Solved Infected XP Pro

[learninmypc]

Trying to get this XP PRO cleaned up, I've run numerous programs you've had me use in the past, I went try to download FRST but it took me here https://mega.nz/#!8EsnzBgR!N1_vSbvDt1z46iI0qAB_ZCCQrPJWWiMYDuWSonTjKNY

& I refuse to go there.
Originally I wanted to save myself & you the hassle by resetting it to factory settings & I still "might"be able to do such. I've run Rogue Killer 3 times & Superantispyware Avast & its still probably infected. Your advice matters, Thanks @Broni If nothing else, I want the bad crap off.

 

[learninmypc]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017 (ATTENTION: ====> FRSTversion is 304 days old and could be outdated)
Ran by Admin (administrator) on WINXPBE-152403 (01-11-2017 16:13:28)
Running from E:\
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Documents and Settings\Admin\Local Settings\Application Data\Chromium\Application\chrome.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\WINDOWS\system32\TaskSwitch.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AimerSoft) C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Olof Lagerkvist) C:\WINDOWS\system32\imdsksvc.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [CoolSwitch] => C:\WINDOWS\system32\taskswitch.exe [45632 2002-03-19] ()
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2066432 2014-10-31] (AimerSoft)
HKLM\...\Run: [upgmsd_us_009010275.exe] => C:\Documents and Settings\Admin\Local Settings\Application Data\gmsd_us_009010275\upgmsd_us_009010275.exe -runhelper
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-26] (AVAST Software)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21] (ATI Technologies Inc.)
Winlogon\Notify\RailNotification: C:\WINDOWS\system32\winlogonnotification.dll [2009-08-19] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-19\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,BrowserChoiceGoo
HKU\S-1-5-19\...\RunOnce: [UP.1st_UserStart] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,1st_UserStart
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,BrowserChoiceGoo
HKU\S-1-5-20\...\RunOnce: [UP.1st_UserStart] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,1st_UserStart
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6844320 2017-10-17] (SUPERAntiSpyware)
HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\Policies\Explorer: [MaxRecentDocs] 18
HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-57989841-920026266-1801674531-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmyst.scr [18944 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,BrowserChoiceGoo
HKU\S-1-5-18\...\RunOnce: [UP.1st_UserStart] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,1st_UserStart
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MS .NET Framework 4 - WinXP Slow Boot Fix v3.1.vbs [2014-05-23] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2015-12-27]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{5A1324A4-25A4-4F90-B459-3EA54DF91DDC}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-57989841-920026266-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nwmeddnld_16_12&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtDtCyC0C0AtAtDtAtB0FyDtC0BtBtN0D0Tzu0StCyDyEtBtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0B0CyDtDyB0E0BtGtD0D0C0CtG0DyByDyBtGtB0AzztAtG0A0F0BzytDyE0F0AtCyEzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0B0B0EyB0EzyyEtG0D0B0CzztGyE0FyC0DtGzzyByC0DtGyE0EyE0C0EtBtC0AtDtDyDyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D2113460999%26a%3Dwncy_nwmeddnld_16_12%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKLM -> {66C68655-D58D-409E-846F-296E7366BAA4} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nwmeddnld_16_12&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtDtCyC0C0AtAtDtAtB0FyDtC0BtBtN0D0Tzu0StCyDyEtBtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0B0CyDtDyB0E0BtGtD0D0C0CtG0DyByDyBtGtB0AzztAtG0A0F0BzytDyE0F0AtCyEzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0B0B0EyB0EzyyEtG0D0B0CzztGyE0FyC0DtGzzyByC0DtGyE0EyE0C0EtBtC0AtDtDyDyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D2113460999%26a%3Dwncy_nwmeddnld_16_12%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> DefaultScope {66C68655-D58D-409E-846F-296E7366BAA4} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nwmeddnld_16_12&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtDtCyC0C0AtAtDtAtB0FyDtC0BtBtN0D0Tzu0StCyDyEtBtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0B0CyDtDyB0E0BtGtD0D0C0CtG0DyByDyBtGtB0AzztAtG0A0F0BzytDyE0F0AtCyEzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0B0B0EyB0EzyyEtG0D0B0CzztGyE0FyC0DtGzzyByC0DtGyE0EyE0C0EtBtC0AtDtDyDyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D2113460999%26a%3Dwncy_nwmeddnld_16_12%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a2a82eab&q={searchTerms}
SearchScopes: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> {66C68655-D58D-409E-846F-296E7366BAA4} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nwmeddnld_16_12&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtDtCyC0C0AtAtDtAtB0FyDtC0BtBtN0D0Tzu0StCyDyEtBtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0B0CyDtDyB0E0BtGtD0D0C0CtG0DyByDyBtGtB0AzztAtG0A0F0BzytDyE0F0AtCyEzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0B0B0EyB0EzyyEtG0D0B0CzztGyE0FyC0DtGzzyByC0DtGyE0EyE0C0EtBtC0AtDtDyDyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D2113460999%26a%3Dwncy_nwmeddnld_16_12%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> {D671275A-5E31-42B8-924E-2DDF8CC2EADB} URL = hxxps://duckduckgo.com/?q={searchTerms}&kp=-1
SearchScopes: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> {F83B7E7A-688A-47DA-A9E5-A40D9E15266B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSGN.dll => No File
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Toolbar: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll No File
Handler: WSAMVCUchrome - No CLSID Value -
Handler: WSWSVCUchrome - No CLSID Value -
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: enbf972l.default
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\enbf972l.default [2017-11-01]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\enbf972l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-12-27] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-01] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2009-11-12] (Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\local-settings.js [2014-04-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2015-01-13] <==== ATTENTION

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.kiro7.com/"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: Default -> Search Module Plus
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-11-01]
CHR Extension: (Adguard AdBlocker) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-01]
CHR HKLM\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-57989841-920026266-1801674531-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-57989841-920026266-1801674531-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-30] (SUPERAntiSpyware.com)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-11-01] (Adobe Systems Incorporated) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5828816 2017-10-26] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-26] (AVAST Software)
R2 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [16480 2014-12-17] (Olof Lagerkvist)
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 nplus; "C:\Program Files\nplus\nplus.exe" /s iid=5770116 did=APSFInsTerra sid=6 ref=f57bfc41-b3d3-3899-dfd0-54ac0c1eaede-PolicyMac id=5ef55db1617f2a8984dcddfad9c22d08b9e4e8d1d97dd530a99618882851d09d [X]
S2 Update Primary Color; "C:\Program Files\Primary Color\updatePrimaryColor.exe" [X]
S2 Util Primary Color; "C:\Program Files\Primary Color\bin\utilPrimaryColor.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [255624 2017-10-26] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [157416 2017-10-26] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [276736 2017-10-26] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [50384 2017-10-26] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [42856 2017-10-26] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [124952 2017-10-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [70112 2017-10-26] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [70864 2017-10-26] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [783648 2017-10-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [499560 2017-10-26] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [203848 2017-10-26] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [297840 2017-10-26] (AVAST Software)
R2 AWEAlloc; C:\WINDOWS\System32\DRIVERS\awealloc.sys [17976 2014-12-17] (Olof Lagerkvist)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2015-11-19] () [File not signed]
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2009-08-18] (Microsoft Corporation)
S3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2007-04-26] (Conexant Systems, Inc.)
R2 ImDisk; C:\WINDOWS\System32\DRIVERS\imdisk.sys [36928 2014-12-17] (Olof Lagerkvist)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2016-01-04] (VSO Software) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SiS7018; C:\WINDOWS\System32\drivers\ac97sis.sys [297728 2001-08-17] (Silicon Integrated Systems Corp.)
R0 siside; C:\WINDOWS\System32\DRIVERS\siside.sys [4096 2003-03-25] (Silicon Integrated Systems Corp.)
R3 SISNICXP; C:\WINDOWS\System32\DRIVERS\sisnicxp.sys [32768 2006-02-14] (SiS Corporation)
S0 SISRAID; C:\WINDOWS\system32\Drivers\SISRAID.sys [48128 2015-03-20] (Silicon Integrated Systems) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2015-10-13] (Microsoft Corporation)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S4 IntelIde; no ImagePath
S1 MpKsl6132a2fa; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8B0EB168-2B9F-4B2D-A9ED-6D7166483E4B}\MpKsl6132a2fa.sys [X]
S3 SBFWIMCLMP; system32\DRIVERS\SBFWIM.sys [X]
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2009-05-14] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-01 16:12 - 2017-11-01 16:13 - 000000000 ____D C:\FRST
2017-11-01 15:21 - 2017-11-01 15:21 - 020731904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2017-11-01 15:21 - 2017-11-01 15:21 - 000000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-11-01 12:13 - 2017-11-01 12:14 - 498071552 _____ C:\Documents and Settings\Admin\Desktop\w2k3sp2_3959_usa_x64fre_spcd.iso
2017-10-29 18:53 - 2017-10-29 18:53 - 000008192 _____ C:\WINDOWS\REGLOCS.OLD
2017-10-29 10:22 - 2017-10-29 10:22 - 000000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2017-10-29 09:43 - 2017-10-29 09:43 - 000000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2017-10-29 09:43 - 2017-10-29 09:43 - 000000000 ____D C:\Program Files\Speccy
2017-10-29 09:43 - 2017-10-29 09:43 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2017-10-27 11:37 - 2004-01-01 00:00 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\ESET
2017-10-27 11:36 - 2017-10-27 11:36 - 006754944 _____ (ESET spol. s r.o.) C:\Documents and Settings\Admin\Desktop\esetonlinescanner_enu.exe
2017-10-27 11:31 - 2017-10-27 11:31 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MB3Migration
2017-10-27 11:30 - 2017-10-27 11:30 - 000000000 ____D C:\WINDOWS\pss
2017-10-27 10:43 - 2017-10-27 10:43 - 000028355 _____ C:\WINDOWS\Minidump\Mini102717-02.zip
2017-10-27 10:37 - 2017-10-27 10:37 - 000090112 _____ C:\WINDOWS\Minidump\Mini102717-02.dmp
2017-10-27 10:35 - 2017-10-27 10:43 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-27 10:35 - 2017-10-27 10:35 - 000090112 _____ C:\WINDOWS\Minidump\Mini102717-01.dmp
2017-10-27 09:20 - 2017-11-01 14:34 - 000000280 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2017-10-27 09:20 - 2017-10-27 09:20 - 000000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2017-10-27 09:20 - 2017-10-27 09:20 - 000000000 ____D C:\Program Files\CCleaner
2017-10-27 09:20 - 2017-10-27 09:20 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2017-10-27 08:51 - 2017-10-27 08:51 - 000000000 __SHD C:\WINDOWS\CSC
2017-10-27 08:26 - 2017-10-27 08:26 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-10-27 07:51 - 2017-11-01 11:17 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-10-27 07:51 - 2017-10-27 08:07 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2017-10-27 07:50 - 2017-10-27 07:50 - 000000718 _____ C:\Documents and Settings\All Users\Desktop\RogueKiller.lnk
2017-10-27 07:50 - 2017-10-27 07:50 - 000000000 ____D C:\Program Files\RogueKiller
2017-10-27 07:50 - 2017-10-27 07:50 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
2017-10-27 07:39 - 2017-10-27 07:39 - 000001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2017-10-27 07:32 - 2017-11-01 15:37 - 000000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-10-27 07:32 - 2017-11-01 14:34 - 000000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d34f305bac198a.job
2017-10-27 07:32 - 2017-11-01 14:34 - 000000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-10-26 21:01 - 2017-10-26 21:01 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Temp
2017-10-26 20:39 - 2017-10-26 20:40 - 000000000 ____T C:\WINDOWS\system32\mfs11.tmp
2017-10-26 20:39 - 2017-10-26 20:39 - 000000000 ____T C:\WINDOWS\system32\mfs10.tmp
2017-10-26 20:37 - 2017-10-27 08:26 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-26 20:25 - 2017-10-26 20:25 - 000000000 ____D C:\Program Files\GUM4.tmp
2017-10-26 20:12 - 2017-10-26 20:12 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\CEF
2017-10-26 20:12 - 2017-10-26 20:12 - 000000000 ____D C:\Documents and Settings\Admin\Application Data\AVAST Software
2017-10-26 20:11 - 2017-10-26 20:11 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2017-10-26 20:11 - 2017-10-26 20:11 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2017-10-26 20:11 - 2008-11-07 18:55 - 000016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2017-10-26 20:10 - 2017-11-01 14:34 - 000000356 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-10-26 20:10 - 2017-10-26 20:10 - 000921280 _____ (Microsoft Corporation) C:\WINDOWS\ucrtbase.dll
2017-10-26 20:10 - 2017-10-26 20:10 - 000783648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000499560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000304816 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-10-26 20:10 - 2017-10-26 20:10 - 000297840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000276736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000255624 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000203848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000157416 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000124952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000070864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000070112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000050384 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000042856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-10-26 20:09 - 2017-10-26 20:09 - 000000000 ____D C:\Program Files\AVAST Software
2017-10-26 20:08 - 2017-10-26 21:30 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-10-26 20:08 - 2017-10-26 20:08 - 000000039 _____ C:\Documents and Settings\Admin\Desktop\Stats.ini
2017-10-26 19:42 - 2017-11-01 11:15 - 000000000 ____D C:\Program Files\SpywareBlaster
2017-10-26 19:42 - 2017-11-01 11:15 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2017-10-26 19:42 - 2017-10-26 19:42 - 000000754 _____ C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
2017-10-26 19:42 - 2017-10-26 19:42 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2017-10-26 19:36 - 2017-10-26 19:36 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Admin\Desktop\JRT.exe
2017-10-26 19:15 - 2017-10-26 19:15 - 000001767 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
2017-10-26 19:15 - 2017-10-26 19:15 - 000001761 _____ C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
2017-10-26 19:15 - 2017-10-26 19:15 - 000000000 ____D C:\Program Files\Belarc
2017-10-26 19:15 - 2015-11-19 16:04 - 000003840 _____ C:\WINDOWS\system32\Drivers\BANTExt.sys
2017-10-26 18:55 - 2017-10-26 18:55 - 000000000 _____ C:\Documents and Settings\Admin\Desktop\TempWmicBatchFile.bat
2017-10-26 18:54 - 2017-10-26 18:54 - 000000000 ____D C:\SUPERDelete
2017-10-26 18:53 - 2017-10-26 18:53 - 000001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-10-26 18:53 - 2017-10-26 18:53 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2017-10-26 18:53 - 2017-10-26 18:53 - 000000000 ____D C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2017-10-26 18:52 - 2017-10-26 18:53 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-10-26 18:52 - 2017-10-26 18:52 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-01 16:13 - 2015-12-27 14:16 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Temp
2017-11-01 15:21 - 2015-12-27 16:19 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-11-01 15:21 - 2015-12-27 16:19 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-11-01 15:21 - 2015-12-27 16:19 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-11-01 15:21 - 2015-12-27 16:19 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-01 14:38 - 2015-12-27 08:08 - 000629834 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-01 14:34 - 2015-12-27 14:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-01 12:15 - 2015-12-27 14:16 - 000032564 _____ C:\WINDOWS\SchedLgU.Txt
2017-11-01 12:15 - 2015-12-27 14:16 - 000000178 ___SH C:\Documents and Settings\Admin\ntuser.ini
2017-11-01 12:15 - 2015-12-27 14:16 - 000000000 ____D C:\Documents and Settings\Admin
2017-11-01 10:45 - 2008-04-14 04:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-10-27 10:19 - 2015-12-27 07:59 - 000000000 ____D C:\WINDOWS\security
2017-10-27 09:21 - 2016-01-04 15:58 - 000000000 ____D C:\Documents and Settings\Admin\Application Data\Vso
2017-10-27 09:21 - 2015-12-29 19:52 - 000000000 ____D C:\Documents and Settings\Admin\Application Data\MPC-HC
2017-10-27 07:39 - 2016-03-22 11:45 - 000001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2017-10-27 07:39 - 2016-03-22 10:01 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Google
2017-10-27 07:37 - 2016-03-22 11:57 - 000000000 ____D C:\Program Files\Google
2017-10-27 06:13 - 2016-04-14 04:37 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-27 05:47 - 2016-04-12 22:26 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\32844c97
2017-10-26 20:28 - 2015-12-27 14:16 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2017-10-26 20:21 - 2016-04-05 10:47 - 000000000 ____D C:\WINDOWS\system32\SSL
2017-10-26 20:18 - 2015-12-27 16:33 - 000000000 ____D C:\Program Files\Unlocker
2017-10-26 20:17 - 2015-12-27 16:20 - 000000000 ____D C:\Program Files\7-Zip
2017-10-26 20:17 - 2015-12-27 16:20 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2017-10-26 20:11 - 2015-12-27 07:59 - 000000000 ____D C:\WINDOWS\inf
2017-10-26 19:52 - 2016-02-28 17:39 - 000000000 ____D C:\Program Files\Total Video Converter
2017-10-26 19:32 - 2015-12-27 18:13 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Adobe
2017-10-26 19:27 - 2016-04-05 10:47 - 000000000 ____D C:\Program Files\Win32_ComputerSystemProduct-1459878442---
2017-10-26 19:27 - 2016-03-23 10:08 - 000000000 ____D C:\Program Files\Qataleocri
2017-10-26 19:27 - 2016-03-22 22:07 - 000000000 ____D C:\Program Files\Racxoaksakw
2017-10-26 19:27 - 2015-12-29 19:12 - 000152886 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-10-26 19:27 - 2015-12-27 16:58 - 000393216 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt

==================== Files in the root of some directories =======

2016-01-04 15:58 - 2016-01-04 15:58 - 000087608 _____ () C:\Documents and Settings\Admin\Application Data\inst.exe
2016-03-22 09:58 - 2016-03-22 09:58 - 000127488 _____ () C:\Documents and Settings\Admin\Application Data\Installer.dat
2016-01-04 15:58 - 2016-01-04 15:58 - 000007887 _____ () C:\Documents and Settings\Admin\Application Data\pcouffin.cat
2016-01-04 15:58 - 2016-01-04 15:58 - 000001144 _____ () C:\Documents and Settings\Admin\Application Data\pcouffin.inf
2016-01-04 15:58 - 2016-01-04 15:58 - 000000034 _____ () C:\Documents and Settings\Admin\Application Data\pcouffin.log
2016-01-04 15:58 - 2016-01-04 15:58 - 000047360 _____ (VSO Software) C:\Documents and Settings\Admin\Application Data\pcouffin.sys
2016-01-04 15:59 - 2016-01-27 12:42 - 000001057 _____ () C:\Documents and Settings\Admin\Application Data\vso_ts_preview.xml

Some files in TEMP:
====================
2010-11-18 11:27 - 2010-11-18 11:27 - 000587776 _____ (Igor Pavlov) C:\Documents and Settings\Admin\Local Settings\Temp\7za.exe
2016-01-30 16:49 - 2016-01-30 16:49 - 000071176 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\amazoncct.dll
2016-01-30 16:49 - 2016-01-30 16:49 - 000096288 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\cct.dll
2016-02-08 20:13 - 2016-02-08 20:13 - 014107008 _____ (Driver-Soft Inc. ) C:\Documents and Settings\Admin\Local Settings\Temp\DG_Setup_original.exe
2017-10-27 07:51 - 2016-01-29 20:21 - 000720384 _____ (Microsoft Corporation) C:\Documents and Settings\Admin\Local Settings\Temp\dllnt_dump.dll
2012-08-20 13:40 - 2012-08-20 13:40 - 002907752 _____ (Easeware ) C:\Documents and Settings\Admin\Local Settings\Temp\DriverEasy_Setup.exe
2016-03-25 07:52 - 2016-03-25 07:53 - 000616616 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Admin\Local Settings\Temp\F4.tmp.exe
2016-03-23 04:06 - 2016-03-23 04:06 - 000098414 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\io5.exe
2016-01-30 16:49 - 2016-01-30 16:49 - 000287120 _____ (Ask Partner Network) C:\Documents and Settings\Admin\Local Settings\Temp\JavaIC.dll
2016-01-30 16:49 - 2016-01-30 16:49 - 000331488 _____ (McAfee, Inc.) C:\Documents and Settings\Admin\Local Settings\Temp\msscct32.dll
2017-10-26 19:51 - 2016-03-23 10:07 - 000099898 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\Uninstall.exe
2016-01-30 16:49 - 2016-01-30 16:49 - 000450328 _____ (Yahoo Inc.) C:\Documents and Settings\Admin\Local Settings\Temp\YSearchUtil.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

[learninmypc]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2017
Ran by Admin (01-11-2017 16:14:17)
Running from E:\
Microsoft Windows XP Professional Service Pack 3 (X86) (2015-12-27 21:15:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-57989841-920026266-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Admin
Administrator (S-1-5-21-57989841-920026266-1801674531-500 - Administrator - Disabled)
ASPNET (S-1-5-21-57989841-920026266-1801674531-1004 - Limited - Enabled)
Guest (S-1-5-21-57989841-920026266-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-57989841-920026266-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-57989841-920026266-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Alt-Tab Task Switcher Powertoy for Windows XP (HKLM\...\{A7050037-F0EA-4BAB-BCD5-FC05507D6147}) (Version: 1.00.0001 - Microsoft Corporation)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.231-060221a1-030895C-ATI - )
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Belarc Advisor 8.5c (HKLM\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
ClearType Tuning Control Panel Applet (HKLM\...\{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}) (Version: 1.01.0000 - Microsoft Corporation)
ContextConsole Shell Extension (x86-32) (HKLM\...\CmdOpen Shell Extension) (Version: 2.1.0.1 - Kai Liu)
ConvertXtoDVD 4.1.19.365 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: 1.* - )
K-Lite Mega Codec Pack 11.0.0 (HKLM\...\KLiteCodecPack_is1) (Version: 11.0.0 - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.3.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}) (Version: 3.5.30730 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Hidden
PCI SoftV92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: - )
SiS 900 PCI Fast Ethernet Adapter Driver (HKLM\...\SiSLan) (Version: - )
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-57989841-920026266-1801674531-1003_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll => No File
CustomCLSID: HKU\S-1-5-21-57989841-920026266-1801674531-1003_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll => No File
CustomCLSID: HKU\S-1-5-21-57989841-920026266-1801674531-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-57989841-920026266-1801674531-1003_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Chromium\Application\45.0.2433.0\delegate_execute.exe (IMALI - N.I. MEDIA LTD) <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-26] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [AimersoftUltimateFileOpreation] -> {8E1459F9-DF5B-42A1-9217-32EDD944778F} => C:\WINDOWS\system32\AI_ContextMenu.dll -> No File
ContextMenuHandlers1: [AimersoftVideoConverterFileOpreation] -> {F16DACB1-B8EC-48EB-BE62-4D2DDB27B5CE} => C:\WINDOWS\system32\AiCM32.dll -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-26] (AVAST Software)
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\Program Files\Total Video Converter\TVCShellExt.dll [2010-07-29] ()
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} => C:\WINDOWS\system32\WSCM32.dll -> No File
ContextMenuHandlers2: [CmdOpen Shell Extension] -> {693B08DA-DA1F-4f2b-A145-C06BDF01868A} => C:\WINDOWS\system32\ShellExt\CmdOpen.dll [2011-03-09] (code.kliu.org)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-26] (AVAST Software)
ContextMenuHandlers3: [HashCheck Shell Extension] -> {705977C7-86CB-4743-BFAF-6908BD19B7B0} => C:\WINDOWS\system32\ShellExt\HashCheck.dll [2009-07-03] (code.kliu.org)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [CmdOpen Shell Extension] -> {693B08DA-DA1F-4f2b-A145-C06BDF01868A} => C:\WINDOWS\system32\ShellExt\CmdOpen.dll [2011-03-09] (code.kliu.org)
ContextMenuHandlers5: [CmdOpen Shell Extension] -> {693B08DA-DA1F-4f2b-A145-C06BDF01868A} => C:\WINDOWS\system32\ShellExt\CmdOpen.dll [2011-03-09] (code.kliu.org)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-26] (AVAST Software)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d34f305bac198a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2008-04-14 04:00 - 2008-04-14 04:00 - 000015360 _____ () C:\WINDOWS\system32\tsd32.dll
2017-10-26 20:10 - 2017-10-26 20:10 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-10-26 20:10 - 2017-10-26 20:10 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-26 20:10 - 2017-10-26 20:10 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-26 20:10 - 2017-10-26 20:10 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-26 20:10 - 2017-10-26 20:10 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-11-01 11:16 - 2017-11-01 11:16 - 005882552 _____ () C:\Program Files\AVAST Software\Avast\defs\17110104\algo.dll
2017-10-26 20:10 - 2017-10-26 20:10 - 000703336 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-10-26 20:10 - 2017-10-26 20:10 - 000241448 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2002-03-19 16:30 - 2002-03-19 16:30 - 000045632 _____ () C:\WINDOWS\system32\taskswitch.exe
2016-03-05 09:47 - 2015-04-28 16:22 - 001498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-03-05 09:47 - 2014-05-19 18:19 - 000137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-03-05 10:17 - 2014-10-31 17:42 - 001498112 _____ () C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2016-03-05 10:17 - 2014-05-19 18:19 - 000137728 _____ () C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2017-10-26 20:10 - 2017-10-26 20:10 - 048936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-26 20:10 - 2017-10-26 20:10 - 000142792 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 04:00 - 2016-03-22 09:57 - 000001373 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.sunbeltsoftware.com
127.0.0.1 http://www.sunbeltsoftware.com/keys/405/register/
127.0.0.1 http://www.sunbeltsoftware.com/keys/405/autoget/
127.0.0.1 http://www.sunbeltsoftware.com/keys/405/update/
0.0.0.0 www.sunbeltsoftware.com
0.0.0.0 www.sunbeltsoftware.com/keys/405/register/
0.0.0.0 www.sunbeltsoftware.com/keys/405/autoget/
0.0.0.0 www.sunbeltsoftware.com/keys/405/update/
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-57989841-920026266-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Admin\Local Settings\Application Data\Chromium\Application\chrome.exe] => Enabled:Internet Quick Access
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNetisabledxpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNetisabledxpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNetisabledxpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNetisabledxpsp2res.dll,-22002

==================== Restore Points =========================

26-10-2017 19:40:40 JRT Pre-Junkware Removal
26-10-2017 20:11:10 Installed Windows XP Wdf01009.
26-10-2017 21:04:36 Restore Operation
27-10-2017 11:31:20 Restore Operation
01-01-2004 01:02:19 System Checkpoint
01-10-2017 09:32:33 Restore Operation
29-10-2017 09:49:19 JRT Pre-Junkware Removal
31-10-2017 10:40:47 System Checkpoint
01-11-2017 12:09:33 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/01/2017 09:22:37 AM) (Source: Userenv) (EventID: 1511) (User: NT AUTHORITY)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (10/01/2017 09:22:37 AM) (Source: Userenv) (EventID: 1515) (User: NT AUTHORITY)
Description: Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Error: (10/01/2017 09:22:37 AM) (Source: Userenv) (EventID: 1502) (User: NT AUTHORITY)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Error: (10/01/2017 09:19:07 AM) (Source: Userenv) (EventID: 1511) (User: NT AUTHORITY)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (10/01/2017 09:19:07 AM) (Source: Userenv) (EventID: 1515) (User: NT AUTHORITY)
Description: Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Error: (10/01/2017 09:19:07 AM) (Source: Userenv) (EventID: 1502) (User: NT AUTHORITY)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Error: (10/01/2017 09:19:04 AM) (Source: Userenv) (EventID: 1511) (User: NT AUTHORITY)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (10/01/2017 09:19:04 AM) (Source: Userenv) (EventID: 1515) (User: NT AUTHORITY)
Description: Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Error: (10/01/2017 09:19:04 AM) (Source: Userenv) (EventID: 1502) (User: NT AUTHORITY)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Error: (10/01/2017 01:06:49 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (11/01/2017 02:34:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Primary Color service failed to start due to the following error:
The system cannot find the path specified.

Error: (11/01/2017 02:34:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Primary Color service failed to start due to the following error:
The system cannot find the path specified.

Error: (11/01/2017 02:34:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net Plus service failed to start due to the following error:
The system cannot find the path specified.

Error: (11/01/2017 11:50:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{D851F103-8C90-4321-AFF0-58BA5BD421C2}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Error: (11/01/2017 11:50:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{D851F103-8C90-4321-AFF0-58BA5BD421C2}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Error: (11/01/2017 11:50:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Primary Color service failed to start due to the following error:
The system cannot find the path specified.

Error: (11/01/2017 11:50:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Primary Color service failed to start due to the following error:
The system cannot find the path specified.

Error: (11/01/2017 11:50:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net Plus service failed to start due to the following error:
The system cannot find the path specified.

Error: (11/01/2017 11:06:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
MPCBase
MPCKpt

Error: (11/01/2017 11:06:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The fAUIOCxcLNJ service failed to start due to the following error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 Processor 3200+
Percentage of memory in use: 30%
Total physical RAM: 2047.48 MB
Available physical RAM: 1417.68 MB
Total Virtual: 3939.53 MB
Available Virtual: 3414.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:186.3 GB) (Free:108.94 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (PNY 16GB) (Removable) (Total:14.98 GB) (Free:8.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 186.3 GB) (Disk ID: ABACC689)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[learninmypc]

Trying to download RogueKiller, I get this
This site can’t provide a secure connection
www.adlice.com uses an unsupported protocol.

So I will use the copy I have already

 

[Broni]

It's a safe download.

 

[learninmypc]

Ok, I didn't know so I saved it to a flash drive & used it that way, running roguekiller now.

 

[learninmypc]

Nothing from roguekiller, going to run malwarebytes.

 

[learninmypc]

I ran malwarebytes, it showed 63 infections but no results after reboot., perhaps because this is XP/Vista or ME? Hmmm, dunno.
Will try adwarecleaner now

 

[learninmypc]

Adwarecleaner will not run, something about C:lDocuments and settings\admin\
desktp\adwarecleaner.exe is not a valid win32 application

 

[Broni]

I need to see Malwarebytes log.
The Scan log is available throughout History ->Application logs

 

[learninmypc]

Ok, since I messed up, here is the scan results
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/2/17
Scan Time: 6:43 AM
Log File: c464c012-bfd3-11e7-be98-00016ca3032f.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3158
License: Free

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: WINXPBE-152403\Admin

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 282376
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 10 min, 13 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

[learninmypc]

I cannot get adwarecleaner to work at all. Post #10

 

[Broni]

No problem.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[learninmypc]

Avast will not let me download it, don't know how how got removed.

 

[Broni]

For now follow my previous reply.

 

[learninmypc]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2017 02
Ran by Admin (administrator) on WINXPBE-152403 (02-11-2017 17:55:52)
Running from C:\Documents and Settings\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Documents and Settings\Admin\Local Settings\Application Data\Chromium\Application\chrome.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
() C:\WINDOWS\system32\TaskSwitch.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AimerSoft) C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Olof Lagerkvist) C:\WINDOWS\system32\imdsksvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [CoolSwitch] => C:\WINDOWS\system32\taskswitch.exe [45632 2002-03-19] ()
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2066432 2014-10-31] (AimerSoft)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21] (ATI Technologies Inc.)
Winlogon\Notify\RailNotification: C:\WINDOWS\system32\winlogonnotification.dll [2009-08-19] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-19\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,BrowserChoiceGoo
HKU\S-1-5-19\...\RunOnce: [UP.1st_UserStart] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,1st_UserStart
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,BrowserChoiceGoo
HKU\S-1-5-20\...\RunOnce: [UP.1st_UserStart] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,1st_UserStart
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6844320 2017-10-17] (SUPERAntiSpyware)
HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\Policies\Explorer: [MaxRecentDocs] 18
HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-57989841-920026266-1801674531-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,BrowserChoiceGoo
HKU\S-1-5-18\...\RunOnce: [UP.1st_UserStart] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,1st_UserStart
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MS .NET Framework 4 - WinXP Slow Boot Fix v3.1.vbs [2014-05-23] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2015-12-27]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5A1324A4-25A4-4F90-B459-3EA54DF91DDC}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5A1324A4-25A4-4F90-B459-3EA54DF91DDC}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-57989841-920026266-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> DefaultScope {66C68655-D58D-409E-846F-296E7366BAA4} URL =
SearchScopes: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> {D671275A-5E31-42B8-924E-2DDF8CC2EADB} URL = hxxps://duckduckgo.com/?q={searchTerms}&kp=-1
SearchScopes: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> {F83B7E7A-688A-47DA-A9E5-A40D9E15266B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSGN.dll => No File
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Toolbar: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll No File
Handler: WSAMVCUchrome - No CLSID Value -
Handler: WSWSVCUchrome - No CLSID Value -
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: enbf972l.default
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\enbf972l.default [2017-11-01]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\enbf972l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-12-27] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-01] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2009-11-12] (Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\local-settings.js [2014-04-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2015-01-13] <==== ATTENTION

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.kiro7.com/"
CHR Profile: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-11-02]
CHR Extension: (Adguard AdBlocker) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-30] (SUPERAntiSpyware.com)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-11-01] (Adobe Systems Incorporated) [File not signed]
R2 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [16480 2014-12-17] (Olof Lagerkvist)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R2 AWEAlloc; C:\WINDOWS\System32\DRIVERS\awealloc.sys [17976 2014-12-17] (Olof Lagerkvist)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2015-11-19] () [File not signed]
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2009-08-18] (Microsoft Corporation)
S3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2007-04-26] (Conexant Systems, Inc.)
R2 ImDisk; C:\WINDOWS\System32\DRIVERS\imdisk.sys [36928 2014-12-17] (Olof Lagerkvist)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2017-11-02] (Malwarebytes)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2016-01-04] (VSO Software) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SiS7018; C:\WINDOWS\System32\drivers\ac97sis.sys [297728 2001-08-17] (Silicon Integrated Systems Corp.)
R0 siside; C:\WINDOWS\System32\DRIVERS\siside.sys [4096 2003-03-25] (Silicon Integrated Systems Corp.)
R3 SISNICXP; C:\WINDOWS\System32\DRIVERS\sisnicxp.sys [32768 2006-02-14] (SiS Corporation)
S0 SISRAID; C:\WINDOWS\system32\Drivers\SISRAID.sys [48128 2015-03-20] (Silicon Integrated Systems) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2015-10-13] (Microsoft Corporation)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S4 IntelIde; no ImagePath
S1 MpKsl6132a2fa; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8B0EB168-2B9F-4B2D-A9ED-6D7166483E4B}\MpKsl6132a2fa.sys [X]
S3 SBFWIMCLMP; system32\DRIVERS\SBFWIM.sys [X]
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2009-05-14] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-02 17:55 - 2017-11-02 17:56 - 000012894 _____ C:\Documents and Settings\Admin\Desktop\FRST.txt
2017-11-02 17:54 - 2017-11-02 17:54 - 000000000 ____D C:\Documents and Settings\Admin\Desktop\FRST-OlderVersion
2017-11-02 17:49 - 2017-11-02 17:54 - 001799680 _____ (Farbar) C:\Documents and Settings\Admin\Desktop\FRST.exe
2017-11-02 06:42 - 2017-11-02 17:46 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-11-02 06:42 - 2017-11-02 06:42 - 000001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-11-02 06:42 - 2017-11-02 06:42 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-11-02 06:42 - 2017-11-02 06:42 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-11-02 06:42 - 2017-10-04 13:15 - 000059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-11-01 19:32 - 2017-11-01 19:32 - 008250832 _____ (Malwarebytes) C:\Documents and Settings\Admin\Desktop\AdwCleaner.exe
2017-11-01 19:21 - 2017-11-01 19:21 - 000090112 _____ C:\WINDOWS\Minidump\Mini110117-03.dmp
2017-11-01 19:19 - 2017-11-01 19:19 - 000090112 _____ C:\WINDOWS\Minidump\Mini110117-02.dmp
2017-11-01 19:17 - 2017-11-01 19:16 - 000090112 _____ C:\WINDOWS\Minidump\Mini110117-01.dmp
2017-11-01 16:12 - 2017-11-02 17:55 - 000000000 ____D C:\FRST
2017-11-01 15:21 - 2017-11-01 15:21 - 020731904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2017-11-01 15:21 - 2017-11-01 15:21 - 000000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-10-29 18:53 - 2017-10-29 18:53 - 000008192 _____ C:\WINDOWS\REGLOCS.OLD
2017-10-29 10:22 - 2017-10-29 10:22 - 000000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2017-10-29 09:43 - 2017-10-29 09:43 - 000000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2017-10-29 09:43 - 2017-10-29 09:43 - 000000000 ____D C:\Program Files\Speccy
2017-10-29 09:43 - 2017-10-29 09:43 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2017-10-27 11:37 - 2004-01-01 00:00 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\ESET
2017-10-27 11:36 - 2017-10-27 11:36 - 006754944 _____ (ESET spol. s r.o.) C:\Documents and Settings\Admin\Desktop\esetonlinescanner_enu.exe
2017-10-27 11:30 - 2017-10-27 11:30 - 000000000 ____D C:\WINDOWS\pss
2017-10-27 10:43 - 2017-10-27 10:43 - 000028355 _____ C:\WINDOWS\Minidump\Mini102717-02.zip
2017-10-27 10:37 - 2017-10-27 10:37 - 000090112 _____ C:\WINDOWS\Minidump\Mini102717-02.dmp
2017-10-27 10:35 - 2017-10-27 10:43 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-27 10:35 - 2017-10-27 10:35 - 000090112 _____ C:\WINDOWS\Minidump\Mini102717-01.dmp
2017-10-27 09:20 - 2017-11-02 17:45 - 000000280 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2017-10-27 09:20 - 2017-10-27 09:20 - 000000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2017-10-27 09:20 - 2017-10-27 09:20 - 000000000 ____D C:\Program Files\CCleaner
2017-10-27 09:20 - 2017-10-27 09:20 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2017-10-27 08:51 - 2017-10-27 08:51 - 000000000 __SHD C:\WINDOWS\CSC
2017-10-27 07:51 - 2017-11-01 18:40 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-10-27 07:51 - 2017-10-27 08:07 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2017-10-27 07:50 - 2017-10-27 07:50 - 000000718 _____ C:\Documents and Settings\All Users\Desktop\RogueKiller.lnk
2017-10-27 07:50 - 2017-10-27 07:50 - 000000000 ____D C:\Program Files\RogueKiller
2017-10-27 07:50 - 2017-10-27 07:50 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
2017-10-27 07:39 - 2017-10-27 07:39 - 000001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2017-10-27 07:32 - 2017-11-02 17:45 - 000000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d34f305bac198a.job
2017-10-27 07:32 - 2017-11-02 17:45 - 000000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-10-27 07:32 - 2017-11-02 17:37 - 000000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-10-26 21:01 - 2017-10-26 21:01 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Temp
2017-10-26 20:39 - 2017-10-26 20:40 - 000000000 ____T C:\WINDOWS\system32\mfs11.tmp
2017-10-26 20:39 - 2017-10-26 20:39 - 000000000 ____T C:\WINDOWS\system32\mfs10.tmp
2017-10-26 20:37 - 2017-11-02 06:42 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-26 20:25 - 2017-10-26 20:25 - 000000000 ____D C:\Program Files\GUM4.tmp
2017-10-26 20:12 - 2017-10-26 20:12 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\CEF
2017-10-26 20:11 - 2008-11-07 18:55 - 000016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2017-10-26 20:10 - 2017-10-26 20:10 - 000921280 _____ (Microsoft Corporation) C:\WINDOWS\ucrtbase.dll
2017-10-26 20:08 - 2017-11-02 17:45 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-10-26 20:08 - 2017-10-26 20:08 - 000000039 _____ C:\Documents and Settings\Admin\Desktop\Stats.ini
2017-10-26 19:42 - 2017-11-01 11:15 - 000000000 ____D C:\Program Files\SpywareBlaster
2017-10-26 19:42 - 2017-11-01 11:15 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2017-10-26 19:42 - 2017-10-26 19:42 - 000000754 _____ C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
2017-10-26 19:42 - 2017-10-26 19:42 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2017-10-26 19:36 - 2017-10-26 19:36 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Admin\Desktop\JRT.exe
2017-10-26 19:15 - 2017-10-26 19:15 - 000001767 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
2017-10-26 19:15 - 2017-10-26 19:15 - 000001761 _____ C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
2017-10-26 19:15 - 2017-10-26 19:15 - 000000000 ____D C:\Program Files\Belarc
2017-10-26 19:15 - 2015-11-19 16:04 - 000003840 _____ C:\WINDOWS\system32\Drivers\BANTExt.sys
2017-10-26 18:55 - 2017-10-26 18:55 - 000000000 _____ C:\Documents and Settings\Admin\Desktop\TempWmicBatchFile.bat
2017-10-26 18:54 - 2017-10-26 18:54 - 000000000 ____D C:\SUPERDelete
2017-10-26 18:53 - 2017-10-26 18:53 - 000001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-10-26 18:53 - 2017-10-26 18:53 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2017-10-26 18:53 - 2017-10-26 18:53 - 000000000 ____D C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2017-10-26 18:52 - 2017-10-26 18:53 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-10-26 18:52 - 2017-10-26 18:52 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-02 17:56 - 2015-12-27 14:16 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Temp
2017-11-02 17:50 - 2015-12-27 08:08 - 000629834 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-02 17:45 - 2015-12-27 14:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-02 17:44 - 2015-12-27 14:16 - 000032640 _____ C:\WINDOWS\SchedLgU.Txt
2017-11-02 17:44 - 2015-12-27 14:16 - 000000178 ___SH C:\Documents and Settings\Admin\ntuser.ini
2017-11-02 17:21 - 2015-12-27 16:19 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-11-02 13:31 - 2015-12-27 07:59 - 000000000 ____D C:\WINDOWS\security
2017-11-01 20:16 - 2015-12-27 14:16 - 000000000 ____D C:\Documents and Settings\Admin
2017-11-01 19:21 - 2017-10-01 09:18 - 000193214 _____ C:\WINDOWS\ntbtlog.txt
2017-11-01 15:21 - 2015-12-27 16:19 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-11-01 15:21 - 2015-12-27 16:19 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-11-01 15:21 - 2015-12-27 16:19 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-01 10:45 - 2008-04-14 04:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-10-27 09:21 - 2016-01-04 15:58 - 000000000 ____D C:\Documents and Settings\Admin\Application Data\Vso
2017-10-27 09:21 - 2015-12-29 19:52 - 000000000 ____D C:\Documents and Settings\Admin\Application Data\MPC-HC
2017-10-27 07:39 - 2016-03-22 11:45 - 000001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2017-10-27 07:39 - 2016-03-22 10:01 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Google
2017-10-27 07:37 - 2016-03-22 11:57 - 000000000 ____D C:\Program Files\Google
2017-10-27 06:13 - 2016-04-14 04:37 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-27 05:47 - 2016-04-12 22:26 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\32844c97
2017-10-26 20:28 - 2015-12-27 14:16 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2017-10-26 20:21 - 2016-04-05 10:47 - 000000000 ____D C:\WINDOWS\system32\SSL
2017-10-26 20:18 - 2015-12-27 16:33 - 000000000 ____D C:\Program Files\Unlocker
2017-10-26 20:17 - 2015-12-27 16:20 - 000000000 ____D C:\Program Files\7-Zip
2017-10-26 20:17 - 2015-12-27 16:20 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2017-10-26 20:11 - 2015-12-27 07:59 - 000000000 ____D C:\WINDOWS\inf
2017-10-26 19:52 - 2016-02-28 17:39 - 000000000 ____D C:\Program Files\Total Video Converter
2017-10-26 19:32 - 2015-12-27 18:13 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Adobe
2017-10-26 19:27 - 2016-04-05 10:47 - 000000000 ____D C:\Program Files\Win32_ComputerSystemProduct-1459878442---
2017-10-26 19:27 - 2016-03-23 10:08 - 000000000 ____D C:\Program Files\Qataleocri
2017-10-26 19:27 - 2016-03-22 22:07 - 000000000 ____D C:\Program Files\Racxoaksakw
2017-10-26 19:27 - 2015-12-29 19:12 - 000152886 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-10-26 19:27 - 2015-12-27 16:58 - 000393216 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt

==================== Files in the root of some directories =======

2016-01-04 15:58 - 2016-01-04 15:58 - 000087608 _____ () C:\Documents and Settings\Admin\Application Data\inst.exe
2016-03-22 09:58 - 2016-03-22 09:58 - 000127488 _____ () C:\Documents and Settings\Admin\Application Data\Installer.dat
2016-01-04 15:58 - 2016-01-04 15:58 - 000007887 _____ () C:\Documents and Settings\Admin\Application Data\pcouffin.cat
2016-01-04 15:58 - 2016-01-04 15:58 - 000001144 _____ () C:\Documents and Settings\Admin\Application Data\pcouffin.inf
2016-01-04 15:58 - 2016-01-04 15:58 - 000000034 _____ () C:\Documents and Settings\Admin\Application Data\pcouffin.log
2016-01-04 15:58 - 2016-01-04 15:58 - 000047360 _____ (VSO Software) C:\Documents and Settings\Admin\Application Data\pcouffin.sys
2016-01-04 15:59 - 2016-01-27 12:42 - 000001057 _____ () C:\Documents and Settings\Admin\Application Data\vso_ts_preview.xml

Some files in TEMP:
====================
2010-11-18 11:27 - 2010-11-18 11:27 - 000587776 _____ (Igor Pavlov) C:\Documents and Settings\Admin\Local Settings\Temp\7za.exe
2016-01-30 16:49 - 2016-01-30 16:49 - 000071176 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\amazoncct.dll
2016-01-30 16:49 - 2016-01-30 16:49 - 000096288 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\cct.dll
2016-02-08 20:13 - 2016-02-08 20:13 - 014107008 _____ (Driver-Soft Inc. ) C:\Documents and Settings\Admin\Local Settings\Temp\DG_Setup_original.exe
2017-10-27 07:51 - 2016-01-29 20:21 - 000720384 _____ (Microsoft Corporation) C:\Documents and Settings\Admin\Local Settings\Temp\dllnt_dump.dll
2012-08-20 13:40 - 2012-08-20 13:40 - 002907752 _____ (Easeware ) C:\Documents and Settings\Admin\Local Settings\Temp\DriverEasy_Setup.exe
2016-03-25 07:52 - 2016-03-25 07:53 - 000616616 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Admin\Local Settings\Temp\F4.tmp.exe
2016-03-23 04:06 - 2016-03-23 04:06 - 000098414 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\io5.exe
2016-01-30 16:49 - 2016-01-30 16:49 - 000287120 _____ (Ask Partner Network) C:\Documents and Settings\Admin\Local Settings\Temp\JavaIC.dll
2016-01-30 16:49 - 2016-01-30 16:49 - 000331488 _____ (McAfee, Inc.) C:\Documents and Settings\Admin\Local Settings\Temp\msscct32.dll
2017-10-26 19:51 - 2016-03-23 10:07 - 000099898 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\Uninstall.exe
2016-01-30 16:49 - 2016-01-30 16:49 - 000450328 _____ (Yahoo Inc.) C:\Documents and Settings\Admin\Local Settings\Temp\YSearchUtil.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

[learninmypc]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2017 02
Ran by Admin (02-11-2017 17:56:27)
Running from C:\Documents and Settings\Admin\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2015-12-27 21:15:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-57989841-920026266-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Admin
Administrator (S-1-5-21-57989841-920026266-1801674531-500 - Administrator - Disabled)
ASPNET (S-1-5-21-57989841-920026266-1801674531-1004 - Limited - Enabled)
Guest (S-1-5-21-57989841-920026266-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-57989841-920026266-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-57989841-920026266-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Alt-Tab Task Switcher Powertoy for Windows XP (HKLM\...\{A7050037-F0EA-4BAB-BCD5-FC05507D6147}) (Version: 1.00.0001 - Microsoft Corporation)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.231-060221a1-030895C-ATI - )
Belarc Advisor 8.5c (HKLM\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
ClearType Tuning Control Panel Applet (HKLM\...\{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}) (Version: 1.01.0000 - Microsoft Corporation)
ContextConsole Shell Extension (x86-32) (HKLM\...\CmdOpen Shell Extension) (Version: 2.1.0.1 - Kai Liu)
ConvertXtoDVD 4.1.19.365 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: 1.* - )
K-Lite Mega Codec Pack 11.0.0 (HKLM\...\KLiteCodecPack_is1) (Version: 11.0.0 - )
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.3.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}) (Version: 3.5.30730 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Hidden
PCI SoftV92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: - )
SiS 900 PCI Fast Ethernet Adapter Driver (HKLM\...\SiSLan) (Version: - )
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-57989841-920026266-1801674531-1003_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll => No File
CustomCLSID: HKU\S-1-5-21-57989841-920026266-1801674531-1003_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll => No File
CustomCLSID: HKU\S-1-5-21-57989841-920026266-1801674531-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-57989841-920026266-1801674531-1003_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Chromium\Application\45.0.2433.0\delegate_execute.exe (IMALI - N.I. MEDIA LTD) <==== ATTENTION
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [AimersoftUltimateFileOpreation] -> {8E1459F9-DF5B-42A1-9217-32EDD944778F} => C:\WINDOWS\system32\AI_ContextMenu.dll -> No File
ContextMenuHandlers1: [AimersoftVideoConverterFileOpreation] -> {F16DACB1-B8EC-48EB-BE62-4D2DDB27B5CE} => C:\WINDOWS\system32\AiCM32.dll -> No File
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\Program Files\Total Video Converter\TVCShellExt.dll [2010-07-29] ()
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} => C:\WINDOWS\system32\WSCM32.dll -> No File
ContextMenuHandlers2: [CmdOpen Shell Extension] -> {693B08DA-DA1F-4f2b-A145-C06BDF01868A} => C:\WINDOWS\system32\ShellExt\CmdOpen.dll [2011-03-09] (code.kliu.org)
ContextMenuHandlers3: [HashCheck Shell Extension] -> {705977C7-86CB-4743-BFAF-6908BD19B7B0} => C:\WINDOWS\system32\ShellExt\HashCheck.dll [2009-07-03] (code.kliu.org)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [CmdOpen Shell Extension] -> {693B08DA-DA1F-4f2b-A145-C06BDF01868A} => C:\WINDOWS\system32\ShellExt\CmdOpen.dll [2011-03-09] (code.kliu.org)
ContextMenuHandlers5: [CmdOpen Shell Extension] -> {693B08DA-DA1F-4f2b-A145-C06BDF01868A} => C:\WINDOWS\system32\ShellExt\CmdOpen.dll [2011-03-09] (code.kliu.org)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d34f305bac198a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2008-04-14 04:00 - 2008-04-14 04:00 - 000015360 _____ () C:\WINDOWS\system32\tsd32.dll
2002-03-19 16:30 - 2002-03-19 16:30 - 000045632 _____ () C:\WINDOWS\system32\taskswitch.exe
2016-03-05 09:47 - 2015-04-28 16:22 - 001498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-03-05 09:47 - 2014-05-19 18:19 - 000137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-03-05 10:17 - 2014-10-31 17:42 - 001498112 _____ () C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2016-03-05 10:17 - 2014-05-19 18:19 - 000137728 _____ () C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2017-11-02 06:42 - 2017-10-04 13:15 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 04:00 - 2016-03-22 09:57 - 000001373 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.sunbeltsoftware.com
127.0.0.1 http://www.sunbeltsoftware.com/keys/405/register/
127.0.0.1 http://www.sunbeltsoftware.com/keys/405/autoget/
127.0.0.1 http://www.sunbeltsoftware.com/keys/405/update/
0.0.0.0 www.sunbeltsoftware.com
0.0.0.0 www.sunbeltsoftware.com/keys/405/register/
0.0.0.0 www.sunbeltsoftware.com/keys/405/autoget/
0.0.0.0 www.sunbeltsoftware.com/keys/405/update/
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-57989841-920026266-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 8.8.8.8
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Admin\Local Settings\Application Data\Chromium\Application\chrome.exe] => Enabled:Internet Quick Access
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNetisabledxpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNetisabledxpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNetisabledxpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNetisabledxpsp2res.dll,-22002

==================== Restore Points =========================

26-10-2017 19:40:40 JRT Pre-Junkware Removal
26-10-2017 20:11:10 Installed Windows XP Wdf01009.
26-10-2017 21:04:36 Restore Operation
27-10-2017 11:31:20 Restore Operation
01-01-2004 01:02:19 System Checkpoint
01-10-2017 09:32:33 Restore Operation
29-10-2017 09:49:19 JRT Pre-Junkware Removal
31-10-2017 10:40:47 System Checkpoint
01-11-2017 12:09:33 System Checkpoint
02-11-2017 12:22:45 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/01/2017 09:22:37 AM) (Source: Userenv) (EventID: 1511) (User: NT AUTHORITY)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (10/01/2017 09:22:37 AM) (Source: Userenv) (EventID: 1515) (User: NT AUTHORITY)
Description: Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Error: (10/01/2017 09:22:37 AM) (Source: Userenv) (EventID: 1502) (User: NT AUTHORITY)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Error: (10/01/2017 09:19:07 AM) (Source: Userenv) (EventID: 1511) (User: NT AUTHORITY)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (10/01/2017 09:19:07 AM) (Source: Userenv) (EventID: 1515) (User: NT AUTHORITY)
Description: Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Error: (10/01/2017 09:19:07 AM) (Source: Userenv) (EventID: 1502) (User: NT AUTHORITY)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Error: (10/01/2017 09:19:04 AM) (Source: Userenv) (EventID: 1511) (User: NT AUTHORITY)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (10/01/2017 09:19:04 AM) (Source: Userenv) (EventID: 1515) (User: NT AUTHORITY)
Description: Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Error: (10/01/2017 09:19:04 AM) (Source: Userenv) (EventID: 1502) (User: NT AUTHORITY)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Error: (10/01/2017 01:06:49 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (11/01/2017 07:23:27 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/01/2017 07:23:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AmdPPM
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswRvrt
aswSnx
aswSP
aswVmm
BANTExt
Fips
SASDIFSV
SASKUTIL

Error: (11/01/2017 07:21:46 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/01/2017 07:19:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/01/2017 07:19:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

Error: (11/01/2017 07:17:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/01/2017 07:17:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

Error: (11/01/2017 07:14:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/01/2017 07:14:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

Error: (11/01/2017 05:12:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Primary Color service failed to start due to the following error:
The system cannot find the path specified.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 Processor 3200+
Percentage of memory in use: 23%
Total physical RAM: 2047.48 MB
Available physical RAM: 1562.58 MB
Total Virtual: 3940.21 MB
Available Virtual: 3585.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:186.3 GB) (Free:108.13 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 186.3 GB) (Disk ID: ABACC689)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 58.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[learninmypc]

Fix result of Farbar Recovery Scan Tool (x86) Version: 02-11-2017 02
Ran by Admin (02-11-2017 19:13:38) Run:1
Running from C:\Documents and Settings\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSGN.dll => No File
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Toolbar: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll No File
Handler: WSAMVCUchrome - No CLSID Value -
Handler: WSWSVCUchrome - No CLSID Value -
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\local-settings.js [2014-04-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2015-01-13] <==== ATTENTION
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S4 IntelIde; no ImagePath
S1 MpKsl6132a2fa; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8B0EB168-2B9F-4B2D-A9ED-6D7166483E4B}\MpKsl6132a2fa.sys [X]
S3 SBFWIMCLMP; system32\DRIVERS\SBFWIM.sys [X]
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2009-05-14] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath
2016-01-04 15:58 - 2016-01-04 15:58 - 000087608 _____ () C:\Documents and Settings\Admin\Application Data\inst.exe
2016-03-22 09:58 - 2016-03-22 09:58 - 000127488 _____ () C:\Documents and Settings\Admin\Application Data\Installer.dat
2016-01-04 15:58 - 2016-01-04 15:58 - 000007887 _____ () C:\Documents and Settings\Admin\Application Data\pcouffin.cat
2016-01-04 15:58 - 2016-01-04 15:58 - 000001144 _____ () C:\Documents and Settings\Admin\Application Data\pcouffin.inf
2016-01-04 15:58 - 2016-01-04 15:58 - 000000034 _____ () C:\Documents and Settings\Admin\Application Data\pcouffin.log
2016-01-04 15:58 - 2016-01-04 15:58 - 000047360 _____ (VSO Software) C:\Documents and Settings\Admin\Application Data\pcouffin.sys
2016-01-04 15:59 - 2016-01-27 12:42 - 000001057 _____ () C:\Documents and Settings\Admin\Application Data\vso_ts_preview.xml
2010-11-18 11:27 - 2010-11-18 11:27 - 000587776 _____ (Igor Pavlov) C:\Documents and Settings\Admin\Local Settings\Temp\7za.exe
2016-01-30 16:49 - 2016-01-30 16:49 - 000071176 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\amazoncct.dll
2016-01-30 16:49 - 2016-01-30 16:49 - 000096288 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\cct.dll
2016-02-08 20:13 - 2016-02-08 20:13 - 014107008 _____ (Driver-Soft Inc. ) C:\Documents and Settings\Admin\Local Settings\Temp\DG_Setup_original.exe
2017-10-27 07:51 - 2016-01-29 20:21 - 000720384 _____ (Microsoft Corporation) C:\Documents and Settings\Admin\Local Settings\Temp\dllnt_dump.dll
2012-08-20 13:40 - 2012-08-20 13:40 - 002907752 _____ (Easeware ) C:\Documents and Settings\Admin\Local Settings\Temp\DriverEasy_Setup.exe
2016-03-25 07:52 - 2016-03-25 07:53 - 000616616 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Admin\Local Settings\Temp\F4.tmp.exe
2016-03-23 04:06 - 2016-03-23 04:06 - 000098414 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\io5.exe
2016-01-30 16:49 - 2016-01-30 16:49 - 000287120 _____ (Ask Partner Network) C:\Documents and Settings\Admin\Local Settings\Temp\JavaIC.dll
2016-01-30 16:49 - 2016-01-30 16:49 - 000331488 _____ (McAfee, Inc.) C:\Documents and Settings\Admin\Local Settings\Temp\msscct32.dll
2017-10-26 19:51 - 2016-03-23 10:07 - 000099898 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\Uninstall.exe
2016-01-30 16:49 - 2016-01-30 16:49 - 000450328 _____ (Yahoo Inc.) C:\Documents and Settings\Admin\Local Settings\Temp\YSearchUtil.dll
CustomCLSID: HKU\S-1-5-21-57989841-920026266-1801674531-1003_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll => No File
CustomCLSID: HKU\S-1-5-21-57989841-920026266-1801674531-1003_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll => No File
CustomCLSID: HKU\S-1-5-21-57989841-920026266-1801674531-1003_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Chromium\Application\45.0.2433.0\delegate_execute.exe (IMALI - N.I. MEDIA LTD) <==== ATTENTION
ContextMenuHandlers1: [AimersoftUltimateFileOpreation] -> {8E1459F9-DF5B-42A1-9217-32EDD944778F} => C:\WINDOWS\system32\AI_ContextMenu.dll -> No File
ContextMenuHandlers1: [AimersoftVideoConverterFileOpreation] -> {F16DACB1-B8EC-48EB-BE62-4D2DDB27B5CE} => C:\WINDOWS\system32\AiCM32.dll -> No File
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} => C:\WINDOWS\system32\WSCM32.dll -> No File
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [135]


*****************

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} => key removed successfully.
HKLM\Software\Classes\CLSID\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value removed successfully.
HKLM\Software\Classes\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => key removed successfully.
HKU\S-1-5-21-57989841-920026266-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value removed successfully.
HKLM\Software\Classes\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => key not found.
HKLM\Software\Classes\PROTOCOLS\Handler\vipresg => key removed successfully.
HKLM\Software\Classes\CLSID\{47BE2E5B-703B-444F-ABD3-05717D2191C6} => key removed successfully.
HKLM\Software\Classes\PROTOCOLS\Handler\WSAMVCUchrome => key removed successfully.
HKLM\Software\Classes\PROTOCOLS\Handler\WSWSVCUchrome => key removed successfully.
C:\Program Files\mozilla firefox\defaults\pref\local-settings.js => moved successfully
C:\Program Files\mozilla firefox\firefox.cfg => moved successfully
HKLM\System\CurrentControlSet\Services\MozillaMaintenance => key removed successfully.
MozillaMaintenance => service removed successfully.
HKLM\System\CurrentControlSet\Services\anvsnddrv => key removed successfully.
anvsnddrv => service removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\MpKsl6132a2fa => key removed successfully.
MpKsl6132a2fa => service removed successfully.
HKLM\System\CurrentControlSet\Services\SBFWIMCLMP => key removed successfully.
SBFWIMCLMP => service removed successfully.
HKLM\System\CurrentControlSet\Services\Sdbus => key removed successfully.
Sdbus => service removed successfully.
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
WS2IFSL => service removed successfully.
C:\Documents and Settings\Admin\Application Data\inst.exe => moved successfully
C:\Documents and Settings\Admin\Application Data\Installer.dat => moved successfully
C:\Documents and Settings\Admin\Application Data\pcouffin.cat => moved successfully
C:\Documents and Settings\Admin\Application Data\pcouffin.inf => moved successfully
C:\Documents and Settings\Admin\Application Data\pcouffin.log => moved successfully
C:\Documents and Settings\Admin\Application Data\pcouffin.sys => moved successfully
C:\Documents and Settings\Admin\Application Data\vso_ts_preview.xml => moved successfully
C:\Documents and Settings\Admin\Local Settings\Temp\7za.exe => moved successfully
C:\Documents and Settings\Admin\Local Settings\Temp\amazoncct.dll => moved successfully
C:\Documents and Settings\Admin\Local Settings\Temp\cct.dll => moved successfully
C:\Documents and Settings\Admin\Local Settings\Temp\DG_Setup_original.exe => moved successfully
C:\Documents and Settings\Admin\Local Settings\Temp\dllnt_dump.dll => moved successfully
C:\Documents and Settings\Admin\Local Settings\Temp\DriverEasy_Setup.exe => moved successfully
C:\Documents and Settings\Admin\Local Settings\Temp\F4.tmp.exe => moved successfully
C:\Documents and Settings\Admin\Local Settings\Temp\io5.exe => moved successfully
C:\Documents and Settings\Admin\Local Settings\Temp\JavaIC.dll => moved successfully
C:\Documents and Settings\Admin\Local Settings\Temp\msscct32.dll => moved successfully
C:\Documents and Settings\Admin\Local Settings\Temp\Uninstall.exe => moved successfully
C:\Documents and Settings\Admin\Local Settings\Temp\YSearchUtil.dll => moved successfully
HKU\S-1-5-21-57989841-920026266-1801674531-1003_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3} => key removed successfully.
HKU\S-1-5-21-57989841-920026266-1801674531-1003_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3} => key removed successfully.
HKU\S-1-5-21-57989841-920026266-1801674531-1003_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160} => key removed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AimersoftUltimateFileOpreation => key removed successfully.
HKLM\Software\Classes\CLSID\{8E1459F9-DF5B-42A1-9217-32EDD944778F} => key removed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AimersoftVideoConverterFileOpreation => key removed successfully.
HKLM\Software\Classes\CLSID\{F16DACB1-B8EC-48EB-BE62-4D2DDB27B5CE} => key removed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WondershareVideoConverterFileOpreation => key removed successfully.
HKLM\Software\Classes\CLSID\{55D63393-DB17-4A2B-9052-15D85B4B1344} => key removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully..


The system needed a reboot.

==== End of Fixlog 19:14:10 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[learninmypc]

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows XP Service Pack 3 x86 (UAC is disabled!)
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.5
SUPERAntiSpyware
Adobe Flash Player 27.0.0.183
Mozilla Firefox (45.0.2)
Google Chrome (49.0.2623.112)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast aswidsagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````

 

[learninmypc]

Farbar Service Scanner Version: 27-01-2016
Ran by Admin (administrator) on 03-11-2017 at 04:22:45
Running from "C:\Documents and Settings\Admin\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(8)
0x0B00000005000000010000000200000003000000040000000D0000000900000007000000080000000C00000006000000
IpSec Tag value is correct.

**** End of log ****

 

[learninmypc]

Sophos Virus Removal Tool found nothing

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.