-2017 17:22:41 System Checkpoint
07-12-2017 17:22:42 System Checkpoint
07-12-2017 17:22:42 System Checkpoint
07-12-2017 17:22:43 System Checkpoint
07-12-2017 17:22:43 System Checkpoint
07-12-2017 17:22:43 System Checkpoint
07-12-2017 17:22:44 System Checkpoint
07-12-2017 17:22:44 System Checkpoint
07-12-2017 17:22:45 System Checkpoint
07-12-2017 17:22:46 System Checkpoint
07-12-2017 17:22:46 System Checkpoint
07-12-2017 17:22:46 System Checkpoint
07-12-2017 17:22:47 System Checkpoint
07-12-2017 17:22:47 System Checkpoint
07-12-2017 17:22:47 System Checkpoint
07-12-2017 17:22:47 System Checkpoint
07-12-2017 17:22:48 Restore Operation
07-12-2017 17:22:48 System Checkpoint
07-12-2017 17:22:49 System Checkpoint
07-12-2017 17:22:49 System Checkpoint
07-12-2017 17:22:49 System Checkpoint
07-12-2017 17:22:49 System Checkpoint
07-12-2017 17:22:50 System Checkpoint
07-12-2017 17:22:50 Software Distribution Service 3.0
07-12-2017 17:22:50 System Checkpoint
07-12-2017 17:22:50 System Checkpoint
07-12-2017 17:22:51 Restore Point Created by FRST
07-12-2017 17:22:51 System Checkpoint
07-12-2017 17:22:51 System Checkpoint
07-12-2017 17:22:51 System Checkpoint
07-12-2017 17:22:51 System Checkpoint
07-12-2017 17:22:55 End of disinfection
07-12-2017 19:00:17 Software Distribution Service 3.0
08-12-2017 23:47:22 System Checkpoint
09-12-2017 23:57:25 System Checkpoint
11-12-2017 02:07:28 System Checkpoint
12-12-2017 04:51:40 System Checkpoint
13-12-2017 05:30:52 System Checkpoint
14-12-2017 07:00:55 System Checkpoint
15-12-2017 10:11:54 System Checkpoint
16-12-2017 11:44:03 System Checkpoint
17-12-2017 18:27:15 System Checkpoint
18-12-2017 20:57:28 System Checkpoint
20-12-2017 01:10:50 System Checkpoint
21-12-2017 04:01:15 System Checkpoint
22-12-2017 04:14:48 System Checkpoint
23-12-2017 04:27:27 System Checkpoint
24-12-2017 05:45:01 System Checkpoint
25-12-2017 09:03:28 System Checkpoint
26-12-2017 12:42:06 System Checkpoint
27-12-2017 13:14:58 System Checkpoint
28-12-2017 14:59:55 System Checkpoint
29-12-2017 15:55:04 System Checkpoint
30-12-2017 17:07:53 System Checkpoint
31-12-2017 19:28:19 System Checkpoint
01-01-2018 21:32:40 System Checkpoint
03-01-2018 01:45:23 System Checkpoint
04-01-2018 06:29:06 System Checkpoint
05-01-2018 07:22:06 System Checkpoint
06-01-2018 08:31:52 System Checkpoint
07-01-2018 11:13:34 System Checkpoint
08-01-2018 13:19:09 System Checkpoint
09-01-2018 14:58:27 System Checkpoint
11-01-2018 05:20:19 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: NVIDIA nForce 10/100 Mbps Ethernet
Description: NVIDIA nForce Networking Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service: NVENETFD
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2017 01:23:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.5.3.6569, faulting module mozglue.dll, version 52.5.3.6569, fault address 0x0000f7cb.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (12/26/2017 08:56:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application tvp.exe, version 1.3.7.1208, faulting module tvpskin.dll, version 1.3.7.923, fault address 0x000075c7.
Processing media-specific event for [tvp.exe!ws!]

Error: (12/26/2017 08:56:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application tvp.exe, version 1.3.7.1208, faulting module tvpskin.dll, version 1.3.7.923, fault address 0x000075c7.
Processing media-specific event for [tvp.exe!ws!]

Error: (12/26/2017 08:56:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application tvp.exe, version 1.3.7.1208, faulting module tvpskin.dll, version 1.3.7.923, fault address 0x000075c7.
Processing media-specific event for [tvp.exe!ws!]

Error: (12/25/2017 03:22:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application paint shop pro.exe, version 8.0.0.0, faulting module jascbrowser.dll, version 8.0.0.0, fault address 0x0001d013.
Processing media-specific event for [paint shop pro.exe!ws!]

Error: (12/20/2017 05:41:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Paint Shop Pro.exe, version 8.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/14/2017 01:42:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Paint Shop Pro.exe, version 8.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/30/2017 04:29:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application realplay.exe, version 16.0.3.51, faulting module unknown, version 0.0.0.0, fault address 0x0787ceb0.
Processing media-specific event for [realplay.exe!ws!]

Error: (11/22/2017 02:55:42 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/22/2017 02:55:42 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (01/11/2018 07:24:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wacom Professional Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/11/2018 06:58:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/11/2018 06:58:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (01/11/2018 06:58:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/11/2018 06:58:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (01/11/2018 05:21:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ad-Aware service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/11/2018 05:21:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (01/11/2018 05:21:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/11/2018 05:21:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/11/2018 05:21:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealNetworks Downloader Resolver Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor: AMD Sempron™ Processor LE-1300
Percentage of memory in use: 76%
Total physical RAM: 1982.42 MB
Available physical RAM: 473.29 MB
Total Virtual: 3875.72 MB
Available Virtual: 2401.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149 GB) (Free:72.29 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,450 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:05 PM

Posted 11 January 2018 - 08:57 PM

Greetings Erik and welcome back.

You know the drill so I will spare you the intro. Let me take a look. I should be posting something soon.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,450 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:05 PM

Posted 11 January 2018 - 09:20 PM

Hi Erik.

Not seeing much in the logs other than the fact you are using up nearly all of your computer memory. That can cause performance issues.
 

A particular svchost process is using up all the processing power

After running the Fixlist below please identify the PID number of the svchost.exe entry using all the resources.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB}
BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c}
cmd: tasklist /m /fi "IMAGENAME eq svchost.exe"
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • PID?
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 12 January 2018 - 03:23 AM

Here we go.

PID 1284

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 02.01.2018
Ran by Erik (11-01-2018 23:52:03) Run:6
Running from C:\Documents and Settings\Erik\Desktop
Loaded Profiles: Erik (Available Profiles: Erik & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB}
BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c}
cmd: tasklist /m /fi "IMAGENAME eq svchost.exe"
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} => not found
HKLM\Software\Classes\CLSID\BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} => not found
HKLM\Software\Classes\CLSID\BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} => not found

========= tasklist /m /fi "IMAGENAME eq svchost.exe" =========


Image Name                   PID Modules                                      
========================= ====== =============================================
svchost.exe                 1188 ntdll.dll, kernel32.dll, ADVAPI32.dll,       
                                 RPCRT4.dll, Secur32.dll, ShimEng.dll,        
                                 AcGenral.DLL, USER32.dll, GDI32.dll,         
                                 WINMM.dll, ole32.dll, msvcrt.dll,            
                                 OLEAUT32.dll, MSACM32.dll, VERSION.dll,      
                                 SHELL32.dll, SHLWAPI.dll, USERENV.dll,       
                                 UxTheme.dll, IMM32.DLL, serwvdrv.dll,        
                                 umdmxfrm.dll, comctl32.dll, comctl32.dll,    
                                 NTMARTA.DLL, SAMLIB.dll, WLDAP32.dll,        
                                 rpcss.dll, WS2_32.dll, WS2HELP.dll,          
                                 xpsp2res.dll, CLBCATQ.DLL, COMRes.dll,       
                                 WTSAPI32.dll, WINSTA.dll, NETAPI32.dll,      
                                 msv1_0.dll, cryptdll.dll, iphlpapi.dll,      
                                 msi.dll, termsrv.dll, ICAAPI.dll,            
                                 SETUPAPI.dll, WINTRUST.dll, CRYPT32.dll,     
                                 MSASN1.dll, IMAGEHLP.dll, AUTHZ.dll,         
                                 mstlsapi.dll, ACTIVEDS.dll, adsldpc.dll,     
                                 ATL.DLL, REGAPI.dll, rsaenh.dll, Apphelp.dll
svchost.exe                 1248 ntdll.dll, kernel32.dll, ADVAPI32.dll,       
                                 RPCRT4.dll, Secur32.dll, ShimEng.dll,        
                                 AcGenral.DLL, USER32.dll, GDI32.dll,         
                                 WINMM.dll, ole32.dll, msvcrt.dll,            
                                 OLEAUT32.dll, MSACM32.dll, VERSION.dll,      
                                 SHELL32.dll, SHLWAPI.dll, USERENV.dll,       
                                 UxTheme.dll, IMM32.DLL, serwvdrv.dll,        
                                 umdmxfrm.dll, comctl32.dll, comctl32.dll,    
                                 rpcss.dll, WS2_32.dll, WS2HELP.dll,          
                                 xpsp2res.dll, rsaenh.dll, mswsock.dll,       
                                 hnetcfg.dll, wshtcpip.dll, DNSAPI.dll,       
                                 iphlpapi.dll, winrnr.dll, WLDAP32.dll,       
                                 rasadhlp.dll, CLBCATQ.DLL, COMRes.dll,       
                                 msi.dll                                      
svchost.exe                 1288 ntdll.dll, kernel32.dll, ADVAPI32.dll,       
                                 RPCRT4.dll, Secur32.dll, ShimEng.dll,        
                                 AcGenral.DLL, USER32.dll, GDI32.dll,         
                                 WINMM.dll, ole32.dll, msvcrt.dll,            
                                 OLEAUT32.dll, MSACM32.dll, VERSION.dll,      
                                 SHELL32.dll, SHLWAPI.dll, USERENV.dll,       
                                 UxTheme.dll, IMM32.DLL, serwvdrv.dll,        
                                 umdmxfrm.dll, comctl32.dll, comctl32.dll,    
                                 NTMARTA.DLL, SAMLIB.dll, WLDAP32.dll,        
                                 xpsp2res.dll, shsvcs.dll, WINSTA.dll,        
                                 NETAPI32.dll, dhcpcsvc.dll, DNSAPI.dll,      
                                 WS2_32.dll, WS2HELP.dll, iphlpapi.dll,       
                                 rsaenh.dll, wzcsvc.dll, rtutils.dll,         
                                 WMI.dll, CRYPT32.dll, MSASN1.dll,            
                                 EapolQec.dll, ATL.DLL, QUtil.dll,            
                                 MSVCP60.dll, dot3api.dll, WTSAPI32.dll,      
                                 ESENT.dll, CLBCATQ.DLL, COMRes.dll,          
                                 rastls.dll, CRYPTUI.dll, WININET.dll,        
                                 Normaliz.dll, urlmon.dll, iertutil.dll,      
                                 WINTRUST.dll, IMAGEHLP.dll, MPRAPI.dll,      
                                 ACTIVEDS.dll, adsldpc.dll, SETUPAPI.dll,     
                                 RASAPI32.dll, rasman.dll, TAPI32.dll,        
                                 SCHANNEL.dll, WinSCard.dll, PSAPI.DLL,       
                                 raschap.dll, msv1_0.dll, cryptdll.dll,       
                                 schedsvc.dll, NTDSAPI.dll, MSIDLE.DLL,       
                                 audiosrv.dll, WZCSAPI.DLL, wkssvc.dll,       
                                 cryptsvc.dll, certcli.dll, dmserver.dll,     
                                 ersvc.dll, es.dll, pchsvc.dll, hidserv.dll,  
                                 HID.DLL, srvsvc.dll, netman.dll,             
                                 netshell.dll, credui.dll, dot3dlg.dll,       
                                 OneX.DLL, eappcfg.dll, eappprxy.dll,         
                                 HNETCFG.DLL, mswsock.dll, wshtcpip.dll,      
                                 upnp.dll, WINHTTP.dll, SSDPAPI.dll,          
                                 netcfgx.dll, CLUSAPI.dll, wbemcomn.dll,      
                                 rasmans.dll, Sens.dll, WINIPSEC.DLL,         
                                 seclogon.dll, srsvc.dll, POWRPROF.dll,       
                                 browser.dll, wuauserv.dll, wmisvc.dll,       
                                 VSSAPI.DLL, wuaueng.dll, WINSPOOL.DRV,       
                                 Cabinet.dll, mspatcha.dll, w32time.dll,      
                                 trkwks.dll, SXS.DLL, sfc.dll, sfc_os.dll,    
                                 comsvcs.dll, colbact.DLL, MTXCLU.DLL,        
                                 WSOCK32.dll, RESUTILS.DLL, ipnathlp.dll,     
                                 AUTHZ.dll, Apphelp.dll, wscsvc.dll, msi.dll,
                                 wbemcore.dll, esscli.dll, FastProx.dll,      
                                 wmiutils.dll, repdrvfs.dll, wmiprvsd.dll,    
                                 NCObjAPI.DLL, wbemess.dll, wups2.dll,        
                                 ncprov.dll, tapisrv.dll, rastapi.dll,        
                                 unimdm.tsp, uniplat.dll, unimdmat.dll,       
                                 modemui.dll, qmgr.dll, MPR.dll,              
                                 SHFOLDER.dll, kmddsp.tsp, rasadhlp.dll,      
                                 ndptsp.tsp, ipconf.tsp, h323.tsp,            
                                 hidphone.tsp, rasppp.dll, ntlsapi.dll,       
                                 kerberos.dll, RASQEC.DLL, RASDLG.dll,        
                                 advpack.dll, catsrvut.dll, catsrv.dll,       
                                 MfcSubs.dll, wbemsvc.dll, mlang.dll,         
                                 xmlprovi.dll                                 
svchost.exe                 1380 ntdll.dll, kernel32.dll, ADVAPI32.dll,       
                                 RPCRT4.dll, Secur32.dll, ShimEng.dll,        
                                 AcGenral.DLL, USER32.dll, GDI32.dll,         
                                 WINMM.dll, ole32.dll, msvcrt.dll,            
                                 OLEAUT32.dll, MSACM32.dll, VERSION.dll,      
                                 SHELL32.dll, SHLWAPI.dll, USERENV.dll,       
                                 UxTheme.dll, IMM32.DLL, serwvdrv.dll,        
                                 umdmxfrm.dll, comctl32.dll, comctl32.dll,    
                                 dnsrslvr.dll, DNSAPI.dll, WS2_32.dll,        
                                 WS2HELP.dll, iphlpapi.dll, rsaenh.dll,       
                                 mswsock.dll, hnetcfg.dll, wshtcpip.dll       
svchost.exe                 1540 ntdll.dll, kernel32.dll, ADVAPI32.dll,       
                                 RPCRT4.dll, Secur32.dll, ShimEng.dll,        
                                 AcGenral.DLL, USER32.dll, GDI32.dll,         
                                 WINMM.dll, ole32.dll, msvcrt.dll,            
                                 OLEAUT32.dll, MSACM32.dll, VERSION.dll,      
                                 SHELL32.dll, SHLWAPI.dll, USERENV.dll,       
                                 UxTheme.dll, IMM32.DLL, serwvdrv.dll,        
                                 umdmxfrm.dll, comctl32.dll, comctl32.dll,    
                                 NTMARTA.DLL, SAMLIB.dll, WLDAP32.dll,        
                                 xpsp2res.dll, lmhsvc.dll, iphlpapi.dll,      
                                 WS2_32.dll, WS2HELP.dll, ssdpsrv.dll,        
                                 hnetcfg.dll, CLBCATQ.DLL, COMRes.dll,        
                                 mswsock.dll, wshtcpip.dll                    
svchost.exe                 1316 ntdll.dll, kernel32.dll, ADVAPI32.dll,       
                                 RPCRT4.dll, Secur32.dll, ShimEng.dll,        
                                 AcGenral.DLL, USER32.dll, GDI32.dll,         
                                 WINMM.dll, ole32.dll, msvcrt.dll,            
                                 OLEAUT32.dll, MSACM32.dll, VERSION.dll,      
                                 SHELL32.dll, SHLWAPI.dll, USERENV.dll,       
                                 UxTheme.dll, IMM32.DLL, serwvdrv.dll,        
                                 umdmxfrm.dll, comctl32.dll, comctl32.dll,    
                                 NTMARTA.DLL, SAMLIB.dll, WLDAP32.dll,        
                                 xpsp2res.dll, webclnt.dll, WININET.dll,      
                                 Normaliz.dll, urlmon.dll, iertutil.dll,      
                                 WS2_32.dll, WS2HELP.dll, rsaenh.dll          
svchost.exe                 3088 ntdll.dll, kernel32.dll, ADVAPI32.dll,       
                                 RPCRT4.dll, Secur32.dll, ShimEng.dll,        
                                 AcGenral.DLL, USER32.dll, GDI32.dll,         
                                 WINMM.dll, ole32.dll, msvcrt.dll,            
                                 OLEAUT32.dll, MSACM32.dll, VERSION.dll,      
                                 SHELL32.dll, SHLWAPI.dll, USERENV.dll,       
                                 UxTheme.dll, IMM32.DLL, serwvdrv.dll,        
                                 umdmxfrm.dll, comctl32.dll, comctl32.dll,    
                                 wiaservc.dll, CFGMGR32.dll, setupapi.DLL,    
                                 mscms.dll, WINSPOOL.DRV, WINSTA.dll,         
                                 NETAPI32.dll, xpsp2res.dll, CLBCATQ.DLL,     
                                 COMRes.dll, WINTRUST.dll, CRYPT32.dll,       
                                 MSASN1.dll, IMAGEHLP.dll, actxprxy.dll,      
                                 sti.dll                                      

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9319 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 0 B
Java, Flash, Steam htmlcache => 1066 B
Windows/system/dllcache/drivers => 963927 B
Edge => 0 B
Chrome => 0 B
Firefox => 114318312 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 0 B
All Users => 0 B
systemprofile => 0 B
LocalService => 692 B
NetworkService => 66228 B
Erik => 1220953 B
Administrator => 0 B

RecycleBin => 27099 B
EmptyTemp: => 111.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:05:28 ====



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,450 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:05 PM

Posted 12 January 2018 - 09:46 AM

Greetings Erik.

I am assuming you mean 1248.

PID 1284


All of those entries are legitimate.

Please boot into Safe Mode with Networking and let me know how your computer performs.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 12 January 2018 - 11:38 AM

I double checked and the troublesome svchost is definitely PID 1284.

Currently in safe mode.

Runs at normal speed and task manager shows that particular svchost not running.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,450 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:05 PM

Posted 12 January 2018 - 07:09 PM

Hi Erik.

Boot normally then open the Task Manager Processes tab. Click on PID so they are listed in numerical order. Please provide the information on PID 1284.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 13 January 2018 - 08:24 AM

Now it's listed as PID 1280 /user name system /session id 0 /CPU 98 /mem usage 90,536k /page faults 87,486 /VM size 79,608

 

Did you need the info from every single column?



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,450 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:05 PM

Posted 13 January 2018 - 08:45 PM

Thank you, that is all I need for now.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Clean Boot

--------------------
  • Press the Windows Key + R on your keyboard at the same time.
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Computer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 14 January 2018 - 08:48 AM

Fix result of Farbar Recovery Scan Tool (x86) Version: 13.01.2018 01
Ran by Erik (14-01-2018 07:39:27) Run:7
Running from C:\Documents and Settings\Erik\Desktop
Loaded Profiles: Erik (Available Profiles: Erik & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
*****************

Restore point was successfully created.

==== End of Fixlog 07:40:53 ====

 

 

Still slow, and that one svchost is still using all the cpu juice. Won't let me change the priority setting on it either. That was one of the fist things I tried when this problem came back.

Upping the priority on my browser a step at least makes it functional enough to use the net. Otherwise I'd have trouble even coming here for help in the first place.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,450 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:05 PM

Posted 14 January 2018 - 05:22 PM

Please do this.

===================================================

Process Explorer Report

--------------------
  • Please download Process Explorer.zip and save it to your desktop
  • Unzip the folder to your Desktop
  • Double click procexp.exe
  • Left click on System
  • Click File, Save As..., and save the document to your Desktop
  • Copy and paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Process Explorer file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 15 January 2018 - 03:57 AM

Did you want me to restart normally before doing this? I'm still running on the selective startup you had me do before.

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name
System Idle Process        0 K    28 K    0        
System        0 K    260 K    4        
 Interrupts    3.13    0 K    0 K    n/a    Hardware Interrupts and DPCs    
 smss.exe        172 K    432 K    528    Windows NT Session Manager    Microsoft Corporation
  csrss.exe        1,636 K    4,648 K    652    Client Server Runtime Process    Microsoft Corporation
  winlogon.exe        8,028 K    5,356 K    980    Windows NT Logon Application    Microsoft Corporation
   services.exe        1,708 K    3,480 K    1024    Services and Controller app    Microsoft Corporation
    svchost.exe        3,252 K    5,520 K    1188    Generic Host Process for Win32 Services    Microsoft Corporation
     wmiprvse.exe        2,356 K    5,064 K    1384        
    svchost.exe        1,856 K    4,576 K    1248    Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe    96.88    80,332 K    91,528 K    1288    Generic Host Process for Win32 Services    Microsoft Corporation
     wuauclt.exe        11,840 K    65,840 K    1696    Windows Update    Microsoft Corporation
     wscntfy.exe        552 K    2,096 K    836    Windows Security Center Notification App    Microsoft Corporation
    svchost.exe        5,392 K    7,764 K    1364    Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe        1,484 K    3,960 K    1480    Generic Host Process for Win32 Services    Microsoft Corporation
    spoolsv.exe        3,140 K    4,924 K    196    Spooler SubSystem App    Microsoft Corporation
    svchost.exe        1,352 K    3,916 K    312    Generic Host Process for Win32 Services    Microsoft Corporation
    alg.exe        1,204 K    3,704 K    1464    Application Layer Gateway Service    Microsoft Corporation
   lsass.exe        3,964 K    1,792 K    1036    LSA Shell (Export Version)    Microsoft Corporation
explorer.exe        26,280 K    36,124 K    1912    Windows Explorer    Microsoft Corporation
 firefox.exe        678,520 K    574,112 K    1860    Firefox    Mozilla Corporation
 SketchUp.exe        59,836 K    4,952 K    2948    SketchUp Application    Trimble Navigation Limited
 procexp.exe        13,192 K    9,276 K    3304    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com

 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,450 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:05 PM

Posted 15 January 2018 - 08:53 AM

I want to compare so now do this then run the Process Explorer steps again.

===================================================

Reversing Clean Boot State via System Restore

--------------------
  • Please follow these steps and restore your computer back to the Clean Boot Restore Point
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Process Explorer list

Edited by Oh My!, 15 January 2018 - 09:38 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 15 January 2018 - 11:00 AM

I thought the Process Explorer report I just did was the clean boot one? Or did you just mean for me to restore back to a few days ago with a normal boot and then do the scan with Process Explorer?



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,450 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:05 PM

Posted 15 January 2018 - 05:40 PM

Yes, the System Restore Point steps will revert your computer back to before you changed the settings.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users