Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017 (
ATTENTION: ====> FRSTversion is 304 days old and could be outdated)
Ran by Admin (administrator) on WINXPBE-152403 (01-11-2017 16:13:28)
Running from E:\
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Documents and Settings\Admin\Local Settings\Application Data\Chromium\Application\chrome.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\WINDOWS\system32\TaskSwitch.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AimerSoft) C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Olof Lagerkvist) C:\WINDOWS\system32\imdsksvc.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [CoolSwitch] => C:\WINDOWS\system32\taskswitch.exe [45632 2002-03-19] ()
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2066432 2014-10-31] (AimerSoft)
HKLM\...\Run: [upgmsd_us_009010275.exe] => C:\Documents and Settings\Admin\Local Settings\Application Data\gmsd_us_009010275\upgmsd_us_009010275.exe -runhelper
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-26] (AVAST Software)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21] (ATI Technologies Inc.)
Winlogon\Notify\RailNotification: C:\WINDOWS\system32\winlogonnotification.dll [2009-08-19] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-19\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,BrowserChoiceGoo
HKU\S-1-5-19\...\RunOnce: [UP.1st_UserStart] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,1st_UserStart
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,BrowserChoiceGoo
HKU\S-1-5-20\...\RunOnce: [UP.1st_UserStart] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,1st_UserStart
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6844320 2017-10-17] (SUPERAntiSpyware)
HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\Policies\Explorer: [MaxRecentDocs] 18
HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\S-1-5-21-57989841-920026266-1801674531-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-57989841-920026266-1801674531-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmyst.scr [18944 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,BrowserChoiceGoo
HKU\S-1-5-18\...\RunOnce: [UP.1st_UserStart] => rundll32.exe advpack.dll,LaunchINFSection WINXPUP.inf,1st_UserStart
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MS .NET Framework 4 - WinXP Slow Boot Fix v3.1.vbs [2014-05-23] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2015-12-27]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{5A1324A4-25A4-4F90-B459-3EA54DF91DDC}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-57989841-920026266-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nwmeddnld_16_12¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtDtCyC0C0AtAtDtAtB0FyDtC0BtBtN0D0Tzu0StCyDyEtBtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0B0CyDtDyB0E0BtGtD0D0C0CtG0DyByDyBtGtB0AzztAtG0A0F0BzytDyE0F0AtCyEzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0B0B0EyB0EzyyEtG0D0B0CzztGyE0FyC0DtGzzyByC0DtGyE0EyE0C0EtBtC0AtDtDyDyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D2113460999%26a%3Dwncy_nwmeddnld_16_12%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKLM -> {66C68655-D58D-409E-846F-296E7366BAA4} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nwmeddnld_16_12¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtDtCyC0C0AtAtDtAtB0FyDtC0BtBtN0D0Tzu0StCyDyEtBtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0B0CyDtDyB0E0BtGtD0D0C0CtG0DyByDyBtGtB0AzztAtG0A0F0BzytDyE0F0AtCyEzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0B0B0EyB0EzyyEtG0D0B0CzztGyE0FyC0DtGzzyByC0DtGyE0EyE0C0EtBtC0AtDtDyDyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D2113460999%26a%3Dwncy_nwmeddnld_16_12%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> DefaultScope {66C68655-D58D-409E-846F-296E7366BAA4} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nwmeddnld_16_12¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtDtCyC0C0AtAtDtAtB0FyDtC0BtBtN0D0Tzu0StCyDyEtBtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0B0CyDtDyB0E0BtGtD0D0C0CtG0DyByDyBtGtB0AzztAtG0A0F0BzytDyE0F0AtCyEzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0B0B0EyB0EzyyEtG0D0B0CzztGyE0FyC0DtGzzyByC0DtGyE0EyE0C0EtBtC0AtDtDyDyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D2113460999%26a%3Dwncy_nwmeddnld_16_12%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://
www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a2a82eab&q={searchTerms}
SearchScopes: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> {66C68655-D58D-409E-846F-296E7366BAA4} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nwmeddnld_16_12¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtDtCyC0C0AtAtDtAtB0FyDtC0BtBtN0D0Tzu0StCyDyEtBtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0B0CyDtDyB0E0BtGtD0D0C0CtG0DyByDyBtGtB0AzztAtG0A0F0BzytDyE0F0AtCyEzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0B0B0EyB0EzyyEtG0D0B0CzztGyE0FyC0DtGzzyByC0DtGyE0EyE0C0EtBtC0AtDtDyDyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D2113460999%26a%3Dwncy_nwmeddnld_16_12%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> {D671275A-5E31-42B8-924E-2DDF8CC2EADB} URL = hxxps://duckduckgo.com/?q={searchTerms}&kp=-1
SearchScopes: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> {F83B7E7A-688A-47DA-A9E5-A40D9E15266B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSGN.dll => No File
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Toolbar: HKU\S-1-5-21-57989841-920026266-1801674531-1003 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll No File
Handler: WSAMVCUchrome - No CLSID Value -
Handler: WSWSVCUchrome - No CLSID Value -
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: enbf972l.default
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\enbf972l.default [2017-11-01]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\enbf972l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-12-27] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-01] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2009-11-12] (Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\local-settings.js [2014-04-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2015-01-13] <==== ATTENTION
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://
www.kiro7.com/"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: Default -> Search Module Plus
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-11-01]
CHR Extension: (Adguard AdBlocker) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-01]
CHR HKLM\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-57989841-920026266-1801674531-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-57989841-920026266-1801674531-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-30] (SUPERAntiSpyware.com)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-11-01] (Adobe Systems Incorporated) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5828816 2017-10-26] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-26] (AVAST Software)
R2 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [16480 2014-12-17] (Olof Lagerkvist)
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 nplus; "C:\Program Files\nplus\nplus.exe" /s iid=5770116 did=APSFInsTerra sid=6 ref=f57bfc41-b3d3-3899-dfd0-54ac0c1eaede-PolicyMac id=5ef55db1617f2a8984dcddfad9c22d08b9e4e8d1d97dd530a99618882851d09d [X]
S2 Update Primary Color; "C:\Program Files\Primary Color\updatePrimaryColor.exe" [X]
S2 Util Primary Color; "C:\Program Files\Primary Color\bin\utilPrimaryColor.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [255624 2017-10-26] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [157416 2017-10-26] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [276736 2017-10-26] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [50384 2017-10-26] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [42856 2017-10-26] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [124952 2017-10-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [70112 2017-10-26] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [70864 2017-10-26] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [783648 2017-10-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [499560 2017-10-26] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [203848 2017-10-26] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [297840 2017-10-26] (AVAST Software)
R2 AWEAlloc; C:\WINDOWS\System32\DRIVERS\awealloc.sys [17976 2014-12-17] (Olof Lagerkvist)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2015-11-19] () [File not signed]
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2009-08-18] (Microsoft Corporation)
S3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2007-04-26] (Conexant Systems, Inc.)
R2 ImDisk; C:\WINDOWS\System32\DRIVERS\imdisk.sys [36928 2014-12-17] (Olof Lagerkvist)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2016-01-04] (VSO Software) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SiS7018; C:\WINDOWS\System32\drivers\ac97sis.sys [297728 2001-08-17] (Silicon Integrated Systems Corp.)
R0 siside; C:\WINDOWS\System32\DRIVERS\siside.sys [4096 2003-03-25] (Silicon Integrated Systems Corp.)
R3 SISNICXP; C:\WINDOWS\System32\DRIVERS\sisnicxp.sys [32768 2006-02-14] (SiS Corporation)
S0 SISRAID; C:\WINDOWS\system32\Drivers\SISRAID.sys [48128 2015-03-20] (Silicon Integrated Systems) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2015-10-13] (Microsoft Corporation)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S4 IntelIde; no ImagePath
S1 MpKsl6132a2fa; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8B0EB168-2B9F-4B2D-A9ED-6D7166483E4B}\MpKsl6132a2fa.sys [X]
S3 SBFWIMCLMP; system32\DRIVERS\SBFWIM.sys [X]
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2009-05-14] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-01 16:12 - 2017-11-01 16:13 - 000000000 ____D C:\FRST
2017-11-01 15:21 - 2017-11-01 15:21 - 020731904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2017-11-01 15:21 - 2017-11-01 15:21 - 000000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-11-01 12:13 - 2017-11-01 12:14 - 498071552 _____ C:\Documents and Settings\Admin\Desktop\w2k3sp2_3959_usa_x64fre_spcd.iso
2017-10-29 18:53 - 2017-10-29 18:53 - 000008192 _____ C:\WINDOWS\REGLOCS.OLD
2017-10-29 10:22 - 2017-10-29 10:22 - 000000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2017-10-29 09:43 - 2017-10-29 09:43 - 000000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2017-10-29 09:43 - 2017-10-29 09:43 - 000000000 ____D C:\Program Files\Speccy
2017-10-29 09:43 - 2017-10-29 09:43 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2017-10-27 11:37 - 2004-01-01 00:00 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\ESET
2017-10-27 11:36 - 2017-10-27 11:36 - 006754944 _____ (ESET spol. s r.o.) C:\Documents and Settings\Admin\Desktop\esetonlinescanner_enu.exe
2017-10-27 11:31 - 2017-10-27 11:31 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MB3Migration
2017-10-27 11:30 - 2017-10-27 11:30 - 000000000 ____D C:\WINDOWS\pss
2017-10-27 10:43 - 2017-10-27 10:43 - 000028355 _____ C:\WINDOWS\Minidump\Mini102717-02.zip
2017-10-27 10:37 - 2017-10-27 10:37 - 000090112 _____ C:\WINDOWS\Minidump\Mini102717-02.dmp
2017-10-27 10:35 - 2017-10-27 10:43 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-27 10:35 - 2017-10-27 10:35 - 000090112 _____ C:\WINDOWS\Minidump\Mini102717-01.dmp
2017-10-27 09:20 - 2017-11-01 14:34 - 000000280 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2017-10-27 09:20 - 2017-10-27 09:20 - 000000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2017-10-27 09:20 - 2017-10-27 09:20 - 000000000 ____D C:\Program Files\CCleaner
2017-10-27 09:20 - 2017-10-27 09:20 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2017-10-27 08:51 - 2017-10-27 08:51 - 000000000 __SHD C:\WINDOWS\CSC
2017-10-27 08:26 - 2017-10-27 08:26 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-10-27 07:51 - 2017-11-01 11:17 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-10-27 07:51 - 2017-10-27 08:07 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2017-10-27 07:50 - 2017-10-27 07:50 - 000000718 _____ C:\Documents and Settings\All Users\Desktop\RogueKiller.lnk
2017-10-27 07:50 - 2017-10-27 07:50 - 000000000 ____D C:\Program Files\RogueKiller
2017-10-27 07:50 - 2017-10-27 07:50 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
2017-10-27 07:39 - 2017-10-27 07:39 - 000001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2017-10-27 07:32 - 2017-11-01 15:37 - 000000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-10-27 07:32 - 2017-11-01 14:34 - 000000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d34f305bac198a.job
2017-10-27 07:32 - 2017-11-01 14:34 - 000000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-10-26 21:01 - 2017-10-26 21:01 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Temp
2017-10-26 20:39 - 2017-10-26 20:40 - 000000000 ____T C:\WINDOWS\system32\mfs11.tmp
2017-10-26 20:39 - 2017-10-26 20:39 - 000000000 ____T C:\WINDOWS\system32\mfs10.tmp
2017-10-26 20:37 - 2017-10-27 08:26 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-26 20:25 - 2017-10-26 20:25 - 000000000 ____D C:\Program Files\GUM4.tmp
2017-10-26 20:12 - 2017-10-26 20:12 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\CEF
2017-10-26 20:12 - 2017-10-26 20:12 - 000000000 ____D C:\Documents and Settings\Admin\Application Data\AVAST Software
2017-10-26 20:11 - 2017-10-26 20:11 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2017-10-26 20:11 - 2017-10-26 20:11 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2017-10-26 20:11 - 2008-11-07 18:55 - 000016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2017-10-26 20:10 - 2017-11-01 14:34 - 000000356 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-10-26 20:10 - 2017-10-26 20:10 - 000921280 _____ (Microsoft Corporation) C:\WINDOWS\ucrtbase.dll
2017-10-26 20:10 - 2017-10-26 20:10 - 000783648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000499560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000304816 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-10-26 20:10 - 2017-10-26 20:10 - 000297840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000276736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000255624 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000203848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000157416 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000124952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000070864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000070112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000050384 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-10-26 20:10 - 2017-10-26 20:10 - 000042856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-10-26 20:09 - 2017-10-26 20:09 - 000000000 ____D C:\Program Files\AVAST Software
2017-10-26 20:08 - 2017-10-26 21:30 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-10-26 20:08 - 2017-10-26 20:08 - 000000039 _____ C:\Documents and Settings\Admin\Desktop\Stats.ini
2017-10-26 19:42 - 2017-11-01 11:15 - 000000000 ____D C:\Program Files\SpywareBlaster
2017-10-26 19:42 - 2017-11-01 11:15 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2017-10-26 19:42 - 2017-10-26 19:42 - 000000754 _____ C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
2017-10-26 19:42 - 2017-10-26 19:42 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2017-10-26 19:36 - 2017-10-26 19:36 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Admin\Desktop\JRT.exe
2017-10-26 19:15 - 2017-10-26 19:15 - 000001767 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
2017-10-26 19:15 - 2017-10-26 19:15 - 000001761 _____ C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
2017-10-26 19:15 - 2017-10-26 19:15 - 000000000 ____D C:\Program Files\Belarc
2017-10-26 19:15 - 2015-11-19 16:04 - 000003840 _____ C:\WINDOWS\system32\Drivers\BANTExt.sys
2017-10-26 18:55 - 2017-10-26 18:55 - 000000000 _____ C:\Documents and Settings\Admin\Desktop\TempWmicBatchFile.bat
2017-10-26 18:54 - 2017-10-26 18:54 - 000000000 ____D C:\SUPERDelete
2017-10-26 18:53 - 2017-10-26 18:53 - 000001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-10-26 18:53 - 2017-10-26 18:53 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2017-10-26 18:53 - 2017-10-26 18:53 - 000000000 ____D C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2017-10-26 18:52 - 2017-10-26 18:53 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-10-26 18:52 - 2017-10-26 18:52 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-01 16:13 - 2015-12-27 14:16 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Temp
2017-11-01 15:21 - 2015-12-27 16:19 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-11-01 15:21 - 2015-12-27 16:19 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-11-01 15:21 - 2015-12-27 16:19 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-11-01 15:21 - 2015-12-27 16:19 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-01 14:38 - 2015-12-27 08:08 - 000629834 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-01 14:34 - 2015-12-27 14:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-01 12:15 - 2015-12-27 14:16 - 000032564 _____ C:\WINDOWS\SchedLgU.Txt
2017-11-01 12:15 - 2015-12-27 14:16 - 000000178 ___SH C:\Documents and Settings\Admin\ntuser.ini
2017-11-01 12:15 - 2015-12-27 14:16 - 000000000 ____D C:\Documents and Settings\Admin
2017-11-01 10:45 - 2008-04-14 04:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-10-27 10:19 - 2015-12-27 07:59 - 000000000 ____D C:\WINDOWS\security
2017-10-27 09:21 - 2016-01-04 15:58 - 000000000 ____D C:\Documents and Settings\Admin\Application Data\Vso
2017-10-27 09:21 - 2015-12-29 19:52 - 000000000 ____D C:\Documents and Settings\Admin\Application Data\MPC-HC
2017-10-27 07:39 - 2016-03-22 11:45 - 000001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2017-10-27 07:39 - 2016-03-22 10:01 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Google
2017-10-27 07:37 - 2016-03-22 11:57 - 000000000 ____D C:\Program Files\Google
2017-10-27 06:13 - 2016-04-14 04:37 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-27 05:47 - 2016-04-12 22:26 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\32844c97
2017-10-26 20:28 - 2015-12-27 14:16 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2017-10-26 20:21 - 2016-04-05 10:47 - 000000000 ____D C:\WINDOWS\system32\SSL
2017-10-26 20:18 - 2015-12-27 16:33 - 000000000 ____D C:\Program Files\Unlocker
2017-10-26 20:17 - 2015-12-27 16:20 - 000000000 ____D C:\Program Files\7-Zip
2017-10-26 20:17 - 2015-12-27 16:20 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2017-10-26 20:11 - 2015-12-27 07:59 - 000000000 ____D C:\WINDOWS\inf
2017-10-26 19:52 - 2016-02-28 17:39 - 000000000 ____D C:\Program Files\Total Video Converter
2017-10-26 19:32 - 2015-12-27 18:13 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Adobe
2017-10-26 19:27 - 2016-04-05 10:47 - 000000000 ____D C:\Program Files\Win32_ComputerSystemProduct-1459878442---
2017-10-26 19:27 - 2016-03-23 10:08 - 000000000 ____D C:\Program Files\Qataleocri
2017-10-26 19:27 - 2016-03-22 22:07 - 000000000 ____D C:\Program Files\Racxoaksakw
2017-10-26 19:27 - 2015-12-29 19:12 - 000152886 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-10-26 19:27 - 2015-12-27 16:58 - 000393216 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
==================== Files in the root of some directories =======
2016-01-04 15:58 - 2016-01-04 15:58 - 000087608 _____ () C:\Documents and Settings\Admin\Application Data\inst.exe
2016-03-22 09:58 - 2016-03-22 09:58 - 000127488 _____ () C:\Documents and Settings\Admin\Application Data\Installer.dat
2016-01-04 15:58 - 2016-01-04 15:58 - 000007887 _____ () C:\Documents and Settings\Admin\Application Data\pcouffin.cat
2016-01-04 15:58 - 2016-01-04 15:58 - 000001144 _____ () C:\Documents and Settings\Admin\Application Data\pcouffin.inf
2016-01-04 15:58 - 2016-01-04 15:58 - 000000034 _____ () C:\Documents and Settings\Admin\Application Data\pcouffin.log
2016-01-04 15:58 - 2016-01-04 15:58 - 000047360 _____ (VSO Software) C:\Documents and Settings\Admin\Application Data\pcouffin.sys
2016-01-04 15:59 - 2016-01-27 12:42 - 000001057 _____ () C:\Documents and Settings\Admin\Application Data\vso_ts_preview.xml
Some files in TEMP:
====================
2010-11-18 11:27 - 2010-11-18 11:27 - 000587776 _____ (Igor Pavlov) C:\Documents and Settings\Admin\Local Settings\Temp\7za.exe
2016-01-30 16:49 - 2016-01-30 16:49 - 000071176 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\amazoncct.dll
2016-01-30 16:49 - 2016-01-30 16:49 - 000096288 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\cct.dll
2016-02-08 20:13 - 2016-02-08 20:13 - 014107008 _____ (Driver-Soft Inc. ) C:\Documents and Settings\Admin\Local Settings\Temp\DG_Setup_original.exe
2017-10-27 07:51 - 2016-01-29 20:21 - 000720384 _____ (Microsoft Corporation) C:\Documents and Settings\Admin\Local Settings\Temp\dllnt_dump.dll
2012-08-20 13:40 - 2012-08-20 13:40 - 002907752 _____ (Easeware ) C:\Documents and Settings\Admin\Local Settings\Temp\DriverEasy_Setup.exe
2016-03-25 07:52 - 2016-03-25 07:53 - 000616616 _____ (Sysinternals -
www.sysinternals.com) C:\Documents and Settings\Admin\Local Settings\Temp\F4.tmp.exe
2016-03-23 04:06 - 2016-03-23 04:06 - 000098414 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\io5.exe
2016-01-30 16:49 - 2016-01-30 16:49 - 000287120 _____ (Ask Partner Network) C:\Documents and Settings\Admin\Local Settings\Temp\JavaIC.dll
2016-01-30 16:49 - 2016-01-30 16:49 - 000331488 _____ (McAfee, Inc.) C:\Documents and Settings\Admin\Local Settings\Temp\msscct32.dll
2017-10-26 19:51 - 2016-03-23 10:07 - 000099898 _____ () C:\Documents and Settings\Admin\Local Settings\Temp\Uninstall.exe
2016-01-30 16:49 - 2016-01-30 16:49 - 000450328 _____ (Yahoo Inc.) C:\Documents and Settings\Admin\Local Settings\Temp\YSearchUtil.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================