Solved Constantly going into 'overdrive'

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
bernie lamb

bernie lamb

PCHF Member
PCHF Donator
Dec 29, 2016
84
19
81
Hi

I'm getting sick to death of my laptop (HP Notebook) slowing down almost to a standstill whilst the motor (or whatever you call it!) makes this high-pitched whine as if it's doing something very important and very urgent. This can go on (as it is just now) for up to half an hour!

It's not as if I go in for big processes (other than uploading videos) on a regular basis.

I have installed 'What's happening with my computer', but the only clue I get from that is that there's a lot of 'chrome.exe' activity and, sure enough Task Manager tells me that 'chrome.exe' is taking up a lot of CPU.

But there has to be a 'why', doesn't there? I thought at first it might have been my Avira thingy doing a sneaky update (as it often seems to do).

It's really getting beyond a joke.
 
Lets get some info from your machine, to get things rolling.


Step 1: Reset Host File


  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

Step 2: MiniToolBox Scan


Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.

Step 3: Autoruns Scan.


Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.


Step 4: HijackThis.



1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.


Step 5: JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.



  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
Step 6: Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
Wow!! Thank you so much for your reply. A couple of questions:
Do I have to switch everything else off whilst I follow these procedures?
Is it OK with you if I complete them one at a time and post results?

Thanks again
 
Oh well. Here we go. I hope you gathered from my previous post that I'm not very good at this stuff. Have fallen at the first fence!
I've downloaded RstHosts, and I end up with a window with 3 options in it I have 'Restaurer' and 'Creer un Rapport' and another which opens a Notebook file. Is this the one I have to save to the desktop?
Sorry to be so dumb!
 
-|x| RstHosts v2.0 - Rapport créé le 15/02/2017 à 18:32:06
-|x| Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
-|x| Nom d'utilisateur : User - USER-3B477342DC (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\WINDOWS\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : User - USER-3B477342DC
Taille : 89 bytes
Date de création : 20/06/2003 - 12:00:00
Date de modification : 15/02/2017 - 18:31:58
Date de dernier accès : 15/02/2017 - 18:31:58

-|x|- Contenu du fichier -|x|-

# Fichier Hosts créé par RstHosts

127.0.0.1 localhost
::1 localhost

-|x|- E.O.F - C:\RstHosts.txt - 626 bytes -|x|-
OK, this is what I got. Just swiped the file across to the desktop, but did everything else as per. Hope this is OK
 
MiniToolBox by Farbar Version: 17-06-2016
Click to expand...
Ran by User (administrator) on 15-02-2017 at 18:37:55
Running from "C:\Documents and Settings\User\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Model: HP Compaq nc6320 (RH367ET#ABU) Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================

Intel(R) PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection 2 (Connected)
Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : user-3b477342dc

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet

Physical Address. . . . . . . . . : 00-17-A4-E7-B8-B3



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-1B-77-25-D7-DC

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Primary WINS Server . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : 15 February 2017 17:57:28

Lease Expires . . . . . . . . . . : 16 February 2017 17:57:28

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Address: 216.58.198.238



Pinging google.com [216.58.198.238] with 32 bytes of data:



Reply from 216.58.198.238: bytes=32 time=39ms TTL=55

Reply from 216.58.198.238: bytes=32 time=39ms TTL=55



Ping statistics for 216.58.198.238:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 39ms, Maximum = 39ms, Average = 39ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 206.190.36.45, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=141ms TTL=50

Reply from 98.138.253.109: bytes=32 time=142ms TTL=50



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 141ms, Maximum = 142ms, Average = 141ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 a4 e7 b8 b3 ...... Broadcom NetLink (TM) Gigabit Ethernet - Packet Scheduler Miniport
0x3 ...00 1b 77 25 d7 dc ...... Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 25
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 25
192.229.182.144 255.255.255.255 192.168.1.1 192.168.1.2 25
207.7.88.134 255.255.255.255 192.168.1.1 192.168.1.2 25
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 25
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
255.255.255.255 255.255.255.255 192.168.1.2 2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/04/2017 06:49:57 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The
Error code is the first DWORD in Data section.

Error: (02/04/2017 06:49:57 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (02/04/2017 06:49:56 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The
Error code is the first DWORD in Data section.

Error: (02/04/2017 06:49:56 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (02/04/2017 06:49:11 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service Windows Workflow Foundation 4.0.0.0 (Windows Workflow Foundation 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

Error: (02/04/2017 06:49:11 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (02/04/2017 06:47:00 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service MSDTC Bridge 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

Error: (02/04/2017 06:47:00 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (02/04/2017 06:47:00 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service SMSvcHost 4.0.0.0 (SMSvcHost 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

Error: (02/04/2017 06:47:00 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.


System errors:
=============
Error: (02/15/2017 04:55:00 PM) (Source: Schedule) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942402 = The system cannot find the file specified.


Error: (02/15/2017 03:55:00 PM) (Source: Schedule) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942402 = The system cannot find the file specified.


Error: (02/15/2017 02:55:00 PM) (Source: Schedule) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942402 = The system cannot find the file specified.


Error: (02/15/2017 01:55:00 PM) (Source: Schedule) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942402 = The system cannot find the file specified.


Error: (02/15/2017 12:55:00 PM) (Source: Schedule) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942402 = The system cannot find the file specified.


Error: (02/15/2017 11:55:00 AM) (Source: Schedule) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942402 = The system cannot find the file specified.


Error: (02/15/2017 10:55:00 AM) (Source: Schedule) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942402 = The system cannot find the file specified.


Error: (02/15/2017 09:55:00 AM) (Source: Schedule) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942402 = The system cannot find the file specified.


Error: (02/15/2017 08:55:00 AM) (Source: Schedule) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942402 = The system cannot find the file specified.


Error: (02/15/2017 06:55:00 AM) (Source: Schedule) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942402 = The system cannot find the file specified.



Microsoft Office Sessions:
=========================
Error: (02/04/2017 06:49:57 PM) (Source: LoadPerf)(User: )
Description: ASP.NETASP.NET

Error: (02/04/2017 06:49:57 PM) (Source: LoadPerf)(User: )
Description: Performance

Error: (02/04/2017 06:49:56 PM) (Source: LoadPerf)(User: )
Description: aspnet_stateASP.NET State Service

Error: (02/04/2017 06:49:56 PM) (Source: LoadPerf)(User: )
Description: Performance

Error: (02/04/2017 06:49:11 PM) (Source: LoadPerf)(User: )
Description: Windows Workflow Foundation 4.0.0.0Windows Workflow Foundation 4.0.0.0

Error: (02/04/2017 06:49:11 PM) (Source: LoadPerf)(User: )
Description: Performance

Error: (02/04/2017 06:47:00 PM) (Source: LoadPerf)(User: )
Description: MSDTC Bridge 4.0.0.0MSDTC Bridge 4.0.0.0

Error: (02/04/2017 06:47:00 PM) (Source: LoadPerf)(User: )
Description: Performance

Error: (02/04/2017 06:47:00 PM) (Source: LoadPerf)(User: )
Description: SMSvcHost 4.0.0.0SMSvcHost 4.0.0.0

Error: (02/04/2017 06:47:00 PM) (Source: LoadPerf)(User: )
Description: Performance


=========================== Installed Programs ============================

Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Any Video Converter 6.0.7 (HKLM\...\Any Video Converter) (Version: 6.0.7 - Anvsoft)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1022 - )
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Broadcom NetXtreme Ethernet Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.22.12 - Broadcom Corporation)
DocProc (HKLM\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: 5.15 - NCH Software)
Express Rip CD Ripper Software (HKLM\...\ExpressRip) (Version: 1.97 - NCH Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{AB4DDFCF-6CCB-4539-920B-74AD7CFB043D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Embedded Security for ProtectTools (HKLM\...\{4BA3DDD4-BC91-48B2-8896-7A02C34829D7}) (Version: 4.5 - HP)
HP ProtectTools Security Manager (HKLM\...\{2DB165DC-DDB4-403F-B985-19F3EC7D0357}) (Version: 3.00 A10 - Hewlett-Packard)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.8.40.25 - Oracle Corporation) Hidden
Lightspark 0.5.3-git (HKLM\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)
OpenOffice.org 3.3 (HKLM\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
Photo Story 3 for Windows (HKLM\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
RAR File Open Knife - Free Opener (HKLM\...\RAR File Open Knife - Free Opener) (Version: 7 - Philipp Winterberg)
SopCast 3.8.3 (HKLM\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.4310 - Analog Devices)
Stanza (HKLM\...\Stanza) (Version: - )
Switch Sound File Converter (HKLM\...\Switch) (Version: 5.12 - NCH Software)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{607398CF-354B-4E21-B1BC-549424BFD04C}) (Version: 2.00.0003 - Texas Instruments Inc.)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
TIPCI (HKLM\...\{607398CF-354B-4E21-B1BC-549424BFD04C}) (Version: 2.00.0003 - Texas Instruments Inc.) Hidden
TIPCI (HKLM\...\{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Veetle TV (HKLM\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 4.58 - NCH Software)
VueScan x32 (HKLM\...\VueScan x32) (Version: - )
WavePad Sound Editor (HKLM\...\WavePad) (Version: 6.59 - NCH Software)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Easy Transfer for Windows 7 (HKLM\...\WET7Cable) (Version: - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version: - )
X Codec Pack (HKLM\...\X Codec Pack) (Version: 2.7.4 - X Codec Pack team)
Zylom Games Player Plugin (HKLM\...\Zylom Games Player Plugin) (Version: - Zylom Games)

========================= Memory info: ===================================

Percentage of memory in use: 66%
Total physical RAM: 1527.36 MB
Available physical RAM: 512.21 MB
Total Virtual: 2901.68 MB
Available Virtual: 1783.4 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:55.9 GB) (Free:11.39 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-3B477342DC

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 User


**** End of log ****
Click to expand...
 
Last edited by a moderator:
Autoruns Scan log.
Click to expand...
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "07/02/2017 17:40" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe" "21/11/2013 16:56" ""
+ "avgnt" "Avira system tray application" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avgnt.exe" "05/08/2016 12:20" ""
+ "Avira SystrayStartTrigger" "Avira Launcher" "Avira Operations GmbH & Co. KG" "c:\program files\avira\launcher\avira.systraystarttrigger.exe" "11/07/2016 08:58" ""
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files\hp\hp software update\hpwuschd2.exe" "12/01/2010 08:51" ""
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe" "15/02/2008 20:46" ""
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe" "15/02/2008 20:46" ""
+ "PTHOSTTR" "HP ProtectTools Security Manager" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\hp protecttools security manager\pthosttr.exe" "09/01/2007 21:39" ""
+ "SoundMAX" "Audio Control Panel" "Analog Devices, Inc." "c:\program files\analog devices\soundmax\smax4.exe" "06/05/2005 21:06" ""
+ "SoundMAXPnP" "SMax4PNP" "Analog Devices, Inc." "c:\program files\analog devices\core\smax4pnp.exe" "20/05/2005 15:11" ""
+ "Wondershare Helper Compact.exe" "" "" "File not found: C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe.exe" "" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "06/01/2017 13:05" ""
+ "Driver Wizard" "Driver Wizard Launcher" "DriverWizard" "c:\program files\driver wizard\dwlauncher.exe" "19/06/1992 22:22" ""
+ "msnmsgr" "" "" "File not found: C:\Program Files\Windows Live\Messenger\msnmsgr.exe" "" ""
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" "" "03/02/2017 18:27" ""
+ "What's my computer doing.lnk" "WhatsMyComputerDoing" "" "c:\program files\what's my computer doing\whatsmycomputerdoing.exe" "13/01/2010 12:50" ""
"C:\Documents and Settings\User\Start Menu\Programs\Startup" "" "" "" "12/01/2014 01:19" ""
+ "Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk" "" "" "c:\documents and settings\user\start menu\programs\startup\monitor ink alerts - hp deskjet 1000 j110 series.lnk" "28/01/2014 22:11" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "07/02/2017 16:46" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe" "13/04/2008 18:30" ""
+ "Google Chrome" "Google Chrome Installer" "Google Inc." "c:\program files\google\chrome\application\49.0.2623.112\installer\chrmstp.exe" "05/04/2016 23:26" ""
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe" "13/04/2008 18:30" ""
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" "" "05/02/2017 14:04" ""
+ "0" "" "" "File not found: About:Home" "" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "25/10/2016 17:00" ""
+ "APSDShExt" "Personal Secure Drive Shell Extension" "Infineon Technologies AG" "c:\program files\protecttools\embedded security software\psdshext.dll" "29/11/2005 15:48" ""
+ "Shell Extension for Malware scanning" "AntiVirus context menu" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\shlext.dll" "26/07/2016 15:30" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "17/07/2012 08:22" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll" "15/02/2008 20:46" ""
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "17/07/2012 09:28" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll" "08/05/2014 08:54" ""
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "OpenOffice.org" "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll" "17/01/2011 15:19" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "25/10/2016 17:00" ""
+ "APSDShExt" "Personal Secure Drive Shell Extension" "Infineon Technologies AG" "c:\program files\protecttools\embedded security software\psdshext.dll" "29/11/2005 15:48" ""
+ "Shell Extension for Malware scanning" "AntiVirus context menu" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\shlext.dll" "26/07/2016 15:30" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "16/12/2015 14:00" ""
+ "Java(tm) Plug-In 2 SSV Helper" "Java(TM) Platform SE binary" "Oracle Corporation" "c:\program files\java\jre1.8.0_40\bin\jp2ssv.dll" "11/02/2015 05:45" ""
+ "Java(tm) Plug-In SSV Helper" "Java(TM) Platform SE binary" "Oracle Corporation" "c:\program files\java\jre1.8.0_40\bin\ssv.dll" "11/02/2015 05:44" ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "07/02/2017 16:47" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe" "13/04/2008 18:34" ""
"Task Scheduler" "" "" "" "" ""
+ "Adobe Flash Player PPAPI Notifier.job" "Adobe® Flash® Player Installer/Uninstaller 23.0 r0" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashutil32_23_0_0_207_pepper.exe" "26/10/2016 02:01" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 24.0 r0" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "10/12/2016 23:16" ""
+ "At3.job" "" "" "File not found: C:\DOCUME~1\NETWOR~1\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE /Check.exe" "" ""
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe" "22/08/2015 02:13" ""
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe" "22/08/2015 02:13" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "07/02/2017 17:08" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "10/12/2016 23:16" ""
+ "AgereModemAudio" "Agere Soft Modem Call Progress Service" "Agere Systems" "c:\windows\system32\agrsmsvc.exe" "18/03/2008 16:27" ""
+ "AntiVirMailService" "Offers permanent protection against viruses and malware for email clients with the Avira search engine." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avmailc.exe" "05/08/2016 12:20" ""
+ "AntiVirSchedulerService" "Service to schedule Avira Free Antivirus jobs and updates." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\sched.exe" "05/08/2016 12:20" ""
+ "AntiVirService" "Offers permanent protection against viruses and malware with the Avira search engine." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avguard.exe" "05/08/2016 12:20" ""
+ "AntiVirWebService" "Offers permanent protection against viruses and malware for web browsers with the Avira search engine." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avwebgrd.exe" "05/08/2016 12:20" ""
+ "Avira.ServiceHost" "Hosts multiple Avira services within one Windows service." "Avira Operations GmbH & Co. KG" "c:\program files\avira\launcher\avira.servicehost.exe" "11/07/2016 09:01" ""
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe" "22/08/2015 02:13" ""
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe" "22/08/2015 02:13" ""
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "" "File not found: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" "" ""
+ "hpqwmiex" "hpqwmiex Module" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\shared\hpqwmiex.exe" "02/05/2006 20:41" ""
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe" "04/04/2005 05:41" ""
+ "IFXSpMgtSrv" "Provides management services for the Security Platform." "Infineon Technologies AG" "c:\windows\system32\ifxspmgt.exe" "03/03/2006 14:29" ""
+ "IFXTCS" "The Trusted Platform Core Service manages access to the Trusted Platform Module of this computer. If this service is stopped, the trustworthiness of this computer no longer can be verified. If this service is disabled, any services that explicitly depend on it will fail to start. " "Infineon Technologies AG" "c:\windows\system32\ifxtcs.exe" "03/03/2006 14:07" ""
+ "PersonalSecureDriveService" "Personal Secure Drive service for encrypted drives" "Infineon Technologies AG" "c:\program files\protecttools\embedded security software\psdsrvc.exe" "29/11/2005 15:34" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "07/02/2017 17:08" ""
+ "ADIHdAudAddService" "High Definition Audio Function Driver(Release Candidate 1)" "Analog Devices, Inc." "c:\windows\system32\drivers\adihdaud.sys" "31/01/2006 15:19" ""
+ "AEAudioService" "Audio Noise Filtering Driver" "Andrea Electronics Corporation" "c:\windows\system32\drivers\aeaudio.sys" "07/06/2005 20:53" ""
+ "AgereSoftModem" "SoftModem Device Driver" "Agere Systems" "c:\windows\system32\drivers\agrsm.sys" "21/03/2008 16:12" ""
+ "ATSWPDRV" "Slide Fingerprint USB Driver" "AuthenTec, Inc." "c:\windows\system32\drivers\atswpdrv.sys" "28/08/2007 19:47" ""
+ "avgntflt" "Avira mini-filter driver" "Avira Operations GmbH & Co. KG" "c:\windows\system32\drivers\avgntflt.sys" "15/06/2016 14:55" ""
+ "avipbb" "Avira Security Enhancement Driver" "Avira Operations GmbH & Co. KG" "c:\windows\system32\drivers\avipbb.sys" "21/06/2016 13:11" ""
+ "avkmgr" "Avira Manager Driver" "Avira Operations GmbH & Co. KG" "c:\windows\system32\drivers\avkmgr.sys" "09/03/2015 15:13" ""
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys" "17/10/2005 22:31" ""
+ "BTKRNL" "" "" "File not found: system32\DRIVERS\btkrnl.sys" "" ""
+ "BTWUSB" "" "" "File not found: System32\Drivers\btwusb.sys" "" ""
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys" "" ""
+ "ffpupehd" "" "" "File not found: System32\drivers\lyuws.sys" "" ""
+ "gstpxojq" "" "" "File not found: C:\WINDOWS\system32\drivers\gstpxojq.sys" "" ""
+ "GTIPCI21" "Texas Instruments PCI GemCore IFD Handler" "Texas Instruments" "c:\windows\system32\drivers\gtipci21.sys" "14/09/2006 14:55" ""
+ "HBtnKey" "HP Tablet PC Key Button HID Driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\cpqbttn.sys" "19/09/2005 19:24" ""
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows (R) Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys" "26/05/2005 15:46" ""
+ "HpqKbFiltr" "HpqKbFiltr Keyboard Filter Driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\hpqkbfiltr.sys" "18/06/2007 22:12" ""
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys" "" ""
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\igxpmp32.sys" "15/02/2008 21:12" ""
+ "IFXTPM" "Infineon Trusted Platform Module" "Infineon Technologies AG" "c:\windows\system32\drivers\ifxtpm.sys" "10/10/2005 13:46" ""
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys" "" ""
+ "NETw5x32" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5x32.sys" "26/10/2009 13:47" ""
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys" "" ""
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys" "" ""
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys" "" ""
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys" "" ""
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys" "" ""
+ "PersonalSecureDrive" "PSD Device Driver" "Infineon Technologies AG" "c:\windows\system32\drivers\psd.sys" "29/11/2005 15:33" ""
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys" "17/08/2001 20:49" ""
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "13/09/2006 13:18" ""
+ "SWDUMon" "Driver Update Installer Monitor" "" "c:\windows\system32\drivers\swdumon.sys" "20/07/2010 14:12" ""
+ "tifm21" "tifm21.sys" "Texas Instruments" "c:\windows\system32\drivers\tifm21.sys" "14/12/2007 15:21" ""
+ "vulfnths" "VIA USB Host Controller Lower Filter Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\vulfnth.sys" "02/06/2003 10:03" ""
+ "vulfntrs" "VIA USB Roothub Lower Filter Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\vulfntr.sys" "21/07/2003 08:39" ""
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" "" "" "" "16/07/2012 17:29" ""
+ "Adobe Type Manager" "Windows NT OpenType/Type 1 Font Driver" "Adobe Systems Incorporated" "c:\windows\system32\atmfd.dll" "04/06/2013 00:53" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "08/02/2017 12:08" ""
+ "msacm.ac3filter" "ac3filter" "" "c:\windows\system32\ac3filter.acm" "05/04/2013 17:26" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax" "14/04/2008 00:09" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "29/01/2010 14:43" ""
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm" "14/04/2008 00:11" ""
+ "msacm.trspch" "DSP Group TrueSpeech(TM) Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm" "18/08/2001 05:35" ""
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll" "17/06/2010 14:03" ""
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll" "18/08/2001 05:33" ""
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll" "18/08/2001 05:33" ""
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "14/04/2008 00:10" ""
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll" "14/04/2008 00:10" ""
+ "VIDC.VP80" "" "" "File not found: vp8vfw.dll" "" ""
+ "vidc.XVID" "" "" "File not found: xvidvfw.dll" "" ""
"HKLM\Software\Classes\Filter" "" "" "" "17/07/2012 07:36" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "14/04/2008 00:10" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "14/04/2008 00:10" ""
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "14/04/2008 00:10" ""
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "14/04/2008 00:10" ""
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "08/02/2017 12:09" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "AC3Filter" "ac3filter" "" "c:\program files\x codec pack\filters\x32\ac3filter.ax" "05/04/2013 17:26" ""
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax" "18/08/2001 05:35" ""
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax" "14/04/2008 00:09" ""
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll" "14/04/2008 00:10" ""
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll" "14/04/2008 00:10" ""
+ "LAV Audio Decoder" "LAV Audio Decoder - DirectShow Audio Decoder" "1f0.de - Hendrik Leppkes" "c:\program files\x codec pack\filters\x32\lavaudio.ax" "22/09/2015 09:47" ""
+ "LAV Splitter" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "c:\program files\x codec pack\filters\x32\lavsplitter.ax" "22/09/2015 09:47" ""
+ "LAV Splitter Source" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "c:\program files\x codec pack\filters\x32\lavsplitter.ax" "22/09/2015 09:47" ""
+ "LAV Video Decoder" "LAV Video Decoder - DirectShow Video Decoder" "1f0.de - Hendrik Leppkes" "c:\program files\x codec pack\filters\x32\lavvideo.ax" "22/09/2015 09:47" ""
+ "madVR" "madshi's D3D9 based video renderer" "madshi.net" "c:\program files\x codec pack\filters\madvr\madvr.ax" "20/09/2015 19:31" ""
+ "MainConcept Layer II Audio Encoder" "" "" "File not found: C:\WINDOWS\system32\mcl2ae.ax" "" ""
+ "MainConcept MPEG Multiplexer-Plus" "" "" "File not found: C:\WINDOWS\system32\mcmpeg2mux.ax" "" ""
+ "MainConcept MPEG-2 Video Encoder" "" "" "File not found: C:\WINDOWS\system32\mcm2ve.ax" "" ""
+ "MPC DTS/AC3/DD+ Source" "DTS/AC3 Source Filter" "MPC-BE Team" "c:\program files\x codec pack\filters\x32\dtsac3source.ax" "03/11/2013 15:19" ""
+ "MPC Matroska Source" "Matroska Splitter" "MPC-BE Team" "c:\windows\system32\matroskasplitter.ax" "03/11/2013 15:19" ""
+ "MPC Matroska Splitter" "Matroska Splitter" "MPC-BE Team" "c:\windows\system32\matroskasplitter.ax" "03/11/2013 15:19" ""
+ "MPC RealAudio Decoder" "RealMedia Splitter" "MPC-BE Team" "c:\windows\system32\realmediasplitter.ax" "03/11/2013 15:19" ""
+ "MPC RealMedia Source" "RealMedia Splitter" "MPC-BE Team" "c:\windows\system32\realmediasplitter.ax" "03/11/2013 15:19" ""
+ "MPC RealMedia Splitter" "RealMedia Splitter" "MPC-BE Team" "c:\windows\system32\realmediasplitter.ax" "03/11/2013 15:19" ""
+ "MPC RealVideo Decoder" "RealMedia Splitter" "MPC-BE Team" "c:\windows\system32\realmediasplitter.ax" "03/11/2013 15:19" ""
+ "MPC-HC CDXA Reader" "CDXA Reader Filter" "MPC-HC Team" "c:\windows\system32\cdxareader.ax" "13/07/2014 22:06" ""
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax" "15/06/2010 16:17" ""
+ "Photo Story 3 Source Filter" "Photo Story 3 for Windows" "Microsoft Corp." "c:\program files\photo story 3 for windows\pssourcefilter3.dll" "18/09/2004 01:02" ""
+ "Plus! Photo Story 3 WAV Dest" "Photo Story 3 for Windows" "Microsoft Corp." "c:\program files\photo story 3 for windows\wavdest3.dll" "18/09/2004 01:02" ""
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax" "18/08/2001 05:35" ""
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "14/04/2008 00:11" ""
+ "XySubFilter" "XySubFilter for MadVR" "xy-VSFilter Team" "c:\program files\x codec pack\filters\x32\xysubfilter.dll" "07/12/2014 13:45" ""
+ "XySubFilterAutoLoader" "XySubFilter for MadVR" "xy-VSFilter Team" "c:\program files\x codec pack\filters\x32\xysubfilter.dll" "07/12/2014 13:45" ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "17/07/2012 08:55" ""
+ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe" "08/03/2009 11:34" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" "" "17/07/2012 10:46" ""
+ "IfxWlxEN" "Winlogon Event Notification DLL" "Infineon Technologies AG" "c:\windows\system32\ifxwlxen.dll" "03/03/2006 14:08" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll" "15/02/2008 20:45" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" "" "07/02/2017 16:39" ""
+ "000000000001" "AntiVir layered service provider" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avsda.dll" "30/04/2014 15:28" ""
+ "000000000002" "AntiVir layered service provider" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avsda.dll" "30/04/2014 15:28" ""
+ "000000000020" "AntiVir layered service provider" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avsda.dll" "30/04/2014 15:28" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "07/02/2017 16:39" ""
+ "HP 8811 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpinksts8811lm.dll" "12/09/2012 12:01" ""
Click to expand...
 
Last edited by a moderator:
Junkware Removal Tool (JRT) by Malwarebytes
Click to expand...
Version: 8.1.0 (12.05.2016)
Operating System: Microsoft Windows XP x86
Ran by User (Administrator) on 15/02/2017 at 19:08:57.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 26

Successfully deleted: C:\Documents and Settings\User\Local Settings\Application Data\drivertoolkit (Folder)
Successfully deleted: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff (Folder)
Successfully deleted: C:\Documents and Settings\User\Local Settings\Application Data\slimware utilities inc (Folder)
Successfully deleted: C:\end (File)
Successfully deleted: C:\WINDOWS\System32\drivers\swdumon.sys (File)
Successfully deleted: C:\WINDOWS\Tasks\At3.job (Task)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4FWJ8DQV (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\E92T2LKP (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MVM36RML (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O0VVQPU4 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O35B1HNX (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ONYV0HWF (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YK71KV2B (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZG1LH3RO (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\amiext (Folder)
Successfully deleted: C:\Program Files\convert audio free (Folder)
Successfully deleted: C:\Program Files\drivertoolkit (Folder)
Successfully deleted: C:\Program Files\freerip (Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4FWJ8DQV (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\E92T2LKP (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MVM36RML (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O0VVQPU4 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O35B1HNX (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ONYV0HWF (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YK71KV2B (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZG1LH3RO (Temporary Internet Files Folder)



Registry: 4

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{41564952-412D-5637-00A7-7A786E7484D7} (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/02/2017 at 19:11:32.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Click to expand...
 
Last edited by a moderator:
# AdwCleaner v6.043 - Logfile created 15/02/2017 at 19:16:56
Click to expand...
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : User - USER-3B477342DC
# Running from : C:\Documents and Settings\User\My Documents\Downloads\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: swdumon


***** [ Folders ] *****

[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\apn
[-] Folder deleted: C:\Documents and Settings\All Users\Start Menu\Programs\DriverToolkit
[-] Folder deleted: C:\Documents and Settings\All Users\Start Menu\Programs\Lightspark 0.5.3-git
[-] Folder deleted: C:\Documents and Settings\All Users\Documents\Downloaded Installers
[-] Folder deleted: C:\Program Files\Lightspark 0.5.3-git
[-] Folder deleted: C:\Program Files\WinZip Driver Updater
[-] Folder deleted: C:\DOCUME~1\User\LOCALS~1\Temp\apn
[-] Folder deleted: C:\DOCUME~1\User\LOCALS~1\Temp\APN-Stub
[-] Folder deleted: C:\DOCUME~1\User\LOCALS~1\Temp\OCS


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[-] Value deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key deleted: HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key deleted: HKU\.DEFAULT\Software\V-bates
[-] Key deleted: HKU\S-1-5-21-329068152-606747145-1417001333-1003\Software\AmiExt
[-] Key deleted: HKU\S-1-5-21-329068152-606747145-1417001333-1003\Software\DriverToolkit
[-] Key deleted: HKU\S-1-5-21-329068152-606747145-1417001333-1003\Software\Softonic
[-] Key deleted: HKU\S-1-5-21-329068152-606747145-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Digital Sites
[-] Key deleted: HKU\S-1-5-21-329068152-606747145-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AskPartnerNetwork
[#] Key deleted on reboot: HKU\S-1-5-18\Software\V-bates
[#] Key deleted on reboot: HKCU\Software\AmiExt
[#] Key deleted on reboot: HKCU\Software\DriverToolkit
[#] Key deleted on reboot: HKCU\Software\Softonic
[-] Key deleted: HKLM\SOFTWARE\Lightspark Team
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lightspark
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Digital Sites
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Lightspark
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key deleted: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
[-] Data restored: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
[-] Data restored: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5871 Bytes] - [15/02/2017 19:16:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [5757 Bytes] - [15/02/2017 19:16:09]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6017 Bytes] ##########
Click to expand...
 
Last edited by a moderator:
I'm seeing some alarming things deleted! Anyway, I hope this is what you wanted me to do. I'm going to switch my Avira and Firewall back on now. Thanks for your help - and your interest.
 
Sorry, missed 'HiJack this' but here it is. Hope the sequence of these processes wasn't crucial.

Logfile of Trend Micro HijackThis v2.0.4
Click to expand...
Scan saved at 23:11:26, on 15/02/2017
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\Launcher\Avira.Systray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O1 - Hosts: ::1 localhost# Fichier Hosts créé par RstHosts
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Driver Wizard] C:\Program Files\Driver Wizard\DWLauncher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activex (User '?')
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-329068152-606747145-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activex (User 'Default user')
O4 - S-1-5-21-329068152-606747145-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk = ? (User '?')
O4 - Startup: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk = ?
O4 - Global Startup: What's my computer doing.lnk = C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

--
End of file - 8996 bytes
Click to expand...
 
Last edited by a moderator:
Please uninstall the programs below with Geek Uninstaller, if something will not remove then use force mode.

HP Embedded Security for ProtectTools (HKLM\...\{4BA3DDD4-BC91-48B2-8896-7A02C34829D7}) (Version: 4.5 - HP)
HP ProtectTools Security Manager (HKLM\...\{2DB165DC-DDB4-403F-B985-19F3EC7D0357}) (Version: 3.00 A10 - Hewlett-Packard)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Easy Transfer for Windows 7 (HKLM\...\WET7Cable) (Version: - Microsoft Corporation)


Open your copy of autoruns, and under the "Task Scheduler" tab please Uncheck the items below.


upload_2017-2-15_18-5-24.png


+ "Adobe Flash Player PPAPI Notifier.job" "Adobe® Flash® Player Installer/Uninstaller 23.0 r0" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashutil32_23_0_0_207_pepper.exe" "26/10/2016 02:01" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 24.0 r0" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "10/12/2016 23:16" ""
+ "At3.job" "" "" "File not found: C:\DOCUME~1\NETWOR~1\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE /Check.exe" "" ""
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe" "22/08/2015 02:13" ""
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe" "22/08/2015 02:13" ""


Open your copy of autoruns, and under the "Services" tab please Uncheck the items below.

+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "10/12/2016 23:16" ""
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe" "22/08/2015 02:13" ""
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe" "22/08/2015 02:13" ""
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "" "File not found: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" "" ""
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe" "04/04/2005 05:41" ""
+ "PersonalSecureDriveService" "Personal Secure Drive service for encrypted drives" "Infineon Technologies AG" "c:\program files\protecttools\embedded security software\psdsrvc.exe" "29/11/2005 15:34" ""


Adware Removal Tool Scan.

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png


Hit Ok.

sYFsqHx.png


Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.
 
Last edited:
Zemana Scan.

Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Click the Cog/Sproket Wheel,
    upload_2017-1-29_21-3-19-png.1462
    at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
  • Open Zemana AntiMalware again.
  • Click on
    4zu6vb.jpg
    icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to Copy Paste saved report in your next message.
  • This will open a logfile, post that in your next reply
HijackThis Fix.

Locate the HijackThis file, double click to run it.
Close all other open programs prior to running this tool!!
Click Scan.
Then checkmark the items listed below.


O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Driver Wizard] C:\Program Files\Driver Wizard\DWLauncher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activex (User '?')
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-329068152-606747145-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activex (User 'Default user')
O4 - Global Startup: What's my computer doing.lnk = C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe

Now click on fix checked.
After the fix is complete, then reboot your machine.



Temp File Cleaner.

  • Note: This program may very well reboot your machine. Save any work prior to running.
  • Clean up your temp files with TFC.exe
  • Save it to your desktop.
  • Right click run as admin. (xp Users douoble click to run)
  • Please post all requested logs and tell me how things are running.
 
Couldn't find this: + "At3.job" "" "" "File not found: C:\DOCUME~1\NETWOR~1\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE /Check.exe" "" ""
This wasn't on the list: + "PersonalSecureDriveService" "Personal Secure Drive service for encrypted drives" "Infineon Technologies AG" "c:\program files\protecttools\embedded security software\psdsrvc.exe" "29/11/2005 15:34" ""
 
bernie lamb said:
Couldn't find this: + "At3.job" "" "" "File not found: C:\DOCUME~1\NETWOR~1\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE /Check.exe" "" ""
Click to expand...


No problem, it was deleted with junkware removal tool.

Successfully deleted: C:\WINDOWS\Tasks\At3.job (Task)
 
Also, when you have completed the scan with Zemana, please uninstall it.
 
Here's the Adware Removal tool report
Click to expand...
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time: 2017_02_15_23_54_43
OS: Microsoft Windows XP - x86 Bit
Account Name: User
Adware Definition: 02092017.2
Elapsed time: 05:59
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

[-] Deleted ->> File ->> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\Babel\en-US\media\properties\minigames\findit.xml

[-] Deleted ->> File ->> C:\Windows\System32\GroupPolicy\Machine\Registry.pol

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\SopCast

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\APNMCP

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\SopCast
Click to expand...
 
Last edited by a moderator:
Sorry I did the Adware Removal thing a good while ago. Forgot to click Post Reply!!

Just a thought, but since I'm installing all this lovely stuff, does that mean I can ditch Avira and MalwareBytes?
 
bernie lamb said:
does that mean I can ditch Avira and MalwareBytes?
Click to expand...


No, we will get to that at the end of this. I have an antivirus in mind for you that works mostly in the cloud. Which means less ram consumption, which allows you to free up resources to do other things with your machine.

Once we complete everything, then I will make a few suggestion with respect to your question. :)
 
Here's the Zemana Report:
Click to expand...
Zemana AntiMalware 2.72.2.101 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/2/16
Operating System : Windows XP 32-bit
Processor : 2X Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
BIOS Mode : Legacy
CUID : 14F55ADF72E225E7DABDC4
Scan Type : System Scan
Duration : 16m 1s
Scanned Objects : 47172
Detected Objects : 8
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Tabs Hijack (System)
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Potentially Unwanted Modification
Cleaning Action : Repair
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs = www.google.com

Chrome Shortcut
Status : Scanned
Object : --disable-hang-monitor
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Shortcut

Chrome Policy
Status : Scanned
Object : mlalfllmboedbjfgnlponjjffoogfcii
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Policy

Chrome Policy
Status : Scanned
Object : ifgdafdnkjbdnofenjbplmnkepdipkcm
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Policy

Chrome Policy
Status : Scanned
Object : njagefbnbldfpnnejeglbbcmimbnnpmk
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Policy

Chrome Policy
Status : Scanned
Object : cimpjipkkcgcbghgepmkimdcamibhgbc;http://mediaply.net/mediaplayer/update/updateMediaPlayerV1alpha2630.xml
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Policy

Hosts File
Status : Scanned
Object : %systemroot%\system32\drivers\etc\hosts
MD5 : B8715C1626629A765BE100CF88358C19
Publisher : -
Size : 178
Version : -
Detection : Hosts Hijack
Cleaning Action : Repair
Related Objects :
Hosts file - Hosts file is hidden
File - %systemroot%\system32\drivers\etc\hosts

DWLauncher.exe
Status : Scanned
Object : %chrome_probed_program_files_path%\driver wizard\dwlauncher.exe
MD5 : 12573B82712816EE32A0AD06F6312A81
Publisher : Smart PC Solutions, Inc.
Size : 868200
Version : 3.1.0.299
Detection : Scareware:Win32/FakeOptimizer!Ep
Cleaning Action : Quarantine
Related Objects :
File - %chrome_probed_program_files_path%\driver wizard\dwlauncher.exe
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Driver Wizard = C:\Program Files\Driver Wizard\DWLauncher.exe


Cleaning Result
-------------------------------------------------------
Cleaned : 8
Reported as safe : 0
Failed : 0
Click to expand...
 
Last edited by a moderator:
Status
Not open for further replies.
Top Bottom