Solved Constantly going into 'overdrive'

Malnutrition · Feb 16, 2017

bernie lamb said:
You speak French, too?!!!!

No, but google does. It is needed when dealing with these logs, people from all over the world post here.

bernie lamb · Feb 16, 2017

CollectionLog-2017.02.16-11.06.zip

bernie lamb · Feb 16, 2017

I've done the ccleaner bit now.

bernie lamb · Feb 16, 2017

Just had a flash from Avira!
C:\Documents and Settings\User\SupRestric.exe containing pattern of 'TR/Downloader.yagwm' was blocked

Malnutrition · Feb 16, 2017

bernie lamb said:
C:\Documents and Settings\User\SupRestric.exe containing pattern of 'TR/Downloader.yagwm' was blocked

This is a false positive, it is the file I had you use. The one with the french output. You can delete that file now, no problem.

Malnutrition · Feb 16, 2017

Step 1: ClearLNK

Download ClearLNK save it to your desktop.
Drag the file Check_Browsers_LNK from your Collection log made earlier.
As per picture.
A report on the work as a file ClearLNK- <date> .log
Will be produced, post that log.

Step 2: AVZ Fix
Disable your antivirus prior to this fix.
Copy the content of the code box below.

Code:

begin
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\Terminal Server','fAllowToGetHelp', 0);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\LSA','RestrictAnonymous', 2);
SetServiceStart('RDSessMgr', 4);
SetServiceStart('mnmsrvc', 4);
SetServiceStart('TermService', 4);
SetServiceStart('RemoteRegistry', 4);
SetAVZGuardStatus(True);
 DeleteService('ZAM');
 StopService('ZAM');
 DeleteFile('C:\WINDOWS\System32\drivers\zam32.sys','32');
 DeleteFile('C:\Program Files\Bonjour\mDNSResponder.exe','32');
 DeleteFile('C:\Program Files\TuneUp','32');
 DeleteFile('2014\TuneUpUtilitiesService32.exe','32');
 DeleteFile('C:\WINDOWS\system32\MsSip1.dll','32');
 DeleteFile('C:\WINDOWS\system32\MsSip2.dll','32');
 DeleteFile('C:\WINDOWS\system32\MsSip3.dll','32');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1','$DLL');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2','$DLL');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3','$DLL');
 DeleteFile('C:\WINDOWS\TEMP\0.del','32');
 RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce','Del2110015');
 RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce','Del2110015');
ClearHostsFile;
ExecuteSysClean;
RebootWindows(true);
end.

Open the folder you unzipped Autologger in. Double click the AVZ4 folder Right click AVZ run as admin. (Xp users Double Click)
Go to file -- Custom Scripts.

Paste the content of your clipboard into the Custom Script Area.
Click the Run Button.

The program will reboot your machine.

Step 3: FRST Scan logs.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.

Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select Scan

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Please Copy and Paste the contents of these logs in your next post

bernie lamb · Feb 16, 2017

Sorry (again!) Stupidly, I've been waiting to see you come back, but forgot that I wasn't logged in after the last exercise.

Check Browser link won't let me drag it into the ClearLNK window!

Malnutrition · Feb 16, 2017

bernie lamb said:
Check Browser link won't let me drag it into the ClearLNK window!

Drag this file onto the program. Click here to download the file.

bernie lamb · Feb 16, 2017

ClearLNK-16.02.2017_13-27.log

bernie lamb · Feb 16, 2017

Did I get it right?

Malnutrition · Feb 16, 2017

bernie lamb said:
Did I get it right?

Yep, from the log --- Cure ran per today: 4 times.

You are good, move onto the next step.

bernie lamb · Feb 16, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2017 02

Click to expand...

Ran by User (administrator) on USER-3B477342DC (16-02-2017 13:41:23)
Running from C:\Documents and Settings\User\My Documents\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [831576 2016-10-25] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-329068152-606747145-1417001333-1003\...\MountPoints2: {b0d127e7-5823-11e3-86e5-0017a4e7b8b3} - E:\FlashDiskUtility.exe
HKU\S-1-5-21-329068152-606747145-1417001333-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmypics.scr [47104 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{56DE89C7-1EEF-4C6D-BBEB-2CC196F5B086}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-329068152-606747145-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-329068152-606747145-1417001333-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-29] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2012-01-14] (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [2012-01-14] (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-329068152-606747145-1417001333-1003: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://uk.search.yahoo.com/?type=711278&fr=yo_tr_gc
CHR StartupUrls: Default -> "hxxps://uk.search.yahoo.com/?type=711278&fr=yo_tr_gc"
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (MicrosoftÃÂÃÂÃÂÃÂ® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (MicrosoftÃÂÃÂÃÂÃÂ® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll => No File
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-02-16]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [970632 2016-10-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [470600 2016-10-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [470600 2016-10-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1253352 2016-10-25] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
S4 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [152960 2005-06-07] (Andrea Electronics Corporation)
R3 ATSWPDRV; C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [115600 2016-10-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [140272 2016-10-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-05-05] (Avira Operations GmbH & Co. KG)
R3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2006-09-14] (Texas Instruments)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [36352 2005-10-21] (Infineon Technologies AG)
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4221952 2009-10-26] (Intel Corporation)
S3 ujqxmtm2; C:\WINDOWS\system32\Drivers\ujqxmtm2.sys [10240 2017-02-16] (Zaitsev Oleg, 2006) [File not signed]
S3 utqxmtm2; C:\WINDOWS\system32\Drivers\utqxmtm2.sys [7168 2017-02-16] () [File not signed]
S3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2003-08-04] (VIA Technologies, Inc.) [File not signed]
S3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11392 2003-08-04] (VIA Technologies, Inc.) [File not signed]
S3 BTKRNL; system32\DRIVERS\btkrnl.sys [X]
S3 BTWUSB; System32\Drivers\btwusb.sys [X]
S0 ffpupehd; System32\drivers\lyuws.sys [X]
S1 gstpxojq; \??\C:\WINDOWS\system32\drivers\gstpxojq.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-16 13:40 - 2017-02-16 13:41 - 00000000 ____D C:\FRST
2017-02-16 13:34 - 2017-02-16 13:34 - 00010240 _____ (Zaitsev Oleg, 2006) C:\WINDOWS\system32\Drivers\ujqxmtm2.sys
2017-02-16 11:21 - 2017-02-16 11:21 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2017-02-16 11:21 - 2017-02-16 11:21 - 00000000 ____D C:\Program Files\CCleaner
2017-02-16 11:21 - 2017-02-16 11:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2017-02-16 10:56 - 2017-02-16 11:01 - 00007168 _____ C:\WINDOWS\system32\Drivers\utqxmtm2.sys
2017-02-16 10:35 - 2017-02-16 10:35 - 00001136 _____ C:\Documents and Settings\User\Desktop\CTR.txt
2017-02-16 02:41 - 2017-02-16 02:41 - 00000000 ____D C:\Program Files\Toolwiz Smart Defrag FREE
2017-02-16 02:41 - 2017-02-16 02:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Toolwiz Smart Defrag FREE
2017-02-16 01:49 - 2017-02-16 13:41 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Temp
2017-02-16 01:49 - 2017-02-16 01:49 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2017-02-16 01:49 - 2017-02-16 01:49 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2017-02-16 01:49 - 2017-02-16 01:49 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Temp
2017-02-16 01:49 - 2017-02-16 01:34 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-02-16 01:32 - 2017-02-16 01:47 - 00000000 ____D C:\zoek_backup
2017-02-16 00:10 - 2017-02-16 01:14 - 00012103 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-16 00:10 - 2017-02-16 00:43 - 00027059 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-16 00:10 - 2017-02-16 00:10 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Zemana
2017-02-16 00:10 - 2017-02-16 00:10 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Zemana
2017-02-15 23:55 - 2017-02-15 23:55 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2017-02-15 23:55 - 2017-02-15 23:55 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA
2017-02-15 23:21 - 2017-02-15 23:27 - 00000000 ____D C:\Documents and Settings\User\Application Data\Geek Uninstaller
2017-02-15 19:14 - 2017-02-15 19:16 - 00000000 ____D C:\AdwCleaner
2017-02-15 19:11 - 2017-02-15 19:11 - 00004366 _____ C:\Documents and Settings\User\Desktop\JRT.txt
2017-02-15 18:59 - 2017-02-15 19:01 - 00049366 _____ C:\Documents and Settings\User\My Documents\USER-3B477342DC.txt
2017-02-15 18:32 - 2017-02-15 18:48 - 00000767 _____ C:\RstHosts.txt
2017-02-15 18:02 - 2017-02-15 18:02 - 00353632 _____ C:\Documents and Settings\User\Desktop\rsthosts_2.0 (4).exe
2017-02-08 23:00 - 2017-02-16 13:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avidemux (32 bits)
2017-02-08 23:00 - 2017-02-08 23:04 - 00000000 ____D C:\Documents and Settings\User\Application Data\avidemux
2017-02-08 19:01 - 2017-02-08 19:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2017-02-08 12:09 - 2017-02-08 12:09 - 00000813 _____ C:\Documents and Settings\User\Desktop\Media Player Classic - HC.lnk
2017-02-08 12:09 - 2017-02-08 12:09 - 00000000 ____D C:\Documents and Settings\User\Application Data\MPC-HC
2017-02-08 12:08 - 2017-02-08 12:09 - 00000000 ____D C:\Program Files\X Codec Pack
2017-02-08 12:08 - 2017-02-08 12:09 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\X Codec Pack 2.7.4
2017-02-08 09:01 - 2013-07-17 00:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2017-02-08 09:01 - 2013-07-17 00:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2017-02-08 09:01 - 2013-07-17 00:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2017-02-07 17:02 - 2010-06-18 13:36 - 03558912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\moviemk.exe
2017-02-07 16:46 - 2017-02-07 16:46 - 00000000 ____D C:\WINDOWS\system32\bits
2017-02-07 16:46 - 2013-07-17 00:58 - 00046848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irbus.sys
2017-02-07 16:46 - 2008-04-14 05:42 - 04274816 ____N (NVIDIA Corporation) C:\WINDOWS\system32\nv4_disp.dll
2017-02-07 16:46 - 2008-04-14 05:42 - 01737856 ____N (Matrox Graphics Inc.) C:\WINDOWS\system32\mtxparhd.dll
2017-02-07 16:46 - 2008-04-14 05:42 - 00397056 ____N (S3 Graphics, Inc.) C:\WINDOWS\system32\s3gnb.dll
2017-02-07 16:46 - 2008-04-14 05:42 - 00286792 ____N (Smart Link) C:\WINDOWS\system32\slextspk.dll
2017-02-07 16:46 - 2008-04-14 05:42 - 00188508 ____N (Smart Link) C:\WINDOWS\system32\slgen.dll
2017-02-07 16:46 - 2008-04-14 05:42 - 00073832 ____N (Smart Link) C:\WINDOWS\system32\slcoinst.dll
2017-02-07 16:46 - 2008-04-14 05:42 - 00073796 ____N (Smart Link) C:\WINDOWS\system32\slserv.exe
2017-02-07 16:46 - 2008-04-14 05:42 - 00032866 ____N (Smart Link) C:\WINDOWS\system32\slrundll.exe
2017-02-07 16:46 - 2008-04-14 05:42 - 00032866 ____N (Smart Link) C:\WINDOWS\slrundll.exe
2017-02-07 16:46 - 2008-04-14 05:42 - 00028672 ____N (Microsoft Corporation) C:\WINDOWS\system32\vidcap.ax
2017-02-07 16:46 - 2008-04-14 05:42 - 00023040 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ativmvxx.ax
2017-02-07 16:46 - 2008-04-14 05:42 - 00010752 ____N (Microsoft Corporation) C:\WINDOWS\system32\smtpapi.dll
2017-02-07 16:46 - 2008-04-14 05:42 - 00009728 ____N (Microsoft Corporation) C:\WINDOWS\system32\rwnh.dll
2017-02-07 16:46 - 2008-04-14 05:42 - 00009728 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ativdaxx.ax
2017-02-07 16:46 - 2008-04-14 05:41 - 01888992 ____N (ATI Technologies Inc. ) C:\WINDOWS\system32\ati3duag.dll
2017-02-07 16:46 - 2008-04-14 05:41 - 00870784 ____N (ATI Technologies Inc. ) C:\WINDOWS\system32\ati3d1ag.dll
2017-02-07 16:46 - 2008-04-14 05:41 - 00516768 ____N (ATI Technologies Inc. ) C:\WINDOWS\system32\ativvaxx.dll
2017-02-07 16:46 - 2008-04-14 05:41 - 00377984 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ati2dvaa.dll
2017-02-07 16:46 - 2008-04-14 05:41 - 00229376 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ati2cqag.dll
2017-02-07 16:46 - 2008-04-14 05:41 - 00201728 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ati2dvag.dll
2017-02-07 16:46 - 2008-04-14 05:41 - 00086016 ____N (Conexant) C:\WINDOWS\system32\mdmxsdk.dll
2017-02-07 16:46 - 2008-04-14 05:41 - 00081920 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieencode.dll
2017-02-07 16:46 - 2008-04-14 05:41 - 00032768 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ativtmxx.dll
2017-02-07 16:46 - 2008-04-14 05:41 - 00032285 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\hsfcisp2.dll
2017-02-07 16:46 - 2008-04-14 00:13 - 00009728 ____N (Microsoft Corporation) C:\WINDOWS\system32\comsdupd.exe
2017-02-07 16:40 - 2017-02-07 16:46 - 00000000 ____D C:\WINDOWS\ServicePackFiles
2017-02-07 16:40 - 2013-07-17 00:58 - 00123008 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2017-02-07 16:40 - 2013-02-12 00:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023x.sys
2017-02-07 16:40 - 2008-04-14 05:42 - 00011325 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\vchnt5.dll
2017-02-07 16:40 - 2008-04-14 05:42 - 00003901 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\siint5.dll
2017-02-07 16:40 - 2008-04-14 05:41 - 00025471 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\atv04nt5.dll
2017-02-07 16:40 - 2008-04-14 05:41 - 00021183 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\atv01nt5.dll
2017-02-07 16:40 - 2008-04-14 05:41 - 00017279 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\atv10nt5.dll
2017-02-07 16:40 - 2008-04-14 05:41 - 00015423 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\ch7xxnt5.dll
2017-02-07 16:40 - 2008-04-14 05:41 - 00014143 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\atv06nt5.dll
2017-02-07 16:40 - 2008-04-14 05:41 - 00011359 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\atv02nt5.dll
2017-02-07 16:40 - 2008-04-14 05:41 - 00004255 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv01nt5.dll
2017-02-07 16:40 - 2008-04-14 05:41 - 00003967 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv02nt5.dll
2017-02-07 16:40 - 2008-04-14 05:41 - 00003775 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv11nt5.dll
2017-02-07 16:40 - 2008-04-14 05:41 - 00003711 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv09nt5.dll
2017-02-07 16:40 - 2008-04-14 05:41 - 00003647 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv07nt5.dll
2017-02-07 16:40 - 2008-04-14 05:41 - 00003615 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv05nt5.dll
2017-02-07 16:40 - 2008-04-14 05:41 - 00003135 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv08nt5.dll
2017-02-07 16:40 - 2008-04-14 00:26 - 00030592 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismpx.sys
2017-02-07 16:40 - 2008-04-14 00:21 - 00101120 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-02-07 16:40 - 2008-04-14 00:16 - 00059136 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2017-02-07 16:40 - 2008-04-14 00:16 - 00037888 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2017-02-07 16:40 - 2008-04-14 00:16 - 00036480 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthprint.sys
2017-02-07 16:40 - 2008-04-14 00:16 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-02-07 16:40 - 2008-04-14 00:16 - 00018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthusb.sys
2017-02-07 16:40 - 2008-04-14 00:16 - 00017024 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2017-02-07 16:40 - 2008-04-14 00:15 - 00019200 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidir.sys
2017-02-07 16:40 - 2008-04-14 00:13 - 00014208 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wacompen.sys
2017-02-07 16:40 - 2008-04-14 00:13 - 00012672 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mutohpen.sys
2017-02-07 16:40 - 2008-04-14 00:06 - 00046464 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gagp30kx.sys
2017-02-07 16:40 - 2008-04-14 00:06 - 00044928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agpcpq.sys
2017-02-07 16:40 - 2008-04-14 00:06 - 00044672 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uagp35.sys
2017-02-07 16:40 - 2008-04-14 00:06 - 00043008 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdagp.sys
2017-02-07 16:40 - 2008-04-14 00:06 - 00042752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\alim1541.sys
2017-02-07 16:40 - 2008-04-14 00:06 - 00042368 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agp440.sys
2017-02-07 16:40 - 2008-04-14 00:06 - 00042240 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\viaagp.sys
2017-02-07 16:40 - 2008-04-14 00:06 - 00040960 ____N (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\Drivers\sisagp.sys
2017-02-07 16:40 - 2008-04-14 00:06 - 00005888 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\smbali.sys
2017-02-07 16:40 - 2008-04-13 23:53 - 01309184 ____N (Smart Link) C:\WINDOWS\system32\Drivers\mtlstrm.sys
2017-02-07 16:40 - 2008-04-13 23:53 - 01041536 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\hsfdpsp2.sys
2017-02-07 16:40 - 2008-04-13 23:53 - 00685056 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\hsfcxts2.sys
2017-02-07 16:40 - 2008-04-13 23:53 - 00404990 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slntamr.sys
2017-02-07 16:40 - 2008-04-13 23:53 - 00220032 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\hsfbs2s2.sys
2017-02-07 16:40 - 2008-04-13 23:53 - 00180360 ____N (Smart Link) C:\WINDOWS\system32\Drivers\ntmtlfax.sys
2017-02-07 16:40 - 2008-04-13 23:53 - 00129535 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slnt7554.sys
2017-02-07 16:40 - 2008-04-13 23:53 - 00126686 ____N (Smart Link) C:\WINDOWS\system32\Drivers\mtlmnt5.sys
2017-02-07 16:40 - 2008-04-13 23:53 - 00095424 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slnthal.sys
2017-02-07 16:40 - 2008-04-13 23:53 - 00013776 ____N (Smart Link) C:\WINDOWS\system32\Drivers\recagent.sys
2017-02-07 16:40 - 2008-04-13 23:53 - 00013240 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slwdmsup.sys
2017-02-07 16:40 - 2008-04-13 23:53 - 00011868 ____N (Conexant) C:\WINDOWS\system32\Drivers\mdmxsdk.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 01897408 ____N (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nv4_mini.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00701440 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2mtag.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00452736 ____N (Matrox Graphics Inc.) C:\WINDOWS\system32\Drivers\mtxparhm.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00327040 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2mtaa.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00166912 ____N (S3 Graphics, Inc.) C:\WINDOWS\system32\Drivers\s3gnbm.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00104960 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinrvxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00073216 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atintuxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00063663 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1rvxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00063488 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinxsxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00057856 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinbtxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00056623 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1btxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00052224 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinraxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00036463 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1tuxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00034735 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1xsxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00031744 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinxbxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00030671 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1raxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00029455 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1xbxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00028672 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinsnxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00026367 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1snxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00025471 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\watv10nt.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00022271 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\watv06nt.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00021343 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1ttxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00014336 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinpdxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00013824 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinttxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00013824 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinmdxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00012047 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1pdxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00011935 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\wadv11nt.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00011871 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\wadv09nt.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00011807 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\wadv07nt.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00011615 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1mdxx.sys
2017-02-07 16:40 - 2008-04-13 22:04 - 00011295 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\wadv08nt.sys
2017-02-07 16:40 - 2007-04-02 21:36 - 00129045 ____N C:\WINDOWS\system32\Drivers\cxthsfs2.cty
2017-02-07 16:40 - 2006-12-29 20:21 - 00064352 ____N C:\WINDOWS\system32\Drivers\ativmc20.cod
2017-02-07 16:40 - 2006-12-29 20:02 - 00067866 ____N C:\WINDOWS\system32\Drivers\netwlan5.img
2017-02-07 15:33 - 2017-02-07 15:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Accesorios
2017-02-07 15:32 - 2017-02-07 15:33 - 00000796 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
2017-02-06 10:16 - 2017-02-06 10:23 - 00000752 _____ C:\Documents and Settings\All Users\Start Menu\VueScan x32.lnk
2017-02-06 10:16 - 2017-02-06 10:23 - 00000752 _____ C:\Documents and Settings\All Users\Desktop\VueScan x32.lnk
2017-02-06 10:16 - 2017-02-06 10:23 - 00000000 ____D C:\Program Files\VueScan
2017-02-04 19:56 - 2017-02-04 19:57 - 00000000 _____ C:\Documents and Settings\User\Local Settings\Application Data\FnF4.txt
2017-02-03 18:54 - 2017-02-03 18:59 - 00019496 _____ C:\WINDOWS\hpqins13.dat
2017-02-03 18:14 - 2017-02-03 18:14 - 00000000 ____D C:\Documents and Settings\User\Application Data\Easeware
2017-02-03 17:08 - 2017-02-03 17:08 - 00032832 _____ C:\WINDOWS\system32\rnd_chunk.bin
2017-02-03 16:40 - 2017-02-03 16:40 - 00000000 ____D C:\Documents and Settings\User\Application Data\HP
2017-02-03 16:17 - 2017-02-03 16:17 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\CEF
2017-02-03 14:55 - 2017-02-03 14:55 - 00000731 _____ C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2017-01-20 20:29 - 2017-01-20 20:29 - 00005632 _____ C:\Documents and Settings\User\My Documents\Scrap.shs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-16 13:40 - 2012-07-17 10:48 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{12DB60FF-1ACB-4A4B-9787-56BAADF8B52A}.job
2017-02-16 13:40 - 2012-07-17 08:07 - 00032562 _____ C:\WINDOWS\SchedLgU.Txt
2017-02-16 13:36 - 2012-07-17 08:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-16 13:35 - 2014-09-02 21:52 - 00411250 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-606747145-1417001333-1003-0.dat
2017-02-16 13:35 - 2014-08-15 22:40 - 00141306 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-02-16 13:35 - 2012-07-17 08:07 - 00000178 ___SH C:\Documents and Settings\User\ntuser.ini
2017-02-16 13:27 - 2014-09-19 16:37 - 00000745 _____ C:\Documents and Settings\User\Start Menu\Internet Explorer.lnk
2017-02-16 13:23 - 2016-12-31 19:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Boots F2CD Picture Suite
2017-02-16 13:23 - 2016-12-28 13:02 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\FreeRIP MP3 Converter
2017-02-16 13:23 - 2016-01-09 17:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Free CDA To MP3 Converter
2017-02-16 13:23 - 2014-01-03 10:00 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\SopCast
2017-02-16 13:23 - 2013-11-28 13:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2017-02-16 13:23 - 2012-07-17 08:07 - 00000000 ___RD C:\Documents and Settings\User\My Documents\My Pictures
2017-02-16 13:23 - 2012-07-17 08:07 - 00000000 ___RD C:\Documents and Settings\User\My Documents
2017-02-16 11:26 - 2014-03-10 02:28 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-02-16 11:26 - 2014-03-10 02:28 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-02-16 11:26 - 2013-11-28 16:41 - 00000260 _____ C:\WINDOWS\Tasks\WGASetup.job
2017-02-16 11:26 - 2013-11-28 14:42 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-16 11:26 - 2012-07-17 10:54 - 00000000 ____D C:\WINDOWS\pss
2017-02-16 11:26 - 2012-07-17 08:00 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-02-16 11:26 - 2012-07-17 08:00 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-02-16 10:34 - 2014-04-16 10:42 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-16 02:00 - 2013-12-02 22:35 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2017-02-16 01:52 - 2014-02-16 10:14 - 00000008 __RSH C:\Documents and Settings\All Users\ntuser.pol
2017-02-16 01:52 - 2012-07-16 17:27 - 00000000 ____D C:\Documents and Settings\All Users
2017-02-16 01:46 - 2014-02-16 10:14 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-16 00:33 - 2013-11-28 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2570947$
2017-02-16 00:29 - 2012-07-17 08:04 - 00000797 _____ C:\Documents and Settings\User\Desktop\Google Chrome.lnk
2017-02-16 00:28 - 2013-12-11 11:12 - 00000000 ____D C:\Program Files\Driver Wizard
2017-02-15 23:30 - 2016-05-19 16:30 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-15 23:25 - 2013-11-28 11:53 - 00000000 ____D C:\Program Files\Java
2017-02-15 23:24 - 2013-12-11 11:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP
2017-02-15 23:24 - 2013-12-11 11:25 - 00000000 ____D C:\Program Files\HP
2017-02-15 23:23 - 2012-07-17 08:41 - 00000000 ____D C:\Program Files\Hewlett-Packard
2017-02-15 23:22 - 2012-07-16 17:17 - 00000000 ___HD C:\WINDOWS\inf
2017-02-15 18:18 - 2012-07-17 08:07 - 00001599 _____ C:\Documents and Settings\User\Start Menu\Programs\Remote Assistance.lnk
2017-02-15 14:36 - 2014-08-01 10:22 - 00000000 ____D C:\Program Files\PixBuilder Studio
2017-02-15 12:12 - 2013-12-21 18:32 - 00045056 _____ C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-15 10:26 - 2014-01-29 15:07 - 00000000 ___RD C:\Documents and Settings\User\My Documents\My Videos
2017-02-15 09:45 - 2003-06-20 12:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2017-02-15 07:42 - 2012-07-16 17:17 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2017-02-15 07:42 - 2008-04-14 04:42 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\csrss.exe
2017-02-15 07:42 - 2008-04-14 04:42 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrss.exe
2017-02-14 20:07 - 2012-07-17 07:34 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-12 15:44 - 2017-01-12 23:31 - 00000000 ____D C:\Documents and Settings\User\Application Data\Anvsoft
2017-02-08 19:01 - 2012-07-16 17:29 - 00001355 _____ C:\WINDOWS\imsins.BAK
2017-02-07 20:12 - 2012-07-17 07:33 - 00000000 ____D C:\WINDOWS\Registration
2017-02-07 19:02 - 2012-07-17 07:34 - 00000000 ____D C:\Program Files\Movie Maker
2017-02-07 19:02 - 2012-07-17 07:32 - 00000000 ____D C:\Program Files\Messenger
2017-02-07 19:01 - 2013-11-28 16:15 - 00000000 ____D C:\WINDOWS\ie8updates
2017-02-07 17:40 - 2013-12-11 11:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2017-02-07 17:08 - 2012-07-17 08:39 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2017-02-07 17:01 - 2013-12-01 19:29 - 00021000 _____ C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2017-02-07 16:58 - 2012-07-17 08:08 - 00000738 _____ C:\Documents and Settings\User\Start Menu\Programs\Outlook Express.lnk
2017-02-07 16:58 - 2012-07-17 07:37 - 00316640 _____ C:\WINDOWS\WMSysPr9.prx
2017-02-07 16:57 - 2012-07-17 07:37 - 00001006 _____ C:\WINDOWS\OEWABLog.txt
2017-02-07 16:57 - 2012-07-16 17:27 - 00852812 _____ C:\WINDOWS\setuplog.txt
2017-02-07 16:57 - 2012-07-16 17:17 - 00000000 ____D C:\WINDOWS\security
2017-02-07 16:56 - 2012-07-16 17:27 - 00127704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-07 16:47 - 2012-07-17 07:37 - 00001563 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2017-02-07 16:46 - 2012-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-02-07 16:46 - 2012-07-16 17:17 - 00000000 ____D C:\WINDOWS\Help
2017-02-07 15:32 - 2016-11-30 12:48 - 00000000 ____D C:\WINDOWS\RegisteredPackages
2017-02-04 17:54 - 2012-07-17 08:21 - 00000000 ____D C:\SWSetup
2017-02-04 12:23 - 2012-07-17 08:04 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-02-03 18:31 - 2012-07-16 17:28 - 01280704 _____ C:\WINDOWS\setupapi.log.0.old
2017-02-03 16:13 - 2012-07-16 17:29 - 00006486 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-03 15:30 - 2013-12-11 11:25 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\HP
2017-01-24 01:01 - 2012-07-17 08:07 - 00000000 ___RD C:\Documents and Settings\User\My Documents\My Music

==================== Files in the root of some directories =======

2012-07-17 10:53 - 2012-07-17 10:53 - 0000000 _____ () C:\Documents and Settings\User\Local Settings\Application Data\AtStart.txt
2013-12-21 18:32 - 2017-02-15 12:12 - 0045056 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-17 10:53 - 2012-07-17 10:53 - 0000000 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DSwitch.txt
2017-02-04 19:56 - 2017-02-04 19:57 - 0000000 _____ () C:\Documents and Settings\User\Local Settings\Application Data\FnF4.txt
2016-01-09 17:20 - 2016-01-09 17:20 - 0000275 _____ () C:\Documents and Settings\User\Local Settings\Application Data\HamsterAudioConverterSettings.cfg
2012-07-17 10:53 - 2012-07-17 10:53 - 0000000 _____ () C:\Documents and Settings\User\Local Settings\Application Data\QSwitch.txt
2013-12-11 11:25 - 2013-12-11 11:25 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2017-02-03 14:52 - 2017-02-07 17:41 - 0005068 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2016-12-28 13:02 - 2016-12-28 13:02 - 0001534 _____ () C:\Documents and Settings\All Users\Application Data\ss.ini

Some files in TEMP:
====================
2017-02-16 01:51 - 2017-02-16 01:51 - 0000000 ____D () C:\Documents and Settings\User\Local Settings\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

bernie lamb · Feb 16, 2017

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2017 02

Click to expand...

Ran by User (16-02-2017 13:42:33)
Running from C:\Documents and Settings\User\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2012-07-17 07:46:38)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-329068152-606747145-1417001333-500 - Administrator - Enabled)
ASPNET (S-1-5-21-329068152-606747145-1417001333-1004 - Limited - Enabled)
Guest (S-1-5-21-329068152-606747145-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-329068152-606747145-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-329068152-606747145-1417001333-1002 - Limited - Disabled)
User (S-1-5-21-329068152-606747145-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Any Video Converter 6.0.7 (HKLM\...\Any Video Converter) (Version: 6.0.7 - Anvsoft)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1022 - )
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Broadcom NetXtreme Ethernet Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.22.12 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
DocProc (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: 5.15 - NCH Software)
Express Rip CD Ripper Software (HKLM\...\ExpressRip) (Version: 1.97 - NCH Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{AB4DDFCF-6CCB-4539-920B-74AD7CFB043D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)
OpenOffice.org 3.3 (HKLM\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
Photo Story 3 for Windows (HKLM\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
RAR File Open Knife - Free Opener (HKLM\...\RAR File Open Knife - Free Opener) (Version: 7 - Philipp Winterberg)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.4310 - Analog Devices)
Stanza (HKLM\...\Stanza) (Version: - )
Switch Sound File Converter (HKLM\...\Switch) (Version: 5.12 - NCH Software)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{607398CF-354B-4E21-B1BC-549424BFD04C}) (Version: 2.00.0003 - Texas Instruments Inc.)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
TIPCI (Version: 2.00.0003 - Texas Instruments Inc.) Hidden
Toolwiz Smart Defrag 2011 (HKLM\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Veetle TV (HKLM\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 4.58 - NCH Software)
VueScan x32 (HKLM\...\VueScan x32) (Version: - )
WavePad Sound Editor (HKLM\...\WavePad) (Version: 6.59 - NCH Software)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version: - )
X Codec Pack (HKLM\...\X Codec Pack) (Version: 2.7.4 - X Codec Pack team)
Zylom Games Player Plugin (HKLM\...\Zylom Games Player Plugin) (Version: - Zylom Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-329068152-606747145-1417001333-1003\...\ChromeHTML: -> <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{12DB60FF-1ACB-4A4B-9787-56BAADF8B52A}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\User\Start Menu\Programs\X Codec Pack 2.7.4\Useful links\Download Codecs & Tools.lnk -> hxxp://www.codecs.com
Shortcut: C:\Documents and Settings\User\Start Menu\Programs\X Codec Pack 2.7.4\Useful links\Talk about Codecs.lnk -> hxxp://codecs.com/foru
Shortcut: C:\Documents and Settings\User\Start Menu\Programs\X Codec Pack 2.7.4\Useful links\X Codec Pack homepage.lnk -> hxxp://www.xpcodecpack.com

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-329068152-606747145-1417001333-1003\...\zylom.com -> hxxps://game.zylom.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-02-16 01:34 - 2017-02-16 13:34 - 00000749 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-329068152-606747145-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk => C:\WINDOWS\pss\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnkStartup
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: SoundMAX => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

18-11-2016 19:33:28 System Checkpoint
19-11-2016 19:46:30 System Checkpoint
20-11-2016 21:17:03 System Checkpoint
22-11-2016 12:47:30 System Checkpoint
23-11-2016 15:21:53 System Checkpoint
24-11-2016 17:41:47 System Checkpoint
25-11-2016 19:27:23 System Checkpoint
26-11-2016 21:36:15 System Checkpoint
27-11-2016 21:57:16 System Checkpoint
29-11-2016 14:36:37 System Checkpoint
30-11-2016 12:48:18 Installed Windows Media Player 10
30-11-2016 12:52:05 Installed Photo Story 3 for Windows
01-12-2016 14:18:57 Software Distribution Service 3.0
02-12-2016 14:51:27 System Checkpoint
03-12-2016 17:42:31 System Checkpoint
04-12-2016 20:12:35 System Checkpoint
05-12-2016 20:34:35 System Checkpoint
06-12-2016 21:19:36 System Checkpoint
07-12-2016 22:31:49 System Checkpoint
08-12-2016 23:43:18 System Checkpoint
10-12-2016 17:26:44 System Checkpoint
11-12-2016 20:11:40 System Checkpoint
13-12-2016 15:34:28 System Checkpoint
14-12-2016 19:23:23 System Checkpoint
15-12-2016 21:17:49 System Checkpoint
16-12-2016 21:18:10 System Checkpoint
17-12-2016 22:04:15 System Checkpoint
19-12-2016 12:30:01 System Checkpoint
20-12-2016 15:18:13 System Checkpoint
21-12-2016 15:33:32 System Checkpoint
22-12-2016 16:15:37 System Checkpoint
23-12-2016 16:58:44 System Checkpoint
24-12-2016 17:33:42 System Checkpoint
25-12-2016 20:16:45 System Checkpoint
27-12-2016 15:28:32 Installed RioDVD Region Free Player
27-12-2016 18:23:53 Removed DriverUpdate
27-12-2016 18:24:35 Removed RioDVD Region Free Player
28-12-2016 19:34:30 System Checkpoint
30-12-2016 08:16:51 System Checkpoint
31-12-2016 11:59:11 System Checkpoint
01-01-2017 12:17:42 System Checkpoint
02-01-2017 12:59:44 System Checkpoint
03-01-2017 15:50:57 System Checkpoint
04-01-2017 16:35:48 System Checkpoint
05-01-2017 17:22:00 System Checkpoint
06-01-2017 17:26:37 System Checkpoint
07-01-2017 20:47:22 System Checkpoint
09-01-2017 12:31:41 System Checkpoint
10-01-2017 13:51:25 System Checkpoint
11-01-2017 17:23:21 System Checkpoint
12-01-2017 17:34:35 System Checkpoint
13-01-2017 17:52:12 System Checkpoint
14-01-2017 20:35:53 System Checkpoint
15-01-2017 21:11:22 System Checkpoint
16-01-2017 21:13:49 System Checkpoint
18-01-2017 09:58:48 System Checkpoint
19-01-2017 12:41:01 System Checkpoint
20-01-2017 13:32:08 System Checkpoint
21-01-2017 18:10:12 System Checkpoint
22-01-2017 19:29:28 System Checkpoint
23-01-2017 21:22:52 System Checkpoint
24-01-2017 21:58:58 System Checkpoint
26-01-2017 16:12:03 System Checkpoint
27-01-2017 17:13:41 System Checkpoint
28-01-2017 17:54:01 System Checkpoint
29-01-2017 18:08:09 System Checkpoint
30-01-2017 20:48:11 System Checkpoint
31-01-2017 21:10:38 System Checkpoint
01-02-2017 22:22:56 System Checkpoint
03-02-2017 00:41:23 System Checkpoint
03-02-2017 14:35:56 Unsigned driver install
04-02-2017 18:26:22 Software Distribution Service 3.0
05-02-2017 18:59:08 System Checkpoint
07-02-2017 13:18:28 System Checkpoint
07-02-2017 15:32:22 Instalado Windows Movie Maker 2.0
07-02-2017 16:39:20 Installed Windows XP Service Pack 3.
07-02-2017 17:08:42 Removed HP Quick Launch Buttons
07-02-2017 19:00:22 Software Distribution Service 3.0
08-02-2017 19:00:24 Software Distribution Service 3.0
09-02-2017 20:19:23 System Checkpoint
10-02-2017 20:25:22 System Checkpoint
11-02-2017 20:38:18 System Checkpoint
12-02-2017 21:27:18 System Checkpoint
14-02-2017 16:47:52 System Checkpoint
15-02-2017 19:09:03 JRT Pre-Junkware Removal
15-02-2017 23:22:41 Removed HP Embedded Security for ProtectTools
15-02-2017 23:23:49 Removed HP ProtectTools Security Manager
15-02-2017 23:24:22 Removed HP Update.
15-02-2017 23:25:25 Removed Java 8 Update 40
15-02-2017 23:26:08 Removed Windows 7 Upgrade Advisor
16-02-2017 01:34:38 zoek.exe restore point

==================== Faulty Device Manager Devices =============

Name: HP Integrated Module
Description: HP Integrated Module
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2017 12:29:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgnt.exe, version 15.0.19.163, faulting module ccmsg.dll, version 15.0.19.163, fault address 0x0000f863.
Processing media-specific event for [avgnt.exe!ws!]

Error: (02/04/2017 06:49:57 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The
Error code is the first DWORD in Data section.

Error: (02/04/2017 06:49:57 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (02/04/2017 06:49:56 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The
Error code is the first DWORD in Data section.

Error: (02/04/2017 06:49:56 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (02/04/2017 06:49:11 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service Windows Workflow Foundation 4.0.0.0 (Windows Workflow Foundation 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

Error: (02/04/2017 06:49:11 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (02/04/2017 06:47:00 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service MSDTC Bridge 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

Error: (02/04/2017 06:47:00 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (02/04/2017 06:47:00 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service SMSvcHost 4.0.0.0 (SMSvcHost 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

System errors:
=============
Error: (02/16/2017 08:53:15 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (02/16/2017 02:53:09 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (02/16/2017 01:22:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).

Error: (02/16/2017 12:35:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde

Error: (02/15/2017 07:16:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 4.0.0.0 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/15/2017 07:16:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/15/2017 07:16:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s).

Error: (02/15/2017 07:16:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/15/2017 07:09:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 4.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/15/2017 07:09:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
Percentage of memory in use: 56%
Total physical RAM: 1527.36 MB
Available physical RAM: 661.19 MB
Total Virtual: 2901.68 MB
Available Virtual: 2059.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.9 GB) (Free:27.52 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 55.9 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Malnutrition · Feb 16, 2017

VirusTotal Scan.

Please go to VirusTotal.
Click the Choose File button.
Navigate to >>>>>>>> C:\WINDOWS\system32\Drivers\utqxmtm2.sys
or simply copy and paste it.
Click the Scan it! button.
You might see a message saying File already analysed, if you do click Reanalyse.
Wait for all the scans to finish then copy and paste the web address from your broswer's address bar.
Example of web address :
Include the link in your next reply.

Also, check the following File(s)

C:\WINDOWS\system32\Drivers\ujqxmtm2.sys

Malnutrition · Feb 16, 2017

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

bernie lamb · Feb 16, 2017

https://www.virustotal.com/en/file/...42d8e5a775f47a2c66cec237/analysis/1487254127/

bernie lamb · Feb 16, 2017

Sorry, I'm lost. Where do I find FRST/FRST64?

Malnutrition · Feb 16, 2017

You used it to make the last scan. Download it from here.

FRST 32 bit

Malnutrition · Feb 16, 2017

bernie lamb said:
https://www.virustotal.com/en/file/...42d8e5a775f47a2c66cec237/analysis/1487254127/

Also, these drivers are installed by AVZ tool, so there is nothing to worry about as far as that is concerned. We will remove these when done with AVZ....

http://www.malwareremoval.com/forum/viewtopic.php?f=26&t=48936

S3 ujqxmtm2; C:\WINDOWS\system32\Drivers\ujqxmtm2.sys [10240 2017-02-16] (Zaitsev Oleg, 2006) [File not signed]
S3 utqxmtm2; C:\WINDOWS\system32\Drivers\utqxmtm2.sys [7168 2017-02-16] () [File not signed]

Lets do a final check for malware.

Full Virus Scan AVZ

Disable your antivirus prior to these steps!!
Download AVZ if you have deleted it.
Right click on AVZ Run as Admin. (Xp Users Double click to run.)
Update the program by pressing the

button.
Make sure all settings are the same in the pic below.

Next:
Under File Types Make sure the settings are the same as below.

Next:
Under Search Parameters Make sure the settings are the same as below.

Now click the Start Button.

When the scan is complete then click on Save Log.

Save the log to the desktop -- Copy it and paste it here in your next reply.

bernie lamb · Feb 16, 2017

Fixlog.txt below. During the fix, another flash from Alvira 'Host file blocked'
Fix result of Farbar Recovery Scan Tool (x86) Version: 15-02-2017 02
Ran by User (16-02-2017 14:29:17) Run:1
Running from C:\Documents and Settings\User\My Documents\Downloads
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe <==== ATTENTION
MSCONFIG\startupfolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk => C:\WINDOWS\pss\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnkStartup
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: SoundMAX => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
HKU\S-1-5-21-329068152-606747145-1417001333-1003\...\ChromeHTML: -> <==== ATTENTION
C:\Documents and Settings\User\Application Data\Anvsoft
C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
C:\Program Files\Driver Wizard
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\WGASetup.job
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-02-16 01:49 - 2017-02-16 01:34 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-02-16 01:32 - 2017-02-16 01:47 - 00000000 ____D C:\zoek_backup
2017-02-16 00:10 - 2017-02-16 01:14 - 00012103 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-16 00:10 - 2017-02-16 00:43 - 00027059 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-16 00:10 - 2017-02-16 00:10 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Zemana
2017-02-16 00:10 - 2017-02-16 00:10 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Zemana
U1 WS2IFSL; no ImagePath
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]
S3 BTKRNL; system32\DRIVERS\btkrnl.sys [X]
S3 BTWUSB; System32\Drivers\btwusb.sys [X]
S0 ffpupehd; System32\drivers\lyuws.sys [X]
S1 gstpxojq; \??\C:\WINDOWS\system32\drivers\gstpxojq.sys [X]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
FF Plugin HKU\S-1-5-21-329068152-606747145-1417001333-1003: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
HKU\S-1-5-21-329068152-606747145-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-329068152-606747145-1417001333-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
HKU\S-1-5-21-329068152-606747145-1417001333-1003\...\MountPoints2: {b0d127e7-5823-11e3-86e5-0017a4e7b8b3} - E:\FlashDiskUtility.exe
RemoveProxy:
hosts:
CMD: ipconfig /flushdns
EmptyTemp:
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => moved successfully
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => moved successfully
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => moved successfully
C:\WINDOWS\Tasks\WGASetup.job => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk => key removed successfully.
C:\WINDOWS\pss\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnkStartup => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMAX => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMAXPnP => key removed successfully.
C:\WINDOWS\system32\csrss.exe => ":SummaryInformation" ADS could not remove.
C:\WINDOWS\system32\csrss.exe => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully..
HKU\S-1-5-21-329068152-606747145-1417001333-1003_Classes\ChromeHTML => key removed successfully.
C:\Documents and Settings\User\Application Data\Anvsoft => moved successfully
"C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job" => not found.
C:\Program Files\Driver Wizard => moved successfully
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job" => not found.
"C:\WINDOWS\Tasks\WGASetup.job" => not found.
"C:\WINDOWS\Tasks\Adobe Flash Player Updater.job" => not found.
"C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job" => not found.
"C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job" => not found.
C:\WINDOWS\zoek-delete.exe => moved successfully
C:\zoek_backup => moved successfully
C:\WINDOWS\ZAM_Guard.krnl.trace => moved successfully
C:\WINDOWS\ZAM.krnl.trace => moved successfully
C:\Documents and Settings\User\Local Settings\Application Data\Zemana => moved successfully
C:\Documents and Settings\LocalService\Local Settings\Application Data\Zemana => moved successfully
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
WS2IFSL => service removed successfully.
HKLM\System\CurrentControlSet\Services\ZAM_Guard => key removed successfully.
ZAM_Guard => service removed successfully.
HKLM\System\CurrentControlSet\Services\BTKRNL => key removed successfully.
BTKRNL => service removed successfully.
HKLM\System\CurrentControlSet\Services\BTWUSB => key removed successfully.
BTWUSB => service removed successfully.
HKLM\System\CurrentControlSet\Services\ffpupehd => key removed successfully.
ffpupehd => service removed successfully.
HKLM\System\CurrentControlSet\Services\gstpxojq => key removed successfully.
gstpxojq => service removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully.
C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => not found.
C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => not found.
HKU\S-1-5-21-329068152-606747145-1417001333-1003\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1 => key removed successfully.
C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll => not found.
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully.
C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully.
"C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll" => not found.
HKU\S-1-5-21-329068152-606747145-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-329068152-606747145-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} => key removed successfully.
HKCR\CLSID\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} => key not found.
HKU\S-1-5-21-329068152-606747145-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0d127e7-5823-11e3-86e5-0017a4e7b8b3} => key removed successfully.
HKCR\CLSID\{b0d127e7-5823-11e3-86e5-0017a4e7b8b3} => key not found.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-329068152-606747145-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-329068152-606747145-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.

========= End of RemoveProxy: =========

Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 10978 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 1845017 B
Java, Flash, Steam htmlcache => 8487 B
Windows/system/dllcache/drivers => 3430 B
Edge => 0 B
Chrome => 380670817 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 32994 B
All Users => 0 B
systemprofile => 114914 B
LocalService => 363682 B
NetworkService => 586955 B
User => 6454574 B

RecycleBin => 0 B
EmptyTemp: => 372 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-02-2017 14:32:03)

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

==== End of Fixlog 14:32:03 ====

Malnutrition

Malnurished Mod

bernie lamb

Attachments

bernie lamb

bernie lamb

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

bernie lamb

Malnutrition

Malnurished Mod

Attachments

bernie lamb

Attachments

bernie lamb

Malnutrition

Malnurished Mod

bernie lamb

bernie lamb

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Attachments

bernie lamb

bernie lamb

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

bernie lamb

Search

Search

Solved Constantly going into 'overdrive'