Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When computer freezes on certain websites, I am disconnected from internet.


  • This topic is locked This topic is locked
22 replies to this topic

#1 Tim1731

Tim1731

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 19 March 2018 - 01:20 PM

Hi to everyone.

 

When I go to a website and the page refuses to load, I close it down.  Then I get the message, "Firefox is not responding".  When I shut down the faulty page, of course all of my other open tabs close down also.  So then I try to reconnect to the internet, but I cannot.  The only way for me to get back on the web is to restart the computer. 

 

Then to compound whatever this problem is, I made a mistake and called a fake Yahoo number last week.  I have been unable to get into my e-mail account because I keep getting an "Invalid ID" message.  So I was trying to get this fixed.  The person on the phone used a remote program called GotoAssist to "search for the problem".  I knew I had messed up in the middle of the call.  The post is in the "Am I infected" forum.  So I was already having problems, and now I'm not sure if this person installed something else on my computer.

 

I've already done scans with Malwarebytes, SuperAntiSpyware, CCleaner, and ESET.  The ESET scan found a Trojan Tracur that could be remnants of one I had years ago.

 

FRST scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by JT (administrator) on TEAGUE (19-03-2018 11:14:06)
Running from C:\Documents and Settings\JT\Desktop
Loaded Profiles: JT  (Available Profiles: Elaine & JT & Terri & Guest Access & Booker & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions)
HKLM\...\Run: [BellSouthAlertManager.exe] => C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe [1896448 2006-01-10] (BellSouth)
HKLM\...\Run: [HelpCenter] => C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe [192512 2006-10-30] (SupportSoft, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-09] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-110530747-2245437320-93801351-1007\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6844848 2018-01-18] (SUPERAntiSpyware)
HKU\S-1-5-21-110530747-2245437320-93801351-1007\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [12762872 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-110530747-2245437320-93801351-1007\...\Policies\Explorer: [EditLevel] 0
HKU\S-1-5-21-110530747-2245437320-93801351-1007\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-110530747-2245437320-93801351-1007\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-18\...\RunOnce: [SWHelper] => C:\WINDOWS\system32\Macromed\Shockwave 8\PostUpdate.exe [53248 2010-08-23] ()
Lsa: [Notification Packages] scecli scecli scecli scecli scecli
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk [2005-06-01]
ShortcutTarget: America Online 9.0 Tray Icon.lnk -> C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3133748A-A2D1-48E8-B45C-75494EA233F3}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-110530747-2245437320-93801351-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-110530747-2245437320-93801351-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-110530747-2245437320-93801351-1007 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-110530747-2245437320-93801351-1007 -> {FEAAD194-B719-4200-ADD8-2CB6EA13B998} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-15] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-110530747-2245437320-93801351-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2005-01-12] (Hewlett-Packard Company)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2004-09-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default [2018-03-19]
FF Homepage: C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default -> hxxp://www.msn.com/
FF NetworkProxy: C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default -> type", 0
FF Extension: (Avast SafePrice) - C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default\Extensions\sp@avast.com.xpi [2018-03-09]
FF Extension: (Avast Online Security) - C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default\Extensions\wrc@avast.com.xpi [2017-10-09]
FF Extension: (Yahoo Toolbar and New Tab) - C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}.xpi [2017-05-04] [Legacy]
FF Extension: (Adblock Plus) - C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-13]
FF SearchPlugin: C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default\searchplugins\yahoo-avast.xml [2014-06-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-06-28] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-15] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-03-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [No File]
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Booker T\Application Data\Move Networks\plugins\npqmp071705000014.dll [2010-01-24] (Move Networks)
FF Plugin: @real.com/nppl3260;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-07-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-07-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-07-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-07-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-07-15] (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2007-09-18] (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2007-09-18] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Profile: C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-03-14]
CHR Extension: (Slides) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-06]
CHR Extension: (Docs) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-10]
CHR Extension: (Google Drive) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-20]
CHR Extension: (YouTube) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-20]
CHR Extension: (Sheets) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-14]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-22]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-14]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-25]
CHR Extension: (Gmail) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-20]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-06-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-10] (SUPERAntiSpyware.com)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-03-09] (Adobe Systems Incorporated) [File not signed]
S2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [1135728 2004-04-07] (America Online, Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888 2018-03-09] (AVAST Software)
S2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [389120 2004-08-25] () [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-09] (AVAST Software)
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
S2 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
S3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S2 gupdate1c9c1062820fd4; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [121600 2013-04-05] (Intel Corporation)
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
S2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2004-03-04] (Lexmark International, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
S3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
S2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S3 usprserv; C:\WINDOWS\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
S1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167040 2018-03-09] (AVAST Software)
S1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [185432 2018-03-09] (AVAST Software)
S0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157368 2018-03-09] (AVAST Software)
S0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276688 2018-03-09] (AVAST Software)
S0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50336 2018-03-09] (AVAST Software)
S1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [169536 2018-03-09] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-03-09] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [39784 2017-08-31] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124392 2018-03-09] (AVAST Software)
R1 AswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70576 2018-03-09] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70816 2018-03-09] (AVAST Software)
S1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783608 2018-03-09] (AVAST Software)
S1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [391856 2018-03-09] (AVAST Software)
S3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205344 2018-03-09] (AVAST Software)
S0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-03-09] (AVAST Software)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [87488 2004-12-01] (Sonic Solutions) [File not signed]
S2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions) [File not signed]
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2004-01-05] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-01-05] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2004-01-05] (HP)
S3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
S1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [151328 2018-02-21] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40376 2018-03-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2018-03-19] (Malwarebytes)
S2 MCSTRM; C:\WINDOWS\system32\Drivers\MCSTRM.sys [8413 2006-12-27] (RealNetworks, Inc.) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
S2 npkcrypt; C:\Program Files\NEXON\MapleStory\npkcrypt.sys [23217 2006-11-20] (INCA Internet Co., Ltd.) [File not signed]
R3 npkcusb; C:\Program Files\NEXON\MapleStory\npkcusb.sys [15472 2006-11-09] (INCA Internet Co., Ltd.) [File not signed]
S2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
S2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
S2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-01-26] (Sonic Solutions) [File not signed]
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation) [File not signed]
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 bvrp_pci; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys [X]
U3 Winsock - Google Desktop Search Backup Before First Install; no ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-19 11:14 - 2018-03-19 11:14 - 000024059 _____ C:\Documents and Settings\JT \Desktop\FRST.txt
2018-03-19 11:12 - 2018-03-19 11:14 - 000000000 ____D C:\FRST
2018-03-19 11:09 - 2018-03-19 11:09 - 001764352 _____ (Farbar) C:\Documents and Settings\JT\Desktop\FRST.exe
2018-03-15 01:02 - 2018-03-15 01:02 - 000001946 _____ C:\Documents and Settings\JT\Desktop\eset.txt
2018-03-14 22:02 - 2018-03-14 22:02 - 006968952 _____ (ESET spol. s r.o.) C:\Documents and Settings\JT\Desktop\esetonlinescanner_enu.exe
2018-03-14 16:46 - 2018-03-16 16:04 - 000016562 _____ C:\WINDOWS\SchedLgU.Txt
2018-03-14 09:45 - 2018-03-19 10:54 - 000375462 _____ C:\WINDOWS\ntbtlog.txt
2018-03-14 01:54 - 2018-03-14 01:54 - 000001240 _____ C:\Documents and Settings\JT\Desktop\bytes.txt
2018-03-13 22:47 - 2018-03-16 16:00 - 000000286 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2018-03-13 22:47 - 2018-03-13 22:47 - 000000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2018-03-13 15:10 - 2018-03-13 15:10 - 000001195 _____ C:\Documents and Settings\JT\Desktop\nicetry.txt
2018-03-13 13:48 - 2018-03-13 13:48 - 000000000 ____D C:\Documents and Settings\JT\Local Settings\Application Data\GoToAssist Remote Support Customer
2018-03-13 13:48 - 2018-03-13 13:48 - 000000000 ____D C:\Documents and Settings\JT\Local Settings\Application Data\GoTo Opener
2018-03-10 02:47 - 2018-03-16 16:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-10 02:47 - 2018-03-10 02:47 - 000000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2018-03-10 02:47 - 2018-03-10 02:47 - 000000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2018-03-10 02:27 - 2018-03-10 02:29 - 045462072 _____ (Mozilla) C:\Documents and Settings\JT\Desktop\Firefox Setup 52.6.0esr.exe
2018-03-09 22:43 - 2018-03-09 22:42 - 000319392 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-19 11:14 - 2013-08-16 17:59 - 000000000 ____D C:\Documents and Settings\JT\Local Settings\temp
2018-03-19 11:09 - 2010-08-16 05:39 - 000001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2018-03-19 10:50 - 2017-12-11 15:19 - 000040376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-19 10:49 - 2017-12-11 15:19 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-03-19 10:49 - 2004-08-11 18:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2018-03-17 01:13 - 2005-06-20 11:33 - 000000178 ___SH C:\Documents and Settings\JT\ntuser.ini
2018-03-16 16:25 - 2012-09-24 09:23 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-03-16 16:04 - 2004-08-11 18:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-16 16:03 - 2005-06-20 11:33 - 000000000 ____D C:\Documents and Settings\JT
2018-03-16 16:02 - 2016-06-13 11:15 - 000000462 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1465830901.job
2018-03-16 16:01 - 2014-03-28 02:12 - 000000228 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2018-03-16 16:01 - 2011-12-06 00:50 - 000000284 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1007.job
2018-03-16 16:01 - 2011-04-04 11:10 - 000000292 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1009.job
2018-03-16 16:01 - 2010-08-17 01:34 - 000000280 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-18.job
2018-03-16 16:01 - 2010-04-24 16:15 - 000000278 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1008.job
2018-03-16 16:01 - 2010-03-14 09:14 - 000000284 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1011.job
2018-03-16 16:01 - 2010-03-07 13:08 - 000000278 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1006.job
2018-03-16 16:01 - 2009-07-01 00:49 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-03-16 16:00 - 2017-04-16 16:30 - 000000310 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-03-14 22:03 - 2017-07-12 01:39 - 000000000 ____D C:\Documents and Settings\JT\Local Settings\Application Data\ESET
2018-03-13 22:56 - 2006-06-02 18:03 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-13 22:49 - 2017-06-28 16:45 - 000000000 ____D C:\Documents and Settings\JT\Application Data\HaoZip
2018-03-13 22:47 - 2013-07-14 16:05 - 000000000 ____D C:\Program Files\CCleaner
2018-03-13 22:47 - 2013-07-08 14:06 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2018-03-13 15:10 - 2009-07-28 11:58 - 000000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{3098DA4A-FE05-4998-841F-6C5DE24BD70A}.job
2018-03-13 15:06 - 2012-06-22 12:39 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2018-03-13 14:50 - 2009-07-01 00:49 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-03-13 14:00 - 2017-01-17 12:25 - 000000000 _____ C:\WINDOWS\system32\last.dump
2018-03-13 01:34 - 2010-08-17 01:34 - 000000288 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
2018-03-12 10:53 - 2004-08-11 18:07 - 000622496 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-09 23:10 - 2012-04-08 16:26 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-03-09 23:10 - 2011-06-07 16:31 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-03-09 23:09 - 2004-08-11 18:12 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-09 22:47 - 2004-08-11 18:02 - 000000000 ____D C:\WINDOWS\inf
2018-03-09 22:43 - 2017-11-10 11:48 - 000167040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-09 22:43 - 2015-08-12 11:57 - 000205344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-03-09 22:43 - 2014-05-05 16:13 - 000042808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-09 22:43 - 2013-09-26 17:54 - 000391856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-09 22:43 - 2013-09-26 17:54 - 000310784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-09 22:43 - 2013-09-26 17:54 - 000124392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-09 22:43 - 2013-09-26 17:54 - 000070816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-09 22:43 - 2013-09-26 17:54 - 000070576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-03-09 22:41 - 2017-12-21 11:08 - 000169536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-09 22:41 - 2017-04-16 16:29 - 000276688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2018-03-09 22:41 - 2017-04-16 16:29 - 000185432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2018-03-09 22:41 - 2017-04-16 16:29 - 000157368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2018-03-09 22:41 - 2017-04-16 16:29 - 000050336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2018-03-09 22:41 - 2013-09-26 17:54 - 000783608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-09 10:36 - 2014-03-28 02:12 - 000000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2018-02-26 20:24 - 2016-05-30 13:04 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
2018-02-21 16:23 - 2017-12-11 15:19 - 000151328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

==================== Files in the root of some directories =======

2013-07-30 14:44 - 2013-07-30 15:10 - 000000277 _____ () C:\Documents and Settings\JT\reset.bat
2013-09-13 13:09 - 2013-09-13 15:38 - 000000160 _____ () C:\Documents and Settings\JT \Application Data\burnaware.ini
2005-08-28 13:44 - 2005-08-28 13:44 - 000000000 ____C () C:\Documents and Settings\JT\Application Data\wklnhst.dat
2007-04-13 21:10 - 2007-04-13 21:10 - 000000131 _____ () C:\Documents and Settings\JT\Local Settings\Application Data\fusioncache.dat
2011-05-14 14:12 - 2011-05-14 17:52 - 000015556 ___SH () C:\Documents and Settings\JT\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
2005-11-06 00:08 - 2012-01-14 10:08 - 000002843 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Some files in TEMP:
====================
2014-05-07 14:02 - 2014-05-07 14:02 - 000041984 _____ () C:\Documents and Settings\JT\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7izwxy.dll
2015-05-12 11:38 - 2015-05-16 03:36 - 007171708 _____ () C:\Documents and Settings\JT\Local Settings\temp\{87836FB9-F96F-4AF8-8660-2CDA48D69393}-42.0.2311.152_chrome_installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Addition.txt:

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by JT  (19-03-2018 11:16:27)
Running from C:\Documents and Settings\JT\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2005-06-12 16:51:51)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-110530747-2245437320-93801351-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Booker (S-1-5-21-110530747-2245437320-93801351-1011 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Booker
Elaine (S-1-5-21-110530747-2245437320-93801351-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Elaine
Guest (S-1-5-21-110530747-2245437320-93801351-501 - Limited - Disabled)
Guest Access (S-1-5-21-110530747-2245437320-93801351-1009 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest Access
HelpAssistant (S-1-5-21-110530747-2245437320-93801351-1004 - Limited - Disabled)
JT (S-1-5-21-110530747-2245437320-93801351-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\JT
SUPPORT_388945a0 (S-1-5-21-110530747-2245437320-93801351-1002 - Limited - Disabled)
Taryn (S-1-5-21-110530747-2245437320-93801351-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Terri

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2345好压 (HKLM\...\HaoZip) (Version: v5.9 - 2345.com)
4200 (HKLM\...\{34611BCF-3157-405b-A34E-879C7DC79142}) (Version: 40.0.105.000 - Hewlett-Packard) Hidden
4200_Help (HKLM\...\{133CD5EF-A4A1-442a-8D50-910B5DEF76BD}) (Version: 40.0.105.000 -  Hewlett-Packard) Hidden
4200Tour (HKLM\...\{9A0DCD97-9648-45ed-A52C-133C728AB2FF}) (Version: 40.0.105.000 -  Hewlett-Packard) Hidden
4200Trb (HKLM\...\{68A2A8FC-2CA0-4b6c-BE09-CC7ABE2A8DDC}) (Version: 40.0.105.000 -  Hewlett-Packard) Hidden
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AiO_Scan (HKLM\...\{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}) (Version: 40.0.105.000 - Hewlett-Packard) Hidden
AIOMinimal (HKLM\...\{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}) (Version: 40.0.105.000 - Hewlett-Packard) Hidden
AiOSoftware (HKLM\...\{63F2408D-A675-4d97-A256-70EACB6B9B4A}) (Version: 40.0.105.000 - Hewlett-Packard) Hidden
AOL Coach Version 1.0(Build:20040229.1 en) (HKLM\...\AOLCoach) (Version:  - )
AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version:  - )
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - )
AOLIcon (HKLM\...\{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}) (Version: 1.00.0000 - Dell) Hidden
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5120 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.051-040825a-017900C-Dell - )
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
BellSouth Application Management (HKLM\...\BellSouth Application Management) (Version:  - )
BellSouth Internet Security - Alert Manager 1.3.20 (HKLM\...\RadialpointClientGateway_is1) (Version: 1.3.20 - Bellsouth)
BellSouth® FastAccess® DSL Help Center 4.0 (HKLM\...\BellsouthHelpCenter4_is1) (Version: 4.0.29 - BellSouth)
Best Buy Digital Music Store (HKLM\...\Best Buy Digital Music Store) (Version:  - )
Best Buy Rhapsody (HKLM\...\Best Buy Rhapsody) (Version:  - )
BurnAware Free 6.4 (HKLM\...\BurnAware Free_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Copy (HKLM\...\{48242276-DB89-42e8-9678-BD4280D7B99A}) (Version: 5.35.0.065 - Hewlett-Packard) Hidden
CouponBar (HKLM\...\TTB000001.TTB000001Toolbar) (Version:  - ) <==== ATTENTION
CreativeProjects (HKLM\...\{9B03C535-3AEA-4ef2-B326-0A01A2207034}) (Version: 5.35.0.059 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version:  - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Media Experience (HKLM\...\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}) (Version: 3.00 - Dell)
Dell Photo Printer 720 (HKLM\...\Dell Photo Printer 720) (Version:  - )
Dell Photo Printer 720 Logger (HKLM\...\Dell Photo Printer 720 Logger) (Version: 1.0 - Dell)
Dell Picture Studio v3.0 (HKLM\...\{AF06CAE4-C134-44B1-B699-14FBDB63BD37}) (Version: 3.0.0 - Jasc Software, Inc.)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3062 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
Director (HKLM\...\{723C033E-63EA-4227-BAB2-0AA8693C16EB}) (Version: 5.35.0.051 - Hewlett-Packard) Hidden
DocProc (HKLM\...\{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}) (Version: 3.5.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-110530747-2245437320-93801351-1007\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
EarthLink setup files (HKLM\...\{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}) (Version: 2005.1.47.0 - EarthLink)
Fax (HKLM\...\{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}) (Version: 40.0.105.000 - Hewlett-Packard) Hidden
Get High Speed Internet! (HKLM\...\{7A3F0566-5E05-4919-9C98-456F6B5CF831}) (Version: 1.00.0000 - Dell)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
HP Image Zone 3.5 (HKLM\...\HP Photo & Imaging) (Version: 3.5 - HP)
HP PSC & OfficeJet 3.5 (HKLM\...\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}) (Version: 3.5 - HP)
HP Unload DLL Patch (HKLM\...\{595D0DE8-C38A-4432-B851-47DECC1A99BD}) (Version: 1.00.0000 - Hewlett-Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPSystemDiagnostics (HKLM\...\{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}) (Version: 1.5.0.0 - Your Company Name) Hidden
InstantShare (HKLM\...\{745A92AF-53B4-41A7-91C3-9B026B1D5897}) (Version: 3.5.0.21 - Hewlett-Packard) Hidden
InstantShareAlert (HKLM\...\{069730C2-755A-485B-A205-27A1AAFA836A}) (Version: 1.00.0000 - HP) Hidden
Intel® Network Connections 18.3.62.0 (HKLM\...\{FCF3ECF7-7AE0-4E26-B387-09A3A80B79CC}) (Version: 18.3.62.0 - Intel)
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Internet Explorer Default Page (HKLM\...\{35BDEFF1-A610-4956-A00D-15453C116395}) (Version: 1.00.03 - Dell Inc.) Hidden
Jasc Paint Shop Photo Album (HKLM\...\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}) (Version: 4.0.4 - Jasc Software, Inc.)
Jasc Paint Shop Photo Album 5 (HKLM\...\{4192EAC0-6B36-4723-B216-D0E86E7757AC}) (Version: 5.21 - Jasc Software, Inc.)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Macromedia Flash Player (HKLM\...\{0456ebd7-5f67-4ab6-852e-63781e3f389c}) (Version: 7.0.19.0 - Macromedia, Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MapleStory (HKLM\...\{DEC511B1-59CB-4F15-AD75-0543034572A5}) (Version:  - )
MapleStory (HKLM\...\{F99C5427-4D78-43E2-B97E-F4C4E622D612}) (Version: 035 - Nexon)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Easy Assist v2 (HKLM\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2005 (HKLM\...\{05410044-64A6-4248-A026-9745C1E9E159}) (Version: 2005 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Money 2005 (HKLM\...\Money2005b) (Version: 14 - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM\...\{AC388C78-2619-452C-BFBE-FABCC3194387}) (Version: 8.0.6362.149 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Picture It! Premium 10 (HKLM\...\PictureItPrem_v10) (Version: 10.0.0612 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Streets and Trips 2005 (HKLM\...\{67E4EE98-59F4-4210-89A6-A20AF5BEC689}) (Version: 12.00.07.1200 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Microsoft Works 2005 Setup Launcher (HKLM\...\Works2005Setup) (Version:  - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}) (Version: 8.0.0.0000 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.28 - BVRP Software)
Mozilla Firefox 52.7.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.7.2 ESR (x86 en-US)) (Version: 52.7.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.7.2.6648 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Musicmatch® Jukebox (HKLM\...\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}) (Version: 9.00.5100 - )
My Way Search Assistant (HKLM\...\{78D944D7-A97B-4004-AB0A-B5AD06839940}) (Version: 1.0.256 - MyWay.com) Hidden
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
NetZeroInstallers (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
nLite 1.4.9.3 (HKLM\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
overland (HKLM\...\{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}) (Version: 2.1.6.2 - HP) Hidden
Overland (HKLM\...\{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}) (Version: 2.1.4 - Hewlett-Packard) Hidden
PassAlong Software (HKLM\...\{AC4732F4-665D-4E6B-8E50-74D6B6FBE5A9}) (Version: 2.2.04 - PassAlong Music Store)
Photo Click (HKLM\...\{6E179C77-7335-458D-9537-4F4EAC0181ED}) (Version: 1.0.0 - Photo Click)
PhotoGallery (HKLM\...\{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}) (Version: 5.35.0.059 - Hewlett-Packard) Hidden
PowerDVD 5.5 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PrintScreen (HKLM\...\{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}) (Version: 5.35.0.035 - Hewlett-Packard) Hidden
QFolder (HKLM\...\{8777AC6D-89F9-4793-8266-DE406F343E89}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Qualxserve Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.11.0000 - Dell)
QuickBooks Simple Start Special Edition (HKLM\...\{14374619-0900-4056-BA06-C87C900AF9E6}) (Version:  - )
QuickProjects (HKLM\...\{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}) (Version: 5.35.0.047 - Hewlett-Packard) Hidden
Readme (HKLM\...\{A2500497-FD32-493e-B8E5-28D6728DBEF5}) (Version: 40.0.105.000 - Hewlett-Packard) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.5 - RealNetworks)
RealUpgrade 1.0 (HKLM\...\{F4F4F84E-804F-4E9A-84D7-C34283F0088F}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
REXplorer Component Upgrade (HKLM\...\{A639BD63-8CE6-11D5-B4CC-00105A07274A}) (Version:  - )
Rhapsody Player Engine (HKLM\...\{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}) (Version: 1.1.0 - RealNetworks)
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
Scan (HKLM\...\{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}) (Version: 3.5.0.0 - Hewlett-Packard) Hidden
Shockwave (HKLM\...\Shockwave) (Version:  - )
SkinsHP1 (HKLM\...\{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}) (Version: 5.35.0.043 - Hewlett-Packard) Hidden
SkinsHP2 (HKLM\...\{BC339BFD-F550-471a-8D26-4D08126C62F7}) (Version: 5.35.0.043 - Hewlett-Packard) Hidden
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
TBS WMP Plug-in (HKLM\...\{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}) (Version: 1.00.518 - CNN) Hidden
TBS WMP Plug-in (HKLM\...\InstallShield_{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}) (Version: 1.00.518 - CNN)
TrayApp (HKLM\...\{81DD5688-695A-4c1d-AE7D-368BF857725A}) (Version: 5.35.0.035 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.6.1 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.16 - Tweaking.com)
Unload (HKLM\...\{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}) (Version: 3.5.0 - Hewlett-Packard) Hidden
VC_CRT_x86 (HKLM\...\{8054D734-39C7-463D-B764-9C883982B8F9}) (Version: 1.02.0000 - Intel Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{FBBF532A-47AC-457d-AC06-0D3163D8911E}) (Version: 5.31.0.147 - Hewlett-Packard) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.5.0530.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Works Upgrade (HKLM\...\{DE1AF137-C455-494A-A817-EFE44BCCFDEE}) (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-110530747-2245437320-93801351-1007_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\JT\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-110530747-2245437320-93801351-1007_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\JT\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-110530747-2245437320-93801351-1007_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\JT \Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-110530747-2245437320-93801351-1007_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\JT \Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-110530747-2245437320-93801351-1007_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\JT \Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-110530747-2245437320-93801351-1007_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\JT \Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-09] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\JT\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\JT\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\JT\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\JT\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-09] (AVAST Software)
ContextMenuHandlers1: [HaoZip] -> {5FED836A-C96C-4d88-A91E-F63F07726585} => C:\Program Files\HaoZip\HaoZipExt.dll [2017-03-30] (2345.com)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll -> No File
ContextMenuHandlers2: [HaoZip] -> {5FED836A-C96C-4d88-A91E-F63F07726585} => C:\Program Files\HaoZip\HaoZipExt.dll [2017-03-30] (2345.com)
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-09] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [HaoZip] -> {5FED836A-C96C-4d88-A91E-F63F07726585} => C:\Program Files\HaoZip\HaoZipExt.dll [2017-03-30] (2345.com)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-09] (AVAST Software)
ContextMenuHandlers6: [HaoZip] -> {5FED836A-C96C-4d88-A91E-F63F07726585} => C:\Program Files\HaoZip\HaoZipExt.dll [2017-03-30] (2345.com)
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-110530747-2245437320-93801351-1007: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\JT\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-110530747-2245437320-93801351-1007: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\JT\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-110530747-2245437320-93801351-1007: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\JT\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-18.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1011.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-18.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-110530747-2245437320-93801351-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-110530747-2245437320-93801351-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-110530747-2245437320-93801351-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-110530747-2245437320-93801351-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-110530747-2245437320-93801351-1011.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1465830901.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{3098DA4A-FE05-4998-841F-6C5DE24BD70A}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\WebReg 20120114091854.job => C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\JT\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\remove_symbolic_links_from_windows_defender_folder.lnk -> C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\remove_symbolic_links_from_windows_defender_folder.bat ()
Shortcut: C:\Documents and Settings\JT\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2004-08-11 18:00 - 2004-08-04 06:00 - 000015360 _____ () C:\WINDOWS\system32\tsd32.dll
2017-12-11 15:18 - 2017-11-29 10:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2004-08-11 18:00 - 2013-01-02 02:49 - 001292288 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-110530747-2245437320-93801351-1007\Software\Classes\exefile: "%1" %* <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-07-30 13:51 - 2017-12-07 00:23 - 000000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-110530747-2245437320-93801351-1007\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\JT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk => C:\WINDOWS\pss\dlbcserv.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ATIPTA => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DVDLauncher => "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
MSCONFIG\startupreg: HP Component Manager => "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ISUSPM Startup => c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: mmtask => "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
MSCONFIG\startupreg: MMTray => "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe"  -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\LEXPPS.EXE] => Disabled:LEXPPS.EXE
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\JT\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2018 02:00:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 52.7.0.6640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/13/2018 12:41:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 52.6.0.6592, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2018 12:43:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 52.6.0.6592, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/05/2018 03:33:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 52.6.0.6592, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/03/2018 02:29:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 52.6.0.6592, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/27/2018 07:55:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 52.6.0.6592, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/27/2018 07:40:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 52.6.0.6592, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/23/2018 05:15:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 52.6.0.6592, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (03/19/2018 10:49:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswArPot
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswHdsKe
aswRvrt
aswSnx
aswSP
aswVmm
Fips
intelppm
mbamchameleon
SASDIFSV
SASKUTIL

Error: (03/19/2018 10:49:08 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/17/2018 01:13:00 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/16/2018 04:07:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswArPot
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswHdsKe
aswRvrt
aswSnx
aswSP
aswVmm
ESProtectionDriver
Fips
intelppm
SASDIFSV
SASKUTIL

Error: (03/16/2018 04:06:17 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/16/2018 04:03:26 PM) (Source: DCOM) (EventID: 10010) (User: TEAGUE)
Description: The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register with DCOM within the required timeout.

Error: (03/16/2018 04:01:40 PM) (Source: Schannel) (EventID: 4116) (User: )
Description: The certificate received from the remote server does not contain the expected name.
It is therefore not possible to determine whether we are connecting to the
correct server. The server name we were expecting is au.avastbrowser.com. The SSL connection request has
failed. The attached data contains the server certificate.

Error: (03/16/2018 04:01:00 PM) (Source: WMPNetworkSvc) (EventID: 14325) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80004002'. In Windows Media Player, turn off media sharing, and then turn it back on.


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.80GHz
Percentage of memory in use: 76%
Total physical RAM: 1022.07 MB
Available physical RAM: 240.91 MB
Total Virtual: 2462.02 MB
Available Virtual: 1827.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:70.21 GB) (Free:33.59 GB) NTFS ==>[drive with boot components (Windows XP)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=70.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.2 GB) - (Type=DB)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 24 March 2018 - 01:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/673528 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Tim1731

Tim1731
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 26 March 2018 - 12:16 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by JT (administrator) on TEAGUE (26-03-2018 12:23:08)
Running from C:\Documents and Settings\JT\Desktop
Loaded Profiles: JT (Available Profiles: Elaine & JT & Terri & Guest Access & Booker & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions)
HKLM\...\Run: [BellSouthAlertManager.exe] => C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe [1896448 2006-01-10] (BellSouth)
HKLM\...\Run: [HelpCenter] => C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe [192512 2006-10-30] (SupportSoft, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-09] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-110530747-2245437320-93801351-1007\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6844848 2018-01-18] (SUPERAntiSpyware)
HKU\S-1-5-21-110530747-2245437320-93801351-1007\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [12762872 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-110530747-2245437320-93801351-1007\...\Policies\Explorer: [EditLevel] 0
HKU\S-1-5-21-110530747-2245437320-93801351-1007\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-110530747-2245437320-93801351-1007\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-18\...\RunOnce: [SWHelper] => C:\WINDOWS\system32\Macromed\Shockwave 8\PostUpdate.exe [53248 2010-08-23] ()
Lsa: [Notification Packages] scecli scecli scecli scecli scecli
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk [2005-06-01]
ShortcutTarget: America Online 9.0 Tray Icon.lnk -> C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3133748A-A2D1-48E8-B45C-75494EA233F3}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-110530747-2245437320-93801351-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-110530747-2245437320-93801351-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-110530747-2245437320-93801351-1007 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-110530747-2245437320-93801351-1007 -> {FEAAD194-B719-4200-ADD8-2CB6EA13B998} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-15] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-110530747-2245437320-93801351-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2005-01-12] (Hewlett-Packard Company)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2004-09-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default [2018-03-26]
FF Homepage: C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default -> hxxp://www.msn.com/
FF NetworkProxy: C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default -> type", 0
FF Extension: (Avast SafePrice) - C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default\Extensions\sp@avast.com.xpi [2018-03-09]
FF Extension: (Avast Online Security) - C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default\Extensions\wrc@avast.com.xpi [2017-10-09]
FF Extension: (Yahoo Toolbar and New Tab) - C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}.xpi [2017-05-04] [Legacy]
FF Extension: (Adblock Plus) - C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-13]
FF SearchPlugin: C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default\searchplugins\yahoo-avast.xml [2014-06-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-06-28] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-15] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-03-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [No File]
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Booker\Application Data\Move Networks\plugins\npqmp071705000014.dll [2010-01-24] (Move Networks)
FF Plugin: @real.com/nppl3260;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-07-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-07-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-07-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-07-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-07-15] (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2007-09-18] (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2007-09-18] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Profile: C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-03-20]
CHR Extension: (Slides) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-06]
CHR Extension: (Docs) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-10]
CHR Extension: (Google Drive) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-20]
CHR Extension: (YouTube) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-20]
CHR Extension: (Sheets) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-14]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-22]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-14]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-25]
CHR Extension: (Gmail) - C:\Documents and Settings\JT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-20]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-06-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-10] (SUPERAntiSpyware.com)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-03-09] (Adobe Systems Incorporated) [File not signed]
S2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [1135728 2004-04-07] (America Online, Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888 2018-03-09] (AVAST Software)
S2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [389120 2004-08-25] () [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-09] (AVAST Software)
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
S2 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
S3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S2 gupdate1c9c1062820fd4; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [121600 2013-04-05] (Intel Corporation)
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
S2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2004-03-04] (Lexmark International, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
S3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
S2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S3 usprserv; C:\WINDOWS\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
S1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167040 2018-03-09] (AVAST Software)
S1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [185432 2018-03-09] (AVAST Software)
S0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157368 2018-03-09] (AVAST Software)
S0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276688 2018-03-09] (AVAST Software)
S0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50336 2018-03-09] (AVAST Software)
S1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [169536 2018-03-09] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-03-09] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [39784 2017-08-31] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124392 2018-03-09] (AVAST Software)
R1 AswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70576 2018-03-09] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70816 2018-03-09] (AVAST Software)
S1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783608 2018-03-09] (AVAST Software)
S1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [391856 2018-03-09] (AVAST Software)
S3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205344 2018-03-09] (AVAST Software)
S0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-03-09] (AVAST Software)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [87488 2004-12-01] (Sonic Solutions) [File not signed]
S2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions) [File not signed]
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2004-01-05] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-01-05] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2004-01-05] (HP)
S3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [151328 2018-02-21] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40376 2018-03-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2018-03-26] (Malwarebytes)
S2 MCSTRM; C:\WINDOWS\system32\Drivers\MCSTRM.sys [8413 2006-12-27] (RealNetworks, Inc.) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
S2 npkcrypt; C:\Program Files\NEXON\MapleStory\npkcrypt.sys [23217 2006-11-20] (INCA Internet Co., Ltd.) [File not signed]
R3 npkcusb; C:\Program Files\NEXON\MapleStory\npkcusb.sys [15472 2006-11-09] (INCA Internet Co., Ltd.) [File not signed]
S2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
S2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
S2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-01-26] (Sonic Solutions) [File not signed]
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions) [File not signed]
S2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation) [File not signed]
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 bvrp_pci; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys [X]
U3 Winsock - Google Desktop Search Backup Before First Install; no ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-26 12:23 - 2018-03-26 12:24 - 000024136 _____ C:\Documents and Settings\JT\Desktop\FRST.txt
2018-03-26 12:22 - 2018-03-26 12:22 - 001764352 _____ (Farbar) C:\Documents and Settings\JT\Desktop\FRST.exe
2018-03-19 11:12 - 2018-03-26 12:23 - 000000000 ____D C:\FRST
2018-03-15 01:02 - 2018-03-15 01:02 - 000001946 _____ C:\Documents and Settings\JT\Desktop\eset.txt
2018-03-14 22:02 - 2018-03-14 22:02 - 006968952 _____ (ESET spol. s r.o.) C:\Documents and Settings\JT\Desktop\esetonlinescanner_enu.exe
2018-03-14 16:46 - 2018-03-26 12:16 - 000032354 _____ C:\WINDOWS\SchedLgU.Txt
2018-03-14 09:45 - 2018-03-26 12:19 - 000953648 _____ C:\WINDOWS\ntbtlog.txt
2018-03-14 01:54 - 2018-03-14 01:54 - 000001240 _____ C:\Documents and Settings\JT\Desktop\bytes.txt
2018-03-13 22:47 - 2018-03-26 10:47 - 000000286 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2018-03-13 22:47 - 2018-03-13 22:47 - 000000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2018-03-13 15:10 - 2018-03-13 15:10 - 000001195 _____ C:\Documents and Settings\JT\Desktop\nicetry.txt
2018-03-13 13:48 - 2018-03-13 13:48 - 000000000 ____D C:\Documents and Settings\JT\Local Settings\Application Data\GoToAssist Remote Support Customer
2018-03-13 13:48 - 2018-03-13 13:48 - 000000000 ____D C:\Documents and Settings\JT\Local Settings\Application Data\GoTo Opener
2018-03-10 02:47 - 2018-03-16 16:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-10 02:47 - 2018-03-10 02:47 - 000000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2018-03-10 02:47 - 2018-03-10 02:47 - 000000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2018-03-10 02:27 - 2018-03-10 02:29 - 045462072 _____ (Mozilla) C:\Documents and Settings\JT\Desktop\Firefox Setup 52.6.0esr.exe
2018-03-09 22:43 - 2018-03-09 22:42 - 000319392 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-26 12:24 - 2013-08-16 17:59 - 000000000 ____D C:\Documents and Settings\JT\Local Settings\temp
2018-03-26 12:22 - 2010-08-16 05:39 - 000001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2018-03-26 12:19 - 2017-12-11 15:19 - 000040376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-26 12:18 - 2017-12-11 15:19 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-03-26 12:18 - 2004-08-11 18:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2018-03-26 12:16 - 2004-08-11 18:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-26 12:15 - 2009-07-28 11:58 - 000000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{3098DA4A-FE05-4998-841F-6C5DE24BD70A}.job
2018-03-26 12:15 - 2005-06-20 11:33 - 000000178 ___SH C:\Documents and Settings\JT\ntuser.ini
2018-03-26 12:15 - 2005-06-20 11:33 - 000000000 ____D C:\Documents and Settings\JT
2018-03-26 12:06 - 2012-06-22 12:39 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2018-03-26 12:04 - 2017-06-28 16:45 - 000000000 ____D C:\Documents and Settings\JT\Application Data\HaoZip
2018-03-26 11:50 - 2009-07-01 00:49 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-03-26 11:50 - 2009-07-01 00:49 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-03-26 10:46 - 2016-06-13 11:15 - 000000462 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1465830901.job
2018-03-26 10:45 - 2014-03-28 02:12 - 000000228 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2018-03-26 10:45 - 2011-12-06 00:50 - 000000284 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1007.job
2018-03-26 10:45 - 2011-04-04 11:10 - 000000292 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1009.job
2018-03-26 10:45 - 2010-08-17 01:34 - 000000280 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-18.job
2018-03-26 10:45 - 2010-04-24 16:15 - 000000278 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1008.job
2018-03-26 10:45 - 2010-03-14 09:14 - 000000284 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1011.job
2018-03-26 10:45 - 2010-03-07 13:08 - 000000278 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1006.job
2018-03-26 10:44 - 2017-04-16 16:30 - 000000310 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-03-26 10:41 - 2017-01-17 12:25 - 000000000 _____ C:\WINDOWS\system32\last.dump
2018-03-26 10:21 - 2004-08-11 18:12 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-19 10:47 - 2012-09-24 09:23 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-03-14 22:03 - 2017-07-12 01:39 - 000000000 ____D C:\Documents and Settings\JT\Local Settings\Application Data\ESET
2018-03-13 22:56 - 2006-06-02 18:03 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-13 22:47 - 2013-07-14 16:05 - 000000000 ____D C:\Program Files\CCleaner
2018-03-13 22:47 - 2013-07-08 14:06 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2018-03-13 01:34 - 2010-08-17 01:34 - 000000288 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
2018-03-12 10:53 - 2004-08-11 18:07 - 000622496 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-09 23:10 - 2012-04-08 16:26 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-03-09 23:10 - 2011-06-07 16:31 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-03-09 22:47 - 2004-08-11 18:02 - 000000000 ____D C:\WINDOWS\inf
2018-03-09 22:43 - 2017-11-10 11:48 - 000167040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-09 22:43 - 2015-08-12 11:57 - 000205344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-03-09 22:43 - 2014-05-05 16:13 - 000042808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-09 22:43 - 2013-09-26 17:54 - 000391856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-09 22:43 - 2013-09-26 17:54 - 000310784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-09 22:43 - 2013-09-26 17:54 - 000124392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-09 22:43 - 2013-09-26 17:54 - 000070816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-09 22:43 - 2013-09-26 17:54 - 000070576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-03-09 22:41 - 2017-12-21 11:08 - 000169536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-09 22:41 - 2017-04-16 16:29 - 000276688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2018-03-09 22:41 - 2017-04-16 16:29 - 000185432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2018-03-09 22:41 - 2017-04-16 16:29 - 000157368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2018-03-09 22:41 - 2017-04-16 16:29 - 000050336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2018-03-09 22:41 - 2013-09-26 17:54 - 000783608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-09 10:36 - 2014-03-28 02:12 - 000000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2018-02-26 20:24 - 2016-05-30 13:04 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp

==================== Files in the root of some directories =======

2013-07-30 14:44 - 2013-07-30 15:10 - 000000277 _____ () C:\Documents and Settings\JT\reset.bat
2013-09-13 13:09 - 2013-09-13 15:38 - 000000160 _____ () C:\Documents and Settings\JT\Application Data\burnaware.ini
2005-08-28 13:44 - 2005-08-28 13:44 - 000000000 ____C () C:\Documents and Settings\JT\Application Data\wklnhst.dat
2007-04-13 21:10 - 2007-04-13 21:10 - 000000131 _____ () C:\Documents and Settings\JT\Local Settings\Application Data\fusioncache.dat
2011-05-14 14:12 - 2011-05-14 17:52 - 000015556 ___SH () C:\Documents and Settings\JT\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
2005-11-06 00:08 - 2012-01-14 10:08 - 000002843 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Some files in TEMP:
====================
2014-05-07 14:02 - 2014-05-07 14:02 - 000041984 _____ () C:\Documents and Settings\JT\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7izwxy.dll
2015-05-12 11:38 - 2015-05-16 03:36 - 007171708 _____ () C:\Documents and Settings\JT\Local Settings\temp\{87836FB9-F96F-4AF8-8660-2CDA48D69393}-42.0.2311.152_chrome_installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Addition txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by JT  (26-03-2018 12:25:38)
Running from C:\Documents and Settings\JT\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2005-06-12 16:51:51)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-110530747-2245437320-93801351-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Booker (S-1-5-21-110530747-2245437320-93801351-1011 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Booker
Elaine (S-1-5-21-110530747-2245437320-93801351-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Elaine
Guest (S-1-5-21-110530747-2245437320-93801351-501 - Limited - Disabled)
Guest Access (S-1-5-21-110530747-2245437320-93801351-1009 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest Access
HelpAssistant (S-1-5-21-110530747-2245437320-93801351-1004 - Limited - Disabled)
JT (S-1-5-21-110530747-2245437320-93801351-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\JT
SUPPORT_388945a0 (S-1-5-21-110530747-2245437320-93801351-1002 - Limited - Disabled)
Terri (S-1-5-21-110530747-2245437320-93801351-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Terri

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2345好压 (HKLM\...\HaoZip) (Version: v5.9 - 2345.com)
4200 (HKLM\...\{34611BCF-3157-405b-A34E-879C7DC79142}) (Version: 40.0.105.000 - Hewlett-Packard) Hidden
4200_Help (HKLM\...\{133CD5EF-A4A1-442a-8D50-910B5DEF76BD}) (Version: 40.0.105.000 -  Hewlett-Packard) Hidden
4200Tour (HKLM\...\{9A0DCD97-9648-45ed-A52C-133C728AB2FF}) (Version: 40.0.105.000 -  Hewlett-Packard) Hidden
4200Trb (HKLM\...\{68A2A8FC-2CA0-4b6c-BE09-CC7ABE2A8DDC}) (Version: 40.0.105.000 -  Hewlett-Packard) Hidden
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AiO_Scan (HKLM\...\{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}) (Version: 40.0.105.000 - Hewlett-Packard) Hidden
AIOMinimal (HKLM\...\{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}) (Version: 40.0.105.000 - Hewlett-Packard) Hidden
AiOSoftware (HKLM\...\{63F2408D-A675-4d97-A256-70EACB6B9B4A}) (Version: 40.0.105.000 - Hewlett-Packard) Hidden
AOL Coach Version 1.0(Build:20040229.1 en) (HKLM\...\AOLCoach) (Version:  - )
AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version:  - )
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - )
AOLIcon (HKLM\...\{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}) (Version: 1.00.0000 - Dell) Hidden
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5120 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.051-040825a-017900C-Dell - )
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
BellSouth Application Management (HKLM\...\BellSouth Application Management) (Version:  - )
BellSouth Internet Security - Alert Manager 1.3.20 (HKLM\...\RadialpointClientGateway_is1) (Version: 1.3.20 - Bellsouth)
BellSouth® FastAccess® DSL Help Center 4.0 (HKLM\...\BellsouthHelpCenter4_is1) (Version: 4.0.29 - BellSouth)
Best Buy Digital Music Store (HKLM\...\Best Buy Digital Music Store) (Version:  - )
Best Buy Rhapsody (HKLM\...\Best Buy Rhapsody) (Version:  - )
BurnAware Free 6.4 (HKLM\...\BurnAware Free_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Copy (HKLM\...\{48242276-DB89-42e8-9678-BD4280D7B99A}) (Version: 5.35.0.065 - Hewlett-Packard) Hidden
CouponBar (HKLM\...\TTB000001.TTB000001Toolbar) (Version:  - ) <==== ATTENTION
CreativeProjects (HKLM\...\{9B03C535-3AEA-4ef2-B326-0A01A2207034}) (Version: 5.35.0.059 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version:  - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Media Experience (HKLM\...\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}) (Version: 3.00 - Dell)
Dell Photo Printer 720 (HKLM\...\Dell Photo Printer 720) (Version:  - )
Dell Photo Printer 720 Logger (HKLM\...\Dell Photo Printer 720 Logger) (Version: 1.0 - Dell)
Dell Picture Studio v3.0 (HKLM\...\{AF06CAE4-C134-44B1-B699-14FBDB63BD37}) (Version: 3.0.0 - Jasc Software, Inc.)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3062 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
Director (HKLM\...\{723C033E-63EA-4227-BAB2-0AA8693C16EB}) (Version: 5.35.0.051 - Hewlett-Packard) Hidden
DocProc (HKLM\...\{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}) (Version: 3.5.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-110530747-2245437320-93801351-1007\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
EarthLink setup files (HKLM\...\{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}) (Version: 2005.1.47.0 - EarthLink)
Fax (HKLM\...\{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}) (Version: 40.0.105.000 - Hewlett-Packard) Hidden
Get High Speed Internet! (HKLM\...\{7A3F0566-5E05-4919-9C98-456F6B5CF831}) (Version: 1.00.0000 - Dell)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
HP Image Zone 3.5 (HKLM\...\HP Photo & Imaging) (Version: 3.5 - HP)
HP PSC & OfficeJet 3.5 (HKLM\...\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}) (Version: 3.5 - HP)
HP Unload DLL Patch (HKLM\...\{595D0DE8-C38A-4432-B851-47DECC1A99BD}) (Version: 1.00.0000 - Hewlett-Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPSystemDiagnostics (HKLM\...\{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}) (Version: 1.5.0.0 - Your Company Name) Hidden
InstantShare (HKLM\...\{745A92AF-53B4-41A7-91C3-9B026B1D5897}) (Version: 3.5.0.21 - Hewlett-Packard) Hidden
InstantShareAlert (HKLM\...\{069730C2-755A-485B-A205-27A1AAFA836A}) (Version: 1.00.0000 - HP) Hidden
Intel® Network Connections 18.3.62.0 (HKLM\...\{FCF3ECF7-7AE0-4E26-B387-09A3A80B79CC}) (Version: 18.3.62.0 - Intel)
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Internet Explorer Default Page (HKLM\...\{35BDEFF1-A610-4956-A00D-15453C116395}) (Version: 1.00.03 - Dell Inc.) Hidden
Jasc Paint Shop Photo Album (HKLM\...\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}) (Version: 4.0.4 - Jasc Software, Inc.)
Jasc Paint Shop Photo Album 5 (HKLM\...\{4192EAC0-6B36-4723-B216-D0E86E7757AC}) (Version: 5.21 - Jasc Software, Inc.)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Macromedia Flash Player (HKLM\...\{0456ebd7-5f67-4ab6-852e-63781e3f389c}) (Version: 7.0.19.0 - Macromedia, Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MapleStory (HKLM\...\{DEC511B1-59CB-4F15-AD75-0543034572A5}) (Version:  - )
MapleStory (HKLM\...\{F99C5427-4D78-43E2-B97E-F4C4E622D612}) (Version: 035 - Nexon)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Easy Assist v2 (HKLM\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2005 (HKLM\...\{05410044-64A6-4248-A026-9745C1E9E159}) (Version: 2005 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Money 2005 (HKLM\...\Money2005b) (Version: 14 - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM\...\{AC388C78-2619-452C-BFBE-FABCC3194387}) (Version: 8.0.6362.149 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Picture It! Premium 10 (HKLM\...\PictureItPrem_v10) (Version: 10.0.0612 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Streets and Trips 2005 (HKLM\...\{67E4EE98-59F4-4210-89A6-A20AF5BEC689}) (Version: 12.00.07.1200 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Microsoft Works 2005 Setup Launcher (HKLM\...\Works2005Setup) (Version:  - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}) (Version: 8.0.0.0000 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.28 - BVRP Software)
Mozilla Firefox 52.7.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.7.2 ESR (x86 en-US)) (Version: 52.7.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.7.2.6648 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Musicmatch® Jukebox (HKLM\...\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}) (Version: 9.00.5100 - )
My Way Search Assistant (HKLM\...\{78D944D7-A97B-4004-AB0A-B5AD06839940}) (Version: 1.0.256 - MyWay.com) Hidden
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
NetZeroInstallers (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
nLite 1.4.9.3 (HKLM\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
overland (HKLM\...\{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}) (Version: 2.1.6.2 - HP) Hidden
Overland (HKLM\...\{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}) (Version: 2.1.4 - Hewlett-Packard) Hidden
PassAlong Software (HKLM\...\{AC4732F4-665D-4E6B-8E50-74D6B6FBE5A9}) (Version: 2.2.04 - PassAlong Music Store)
Photo Click (HKLM\...\{6E179C77-7335-458D-9537-4F4EAC0181ED}) (Version: 1.0.0 - Photo Click)
PhotoGallery (HKLM\...\{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}) (Version: 5.35.0.059 - Hewlett-Packard) Hidden
PowerDVD 5.5 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PrintScreen (HKLM\...\{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}) (Version: 5.35.0.035 - Hewlett-Packard) Hidden
QFolder (HKLM\...\{8777AC6D-89F9-4793-8266-DE406F343E89}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Qualxserve Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.11.0000 - Dell)
QuickBooks Simple Start Special Edition (HKLM\...\{14374619-0900-4056-BA06-C87C900AF9E6}) (Version:  - )
QuickProjects (HKLM\...\{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}) (Version: 5.35.0.047 - Hewlett-Packard) Hidden
Readme (HKLM\...\{A2500497-FD32-493e-B8E5-28D6728DBEF5}) (Version: 40.0.105.000 - Hewlett-Packard) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.5 - RealNetworks)
RealUpgrade 1.0 (HKLM\...\{F4F4F84E-804F-4E9A-84D7-C34283F0088F}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
REXplorer Component Upgrade (HKLM\...\{A639BD63-8CE6-11D5-B4CC-00105A07274A}) (Version:  - )
Rhapsody Player Engine (HKLM\...\{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}) (Version: 1.1.0 - RealNetworks)
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
Scan (HKLM\...\{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}) (Version: 3.5.0.0 - Hewlett-Packard) Hidden
Shockwave (HKLM\...\Shockwave) (Version:  - )
SkinsHP1 (HKLM\...\{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}) (Version: 5.35.0.043 - Hewlett-Packard) Hidden
SkinsHP2 (HKLM\...\{BC339BFD-F550-471a-8D26-4D08126C62F7}) (Version: 5.35.0.043 - Hewlett-Packard) Hidden
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
TBS WMP Plug-in (HKLM\...\{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}) (Version: 1.00.518 - CNN) Hidden
TBS WMP Plug-in (HKLM\...\InstallShield_{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}) (Version: 1.00.518 - CNN)
TrayApp (HKLM\...\{81DD5688-695A-4c1d-AE7D-368BF857725A}) (Version: 5.35.0.035 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.6.1 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.16 - Tweaking.com)
Unload (HKLM\...\{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}) (Version: 3.5.0 - Hewlett-Packard) Hidden
VC_CRT_x86 (HKLM\...\{8054D734-39C7-463D-B764-9C883982B8F9}) (Version: 1.02.0000 - Intel Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{FBBF532A-47AC-457d-AC06-0D3163D8911E}) (Version: 5.31.0.147 - Hewlett-Packard) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.5.0530.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Works Upgrade (HKLM\...\{DE1AF137-C455-494A-A817-EFE44BCCFDEE}) (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-110530747-2245437320-93801351-1007_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\JT\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-110530747-2245437320-93801351-1007_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\JT\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-110530747-2245437320-93801351-1007_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\JT\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-110530747-2245437320-93801351-1007_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\JT\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-110530747-2245437320-93801351-1007_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\JT\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-110530747-2245437320-93801351-1007_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\JT\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-09] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\JT \Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\JT \Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\JT \Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\JT \Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-09] (AVAST Software)
ContextMenuHandlers1: [HaoZip] -> {5FED836A-C96C-4d88-A91E-F63F07726585} => C:\Program Files\HaoZip\HaoZipExt.dll [2017-03-30] (2345.com)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll -> No File
ContextMenuHandlers2: [HaoZip] -> {5FED836A-C96C-4d88-A91E-F63F07726585} => C:\Program Files\HaoZip\HaoZipExt.dll [2017-03-30] (2345.com)
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-09] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [HaoZip] -> {5FED836A-C96C-4d88-A91E-F63F07726585} => C:\Program Files\HaoZip\HaoZipExt.dll [2017-03-30] (2345.com)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-09] (AVAST Software)
ContextMenuHandlers6: [HaoZip] -> {5FED836A-C96C-4d88-A91E-F63F07726585} => C:\Program Files\HaoZip\HaoZipExt.dll [2017-03-30] (2345.com)
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-110530747-2245437320-93801351-1007: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\JT\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-110530747-2245437320-93801351-1007: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\JT\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-110530747-2245437320-93801351-1007: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\JT\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-18.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-110530747-2245437320-93801351-1011.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-18.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-110530747-2245437320-93801351-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-110530747-2245437320-93801351-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-110530747-2245437320-93801351-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-110530747-2245437320-93801351-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-110530747-2245437320-93801351-1011.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1465830901.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{3098DA4A-FE05-4998-841F-6C5DE24BD70A}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\WebReg 20120114091854.job => C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\JT\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\remove_symbolic_links_from_windows_defender_folder.lnk -> C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\remove_symbolic_links_from_windows_defender_folder.bat ()
Shortcut: C:\Documents and Settings\JT\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2004-08-11 18:00 - 2004-08-04 06:00 - 000015360 _____ () C:\WINDOWS\system32\tsd32.dll
2017-12-11 15:18 - 2017-11-29 10:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2004-08-11 18:00 - 2013-01-02 02:49 - 001292288 _____ () C:\WINDOWS\system32\quartz.dll
2018-03-09 23:09 - 2018-03-09 23:09 - 020146176 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_28_0_0_161.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-110530747-2245437320-93801351-1007\Software\Classes\exefile: "%1" %* <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-07-30 13:51 - 2017-12-07 00:23 - 000000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-110530747-2245437320-93801351-1007\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\JT \Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk => C:\WINDOWS\pss\dlbcserv.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ATIPTA => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DVDLauncher => "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
MSCONFIG\startupreg: HP Component Manager => "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ISUSPM Startup => c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: mmtask => "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
MSCONFIG\startupreg: MMTray => "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe"  -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\LEXPPS.EXE] => Disabled:LEXPPS.EXE
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\JT\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/26/2018 12:13:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 52.7.2.6648, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/26/2018 10:40:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SUPERAntiSpyware.exe, version 6.0.0.1254, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/26/2018 10:40:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SUPERAntiSpyware.exe, version 6.0.0.1254, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/26/2018 02:19:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.7.2.6648, faulting module mozglue.dll, version 52.7.2.6648, fault address 0x0000faee.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/13/2018 02:00:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 52.7.0.6640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/13/2018 12:41:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 52.6.0.6592, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2018 12:43:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 52.6.0.6592, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/05/2018 03:33:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 52.6.0.6592, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (03/26/2018 12:19:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswArPot
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswHdsKe
aswRvrt
aswSnx
aswSP
aswVmm
ESProtectionDriver
Fips
intelppm
SASDIFSV
SASKUTIL

Error: (03/26/2018 12:18:35 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/26/2018 10:45:32 AM) (Source: Schannel) (EventID: 4116) (User: )
Description: The certificate received from the remote server does not contain the expected name.
It is therefore not possible to determine whether we are connecting to the
correct server. The server name we were expecting is au.avastbrowser.com. The SSL connection request has
failed. The attached data contains the server certificate.

Error: (03/26/2018 10:44:45 AM) (Source: WMPNetworkSvc) (EventID: 14325) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80004002'. In Windows Media Player, turn off media sharing, and then turn it back on.

Error: (03/26/2018 10:42:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avast Antivirus service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/26/2018 10:42:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Avast Antivirus service to connect.

Error: (03/26/2018 10:41:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (03/26/2018 10:21:22 AM) (Source: WMPNetworkSvc) (EventID: 14325) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80004002'. In Windows Media Player, turn off media sharing, and then turn it back on.


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.80GHz
Percentage of memory in use: 77%
Total physical RAM: 1022.07 MB
Available physical RAM: 229.77 MB
Total Virtual: 2462.02 MB
Available Virtual: 1791.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:70.21 GB) (Free:33.45 GB) NTFS ==>[drive with boot components (Windows XP)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=70.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.2 GB) - (Type=DB)

==================== End of Addition.txt ============================

 

I don't have the original Windows CD.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:35 AM

Posted 29 March 2018 - 07:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.

CouponBar (HKLM\...\TTB000001.TTB000001Toolbar) (Version: - ) <==== ATTENTION < see my note.
My Way Search Assistant (HKLM\...\{78D944D7-A97B-4004-AB0A-B5AD06839940}) (Version: 1.0.256 - MyWay.com) Hidden <-Adware

Note:
CouponBar has been found to be bundled with 3rd party software. If you have not purposefully installed this, you should be safe uninstalling it.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-110530747-2245437320-93801351-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-110530747-2245437320-93801351-1007 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
FF SearchPlugin: C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default\searchplugins\yahoo-avast.xml [2014-06-17]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [No File]
CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl"
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys [X]

ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
<<<>>>

Please post the logs and let me know what problem persists with this computer.

#5 Tim1731

Tim1731
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 30 March 2018 - 09:02 PM

Hey, Nasdaq.

 

On my computer its Control Panel>  Add or Remove Programs>  Change/Remove

 

When I hit Change/Remove on CouponBar, nothing happens.  It doesn't give me the option to remove.

 

My Way Search Assistant is hidden and not listed in the Control Panel.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:35 AM

Posted 31 March 2018 - 07:33 AM

Hi,
 

On my computer its Control Panel> Add or Remove Programs> Change/Remove

Correct location for your Woindows 8.

====
 

On my computer its Control Panel> Add or Remove Programs> Change/Remove
When I hit Change/Remove on CouponBar, nothing happens. It doesn't give me the option to remove.

These registry program reported may have been removed.
Remnant items are still present in the registry.
Lets find out.


Download the Sustemlook appropriate for you system.

SystemLook (32-Bit Version) or SystemLook (64-Bit Version)
  • Double-click SystemLook.exe/SystemLook_x64.exe
  • to run it.
  • Copy and paste the content of the following bold text into the main textfield:
  • :regfind
    CouponBar
    My Way Search Assistant
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
  • ===

    Run the rest of the fix and post the logs.


#7 Tim1731

Tim1731
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 31 March 2018 - 10:36 PM

I'm on Microsoft Windows XP.  I didn't run the AdwCleaner scan because it says it's not compatible with XP.  So since I didn't run the scan, I didn't proceed to the next step- resetting Firefox.  Not sure if you want me to run the AdwCleaner scan and reset Firefox anyway.

 

Systemlook.txt:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 21:09 on 31/03/2018 by JT
Administrator - Elevation successful

========== regfind ==========

Searching for "CouponBar"
[HKEY_CURRENT_USER\Software\TTB000001\Toolbar]
"corruptedMsg"="One of the CouponBar files is corrupted or invalid. Press OK to uninstall."
[HKEY_CURRENT_USER\Software\TTB000001\Toolbar]
"uninstallMsg"="This will remove the CouponBar from your computer! Are you sure?"
[HKEY_CURRENT_USER\Software\TTB000001\Toolbar]
"updateMsg"="This will try to update the CouponBar from the server. Continue?"
[HKEY_CURRENT_USER\Software\TTB000001\Toolbar]
"autoUpdateMsg"="New version of the CouponBar is available. Would you like to download and install new version?"
[HKEY_CURRENT_USER\Software\TTB000001\Toolbar]
"lastVersionMsg"="You have the latest version of the CouponBar."
[HKEY_CURRENT_USER\Software\TTB000001\Toolbar]
"closeAllWindowsForUpdate"="All running IE Windows will be closed before updating the CouponBar. Continue?"
[HKEY_CURRENT_USER\Software\TTB000001\Toolbar]
"updateUrl"="http://a19.g.akamai.net/7/19/7125/1442/ftp.coupons.com/CouponsBarXML/CouponBarIE.cab"
[HKEY_CURRENT_USER\Software\TTB000001\Toolbar]
"urlAfterUninstall"="http://couponbar.coupons.com/"
[HKEY_CURRENT_USER\Software\TTB000001\Toolbar]
"firstURL"="http://couponbar.coupons.com/CBInstalled.asp"
[HKEY_CURRENT_USER\Software\TTB000001\Toolbar]
"urlAfterUpdate"="http://couponbar.coupons.com/CBInstalled.asp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TTB000001.IEToolbar]
@="CouponBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TTB000001.IEToolbar.1]
@="CouponBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTB000001.TTB000001Toolbar]
"DisplayName"="CouponBar"
[HKEY_USERS\S-1-5-21-110530747-2245437320-93801351-1007\Software\TTB000001\Toolbar]
"corruptedMsg"="One of the CouponBar files is corrupted or invalid. Press OK to uninstall."
[HKEY_USERS\S-1-5-21-110530747-2245437320-93801351-1007\Software\TTB000001\Toolbar]
"uninstallMsg"="This will remove the CouponBar from your computer! Are you sure?"
[HKEY_USERS\S-1-5-21-110530747-2245437320-93801351-1007\Software\TTB000001\Toolbar]
"updateMsg"="This will try to update the CouponBar from the server. Continue?"
[HKEY_USERS\S-1-5-21-110530747-2245437320-93801351-1007\Software\TTB000001\Toolbar]
"autoUpdateMsg"="New version of the CouponBar is available. Would you like to download and install new version?"
[HKEY_USERS\S-1-5-21-110530747-2245437320-93801351-1007\Software\TTB000001\Toolbar]
"lastVersionMsg"="You have the latest version of the CouponBar."
[HKEY_USERS\S-1-5-21-110530747-2245437320-93801351-1007\Software\TTB000001\Toolbar]
"closeAllWindowsForUpdate"="All running IE Windows will be closed before updating the CouponBar. Continue?"
[HKEY_USERS\S-1-5-21-110530747-2245437320-93801351-1007\Software\TTB000001\Toolbar]
"updateUrl"="http://a19.g.akamai.net/7/19/7125/1442/ftp.coupons.com/CouponsBarXML/CouponBarIE.cab"
[HKEY_USERS\S-1-5-21-110530747-2245437320-93801351-1007\Software\TTB000001\Toolbar]
"urlAfterUninstall"="http://couponbar.coupons.com/"
[HKEY_USERS\S-1-5-21-110530747-2245437320-93801351-1007\Software\TTB000001\Toolbar]
"firstURL"="http://couponbar.coupons.com/CBInstalled.asp"
[HKEY_USERS\S-1-5-21-110530747-2245437320-93801351-1007\Software\TTB000001\Toolbar]
"urlAfterUpdate"="http://couponbar.coupons.com/CBInstalled.asp"

Searching for "My Way Search Assistant"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7D449D87B79A4004BAA05BDA60389904]
"ProductName"="My Way Search Assistant"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D449D87B79A4004BAA05BDA60389904\InstallProperties]
"DisplayName"="My Way Search Assistant"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78D944D7-A97B-4004-AB0A-B5AD06839940}]
"DisplayName"="My Way Search Assistant"

-= EOF =-

 

Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by JT  (31-03-2018 21:29:18) Run:1
Running from C:\Documents and Settings\JT\Desktop
Loaded Profiles: JT  (Available Profiles: Elaine & JT  & Terri & Guest Access & Booker & Administrator)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-110530747-2245437320-93801351-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-110530747-2245437320-93801351-1007 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
FF SearchPlugin: C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default\searchplugins\yahoo-avast.xml [2014-06-17]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [No File]
CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl"
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys [X]

ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-110530747-2245437320-93801351-1007\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => removed successfully.
HKLM\Software\Classes\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => not found
"HKU\S-1-5-21-110530747-2245437320-93801351-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => removed successfully.
HKLM\Software\Classes\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => not found
C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\wizw29dy.default\searchplugins\yahoo-avast.xml => moved successfully
"HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => removed successfully.
"Chrome StartupUrls" => removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => removed successfully.
"HKLM\System\CurrentControlSet\Services\SDDMI2" => removed successfully.
SDDMI2 => service removed successfully.
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully.
"HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}" => removed successfully.
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\DriveLetterAccess" => removed successfully.
"HKLM\Software\Classes\CLSID\{5CA3D70E-1895-11CF-8E15-001234567890}" => removed successfully.
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully.
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully.
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found

========= ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


========= IPCONFIG /release =========



Windows IP Configuration





Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . :

        IP Address. . . . . . . . . . . . : 0.0.0.0

        Subnet Mask . . . . . . . . . . . : 0.0.0.0

        Default Gateway . . . . . . . . . :


========= End of CMD: =========


========= IPCONFIG /renew =========



Windows IP Configuration





Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : attlocal.net

        IP Address. . . . . . . . . . . . : 192.168.1.70

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 82321 B
Java, Flash, Steam htmlcache => 1080 B
Windows/system/dllcache/drivers => 54049628 B
Edge => 0 B
Chrome => 36880102 B
Firefox => 29507609 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 82762 B
All Users => 0 B
systemprofile => 210262742 B
LocalService => 1458804 B
NetworkService => 1471515 B
Elaine => 2029905 B
JT  => 208167341 B
Terri => 211027 B
Guest Access => 416025 B
Booker => 525083 B
Administrator => 49302 B

RecycleBin => 1841898 B
EmptyTemp: => 521.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:30:46 ====



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:35 AM

Posted 01 April 2018 - 07:41 AM

Hi,

This should remove the remnant Uninstaller keys.

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\TTB000001\Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TTB000001.IEToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TTB000001.IEToolbar.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTB000001.TTB000001Toolbar]
[-HKEY_USERS\S-1-5-21-110530747-2245437320-93801351-1007\Software\TTB000001\Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7D449D87B79A4004BAA05BDA60389904]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D449D87B79A4004BAA05BDA60389904\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78D944D7-A97B-4004-AB0A-B5AD06839940}]


Restart the computer when completed.

You can delete the fixme.reg file when done.

===

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

====

Any remaining issues?

#9 Tim1731

Tim1731
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 01 April 2018 - 04:38 PM

Hey, I followed those instructions.

 

For whatever reason, I still cannot access the internet after the browser closes down.  If a page hangs, and I shut down the browser, I can't get back online.  If I simply close down all of my tabs, and try to reopen the browser, I cannot.get back on.  When a page freezes, the hourglass just stays on the screen.  So then I shut the browser down.  When I click on the Firefox or Google Chrome icon to get back online, nothing happens.  I can click it 20 times, and it doesn't open.  So I have to continually restart the computer to get back on.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:35 AM

Posted 02 April 2018 - 07:23 AM

Hi,

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If that fails to restore your internet reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

Post the Fixlog.txt and let me know if the problem persists.

#11 Tim1731

Tim1731
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 02 April 2018 - 11:27 AM

Hey,

 

I've been operating in Safe Mode lately, and this problem doesn't occur.  I can close down browsers and reopen them, without having to restart the computer.  The same extensions and plug-ins are in use in Safe Mode and Normal Mode, so that's not the problem.  My router is through the cable modem, and I'm on a desktop computer. I just got a replacement modem about a month ago, and this problem continued.  So I don't think it's the router.

 

 

I posted a topic at the end of last year about an Event ID error, but I never got a solution:  https://www.bleepingcomputer.com/forums/t/662969/schannel-error-event-id-36884/

 

This appears everyday:

 

"The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is au.avastbrowser.com. The SSL connection request has failed. The attached data contains the server certificate."

 

Could Avast Anti-Virus have something to do with this?  Because it is not loading in Safe Mode.  I don't know if it is malware or something else causing this problem.

 

I just want to know what you think before I run the FRST fix again.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:35 AM

Posted 02 April 2018 - 01:10 PM


Hi,

Could Avast Anti-Virus have something to do with this? Because it is not loading in Safe Mode. I don't know if it is malware or something else causing this problem.


Download and run the Avast Uninstaller tool.
https://www.avast.com/en-ca/uninstall-utility

When completed restart the computer normally.

Find out if the problem persists.


If all OK then reinstall AVAST FROM THEIR SITE.

Keep me posted.

#13 Tim1731

Tim1731
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 04 April 2018 - 02:18 PM

Avast seems to be playing some type of role in this.

 

When I uninstalled it, the Schannel error no longer showed up in the Event Viewer.

 

I was able to open tabs without the page hanging.  I also could close down the browser and reopen it without restarting the computer.  I repeated these steps several times to see if they would continue to work.  It worked for a while, but then it happened again.  I closed down the browser and tried to open it back up, and I could not.  So then I try to run a Malwarebytes scan and got the following message: 

 

"Malwarebytes is unable to load anti-rootkit dda driver.  This error may be due to rootkit activity.  We recommend rebooting so malwarebytes can attemp to install the driver."

 

I then restarted the computer in Safe Mode and reinstalled Avast.  When the installation was completed, I booted in Normal Mode. I repeated the same steps.  When I opened up a new tab, the page froze with the hourglass not moving.  I shut down the page, and could not reopen Firefox or Google Chrome.  I had to restart the computer.

 

So, things seemed to work okay when I first uninstalled Avast.  But the problem eventually returned before I reinstalled it. Then, after the reinstall, it didn't even work for a short time.  I could not open a tab or reopen the browser not even once.  If it is something with Avast, I don't know why it is happening now.  I've used it for years, and it caused no problems with the internet.  I wish the problem did not return before I reinstalled Avast, because then I could have pinpointed Avast as the main culprit.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:35 AM

Posted 09 April 2018 - 10:27 AM

Hi,

My apologies, I remember seen your replyi but did not follow up for an unknow reason.

Please run this Malwarebytes Anti-Rootkit.

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Before you run the program make sure you follow the instructions under Section 5.
5. Unselect sectors and system below. Hit the scan button.

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.
<<<>>>

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#15 Tim1731

Tim1731
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 09 April 2018 - 09:16 PM

Hey thanks, here are those logs.

 

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.04.09.04
  rootkit: v2018.04.05.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
JT  :: TEAGUE [administrator]

4/9/2018 7:48:21 PM
mbar-log-2018-04-09 (19-48-21).txt

Scan type:
Scan options enabled: Anti-Rootkit | Drivers | MBR
Scan options disabled: Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Objects scanned: 360
Time elapsed: 1 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

 

RogueKiller V12.12.12.0 [Apr  9 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : JT  [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 04/09/2018 20:32:36 (Duration : 00:52:18)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{503C51CA-0DB4-48A0-B2F0-12BF4E895A72} (C:\Program Files\Yahoo!\Companion\att\att.dll) -> Found
[PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{5E8AA0A0-78DD-41F8-A5C8-B2B8A1A0F8D8} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YTTicker.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{F5CC67F7-F6BA-44e3-98EC-EA17D17E6479} ("C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe") -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\MyWaySA -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-110530747-2245437320-93801351-1007\Software\MyWaySA -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion -> Found
[PUM.Desktop] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\Tencent -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\Tencent -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x10000]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.Proxy][Firefox:Config] 1z5fqsrq.default-1522609033375 : user_pref("network.proxy.type", 4); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD800JD-75JNC0 +++++
--- User ---
[MBR] e6215184c77044e50a79e8cec1c7c0af
[BSP] 61089aa54da192ccacc263ab131da6b3 : Dell MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 112455 | Size: 71892 MB [Windows XP Bootstrap | Windows XP Bootloader]
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 147348180 | Size: 4337 MB
User = LL1 ... OK
User = LL2 ... OK



 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users