# Still infected?



## Pearguy (May 14, 2011)

Hi Guys

A few weeks ago I returned home from a hospital stay to find my pc was playing up and I'm sure it had become infected.
The first sign of this was a centre-screen message box advising me that "ave.guard.exe has encountered a problem and needs to close..", or words to that effect. 
The message was almost impossible to dismiss and though I managed to get rid of it eventually it soon reappeared and I felt sure something was wrong.
Other symptoms were searches re-directed, programmes closing or suddenly failing to respond and malware tools failing to scan or download.The machine was noisy and slow and plagued with what I'm sure were fake update reminders. 
In adddition to XP I also have Linux Mint loaded on the same PC and, despite the alleged Linux invulnerability, it too seemed to be affected. Reading online suggested that this might indicate a rootkit so I tried to download Kaspersky's TDSSKiller but without success, I feel sure the virus was preventing it. 
But I did manage to download the program from a clean pc to a stick and it seemed to run ok the first time, although it was very quick. Results showed no sign of infection but the symptoms continued and I wonder if the virus could have faked the scan. Repeated attempts to scan again all failed.
I didn't use my pc much after that for a few weeks but I did run some other clean-up programs including AdwCleaner and Comodo; there were no 'positives' but I'm not convinced. 
As I type this my machine seems to be symptom-free and running fine but I can't yet trust it with sensitive information such as bank details.

Needless to say I should be very grateful for any help. Thanks in advance.


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz, x86 Family 15 Model 2 Stepping 9
Processor Count: 1
RAM: 2039 Mb
Graphics Card: Intel(R) 82865G Graphics Controller, 96 Mb
Hard Drives: C: Total - 24998 MB, Free - 6153 MB; D: Total - 61752 MB, Free - 51136 MB;
Motherboard: Hewlett-Packard, 085Ch
Antivirus: Avira Antivirus, Updated: Yes, On-Demand Scanner: Enabled


----------



## kevinf80 (Mar 21, 2006)

Hello and welcome to TSG,

My screen name is kevinf80, either that or Kevin is good for replies. Ok lets continue:

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:








*Google Chrome* - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.








Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.








*Mozilla Firefox* - Click the "Open Menu" button in the upper right-corner of the browser.







Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.








*Internet Explorer* - Click the Tools menu in the upper right-corner of the browser.







Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.


 On the *Settings* tab > *Detection and Protection* sub tab, *Detection Options*, tick the box *"Scan for rootkits"*.
 Under *Non-Malware Protection* sub tab Change *PUP* and *PUM* entries to *Treat detections as Malware*
 Click on the *Scan* tab, then click on *Scan Now >>* . If an update is available, click the *Update Now* button.
 A Threat Scan will begin.
 With some infections, you may or may not see this message box.

*'Could not load DDA driver'*

 Click 'Yes' to this message, to allow the driver to load after a restart.
 Allow the computer to restart. Continue with the rest of these instructions.
 When the scan is complete, click *Apply Actions*.
 *Wait for the prompt to restart the computer to appear*, then click on *Yes*.
 After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:


 Click on the *History* tab > *Application* Logs.
 Double click on the scan log which shows the Date and time of the scan just performed.
 Click *Export * > From export you have three options:

*Copy to Clipboard* - if seleted right click to your reply and select "Paste" log will be pasted to your reply
*Text file (*.txt)* - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
*XML file (*.xml)* - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

 Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply 

If Malwarebytes is not installed follow these instructions first:

Download *Malwarebytes Anti-Malware* to your desktop.

Double-click *mbam-setup * and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
 *Launch Malwarebytes Anti-Malware*
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click *Finish*. Follow the instructions above....

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

*Note*: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...


Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (*Addition.txt*). Please attach it to your reply.

Next,

Please download *RogueKiller* and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select *Run as Administrator* to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click *Scan* to scan the system.
When the scan completes select "Report", log will open. Close the program > *Don't Fix anything!*
Post back the report which should also be located here:

C:\Programdata\RogueKiller\Logs <-------- W7/8
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

Let me see those logs in your reply....

Thank you,

Kevin.....


----------



## Pearguy (May 14, 2011)

Hello Kevin

Thank you for the quick reply. I'm having problems with Malwarebytes; I shall try again to run it later this evening and will get back to you asap.


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, if Malwarebytes causes issues for you just miss that step out and continue...

Cheers,

Kevin...


----------



## Pearguy (May 14, 2011)

Ok, I think the Malwarebytes scan was successfully completed:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/07/2015
Scan Time: 22:25:44
Logfile: MBAM 2nd Scan.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.02.04
Rootkit Database: v2015.07.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: simon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309984
Time Elapsed: 1 hr, 18 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [a755db0169218aac14819afd3fc62bd5],

Registry Values: 1
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [a755db0169218aac14819afd3fc62bd5]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

FRST and RogueKiller results to follow


----------



## Pearguy (May 14, 2011)

The FRST scan log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by simon (administrator) on SIMON1 on 03-07-2015 00:00:39
Running from C:\Documents and Settings\simon\Desktop
Loaded Profiles: simon & (Available Profiles: simon)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Documents and Settings\All Users\Application Data\Avira\Antivirus\TEMP\SELFUPDATE\update.exe
(Avira Operations GmbH & Co. KG) C:\Documents and Settings\All Users\Application Data\Avira\Antivirus\TEMP\SELFUPDATE\updrgui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) D:\My Pictures\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\My Pictures\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-05-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [2729800 2011-01-25] (O&O Software GmbH)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2015-02-13] (RealNetworks, Inc.)
HKU\S-1-5-21-1844237615-1004336348-682003330-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1844237615-1004336348-682003330-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\sspipes.scr [610304 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1844237615-1004336348-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1844237615-1004336348-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\sspipes.scr [610304 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1844237615-1004336348-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1844237615-1004336348-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\sspipes.scr [610304 2008-04-14] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1844237615-1004336348-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1844237615-1004336348-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-1844237615-1004336348-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1844237615-1004336348-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-1844237615-1004336348-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1844237615-1004336348-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CCC7B461-3930-420F-B802-12A9EBE7673D}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\ph0pjuen.default-1415779564531
FF DefaultSearchEngine: DuckDuckGo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-27] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ [2013-07-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2015-02-13] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-02-13] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-27] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2015-02-13] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2015-02-13] (RealPlayer)
FF Extension: Ghostery - C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\ph0pjuen.default-1415779564531\Extensions\[email protected] [2015-02-13]
FF Extension: DuckDuckGo Plus - C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\ph0pjuen.default-1415779564531\Extensions\[email protected] [2015-02-13]
FF Extension: Turn Off the Lights - C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\ph0pjuen.default-1415779564531\Extensions\[email protected] [2014-12-09]
FF Extension: 1-Click YouTube Video Downloader - C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\ph0pjuen.default-1415779564531\Extensions\[email protected] [2015-02-16]
FF Extension: NoScript - C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\ph0pjuen.default-1415779564531\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-14]
FF Extension: Video DownloadHelper - C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\ph0pjuen.default-1415779564531\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-22]
FF Extension: Adblock Plus - C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\ph0pjuen.default-1415779564531\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-16]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-02-13]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\simon\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll No File
CHR Profile: C:\Documents and Settings\simon\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-20]
CHR Extension: (Please enter your password) - C:\Documents and Settings\simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-12-21]
CHR Extension: (Tampermonkey) - C:\Documents and Settings\simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-01-13]
CHR Extension: (Video Downloader professional) - C:\Documents and Settings\simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-02-18]
CHR Extension: (AdBlock) - C:\Documents and Settings\simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-21]
CHR Extension: (RealDownloader) - C:\Documents and Settings\simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-02-13]
CHR Extension: (Emoji Input) - C:\Documents and Settings\simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\immhpnclomdloikkpcefncmfgjbkojmh [2014-12-21]
CHR Extension: (Ghostery) - C:\Documents and Settings\simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-01-08]
CHR Extension: (Google Wallet) - C:\Documents and Settings\simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-20]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [815352 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1004032 2015-05-04] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; D:\My Pictures\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; D:\My Pictures\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2336072 2011-01-25] (O&O Software GmbH)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2002-08-14] (Adaptec)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [105864 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-05-09] (Avira Operations GmbH & Co. KG)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [121560 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-02] (Malwarebytes Corporation)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-05-09] (Avira GmbH)
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-03 00:00 - 2015-07-03 00:01 - 00019913 _____ C:\Documents and Settings\simon\Desktop\FRST.txt
2015-07-02 23:58 - 2015-07-02 23:59 - 00415232 _____ (Farbar) C:\Documents and Settings\simon\Desktop\FSS.exe
2015-07-02 23:57 - 2015-07-02 23:57 - 01636352 _____ (Farbar) C:\Documents and Settings\simon\Desktop\FRST.exe
2015-07-02 18:19 - 2015-07-02 18:19 - 00001281 _____ C:\Documents and Settings\simon\My Documents\MBAM 1st Scan.txt
2015-07-02 17:53 - 2015-07-02 17:53 - 00001607 _____ C:\WINDOWS\setupapi.log
2015-07-02 17:25 - 2015-07-02 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware Mk2
2015-07-02 17:17 - 2015-07-02 17:17 - 24345872 _____ (Malwarebytes Corporation ) C:\Documents and Settings\simon\Desktop\mbam-setup-2.1.8.1057.exe
2015-06-23 16:44 - 2015-06-23 23:30 - 00000000 ____D C:\Documents and Settings\simon\Desktop\CCE
2015-06-18 21:01 - 2015-06-18 21:04 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-03 00:01 - 2014-01-21 07:47 - 00000000 ____D C:\Documents and Settings\simon\Local Settings\Temp
2015-07-03 00:00 - 2015-05-06 01:28 - 00000000 ____D C:\FRST
2015-07-02 23:56 - 2014-11-09 11:04 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-02 23:48 - 2014-12-20 22:40 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-02 23:46 - 2014-07-01 16:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-02 22:18 - 2014-02-15 12:46 - 00000000 ____D C:\Documents and Settings\simon\My Documents\Notepad Notes
2015-07-02 18:32 - 2014-01-21 08:15 - 01152940 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-02 17:25 - 2015-05-05 21:13 - 00000657 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-30 16:48 - 2014-12-20 22:40 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-30 09:46 - 2014-01-21 07:46 - 00032578 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-27 16:54 - 2014-12-20 22:52 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-06-27 16:46 - 2014-01-31 12:40 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-27 16:46 - 2014-01-31 12:40 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-23 23:30 - 2015-05-04 16:07 - 00000278 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-1004336348-682003330-1003.job
2015-06-23 23:30 - 2001-08-23 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-23 23:29 - 2015-02-13 18:32 - 00000286 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-1004336348-682003330-1003.job
2015-06-23 23:25 - 2015-02-13 23:07 - 00000300 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1844237615-1004336348-682003330-1003.job
2015-06-23 23:25 - 2014-03-12 22:05 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-06-23 23:25 - 2014-01-21 07:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-23 23:25 - 2014-01-21 07:34 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-23 23:25 - 2014-01-21 07:34 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-06-23 23:22 - 2014-01-21 07:47 - 00000178 ___SH C:\Documents and Settings\simon\ntuser.ini
2015-06-23 23:22 - 2014-01-21 07:47 - 00000000 ____D C:\Documents and Settings\simon
2015-06-23 22:07 - 2015-02-13 23:07 - 00000326 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1844237615-1004336348-682003330-1003.job
2015-06-23 17:32 - 2015-02-06 23:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-18 08:41 - 2014-11-09 11:04 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-11-09 11:04 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-11 03:07 - 2014-02-13 13:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-11 03:00 - 2014-01-21 08:31 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 23:16 - 2015-02-13 23:07 - 00000308 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1844237615-1004336348-682003330-1003.job
2015-06-09 15:03 - 2014-03-12 22:05 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Files in the root of some directories =======

2014-01-22 07:37 - 2014-12-10 13:30 - 0071680 _____ () C:\Documents and Settings\simon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f32a5f38.exe
C:\Documents and Settings\simon\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\simon\Local Settings\Temp\Foxit Reader Updater.exe
C:\Documents and Settings\simon\Local Settings\Temp\gcapi_dll.dll
C:\Documents and Settings\simon\Local Settings\Temp\gtapi_signed.dll
C:\Documents and Settings\simon\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\simon\Local Settings\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

And the Addition txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by simon at 2015-07-03 00:02:11
Running from C:\Documents and Settings\simon\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1844237615-1004336348-682003330-500 - Administrator - Enabled)
Guest (S-1-5-21-1844237615-1004336348-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1844237615-1004336348-682003330-1000 - Limited - Disabled)
simon (S-1-5-21-1844237615-1004336348-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\simon
SUPPORT_388945a0 (S-1-5-21-1844237615-1004336348-682003330-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Out of date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

888poker (HKLM\...\888poker) (Version: - )
Adblock Plus for IE (32-bit) (HKLM\...\{80D9592D-BB3F-42A0-9907-C0C5A26BB43A}) (Version: 1.3 - Eyeo GmbH)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CloudReading (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
LibreOffice 4.1 Help Pack (English (United Kingdom)) (HKLM\...\{5286F9E3-8276-4405-89DA-C73398A3C8D4}) (Version: 4.1.4.2 - The Document Foundation)
LibreOffice 4.1.4.2 (HKLM\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
O&O Defrag Free Edition (HKLM\...\{E29CFB36-F070-4612-8DB5-7038161B6294}) (Version: 14.1.431 - O&O Software GmbH)
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Simple Sudoku 4.2 (HKLM\...\Simple Sudoku_is1) (Version: - )
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wise JetSearch 1.48 (HKLM\...\Wise JetSearch_is1) (Version: 1.48 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

15-05-2015 22:06:38 System Checkpoint
09-06-2015 16:27:36 System Checkpoint
11-06-2015 03:00:14 Software Distribution Service 3.0
13-06-2015 02:01:26 System Checkpoint
17-06-2015 14:21:56 System Checkpoint
18-06-2015 20:48:35 System Checkpoint
23-06-2015 22:01:36 System Checkpoint
27-06-2015 18:45:51 System Checkpoint
29-06-2015 18:27:43 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 13:00 - 2001-08-23 13:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1844237615-1004336348-682003330-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1844237615-1004336348-682003330-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1844237615-1004336348-682003330-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-1004336348-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-1004336348-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (Whitelisted) ==============

2013-04-16 04:07 - 2013-04-16 04:07 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2001-08-23 13:00 - 2008-04-14 06:41 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2001-08-23 13:00 - 2008-04-14 06:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-12-20 22:51 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-20 22:51 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-20 22:51 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2014-12-20 23:36 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\simon\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-12-20 23:36 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\simon\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-1844237615-1004336348-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\simon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-1844237615-1004336348-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\simon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-1844237615-1004336348-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\simon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Documents and Settings\simon\Local Settings\Temp\7zS1.tmp\SymNRT.exe] => Enabled:Norton Removal Tool
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2015 01:46:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application helper.exe, version 1.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00032a16.
Processing media-specific event for [helper.exe!ws!]

Error: (06/18/2015 11:58:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/18/2015 11:57:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/06/2015 02:10:57 AM) (Source: MsiInstaller) (EventID: 11704) (User: SIMON1)
Description: Product: Microsoft Security Client -- Error 1704. An installation for Avira is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (05/04/2015 08:31:42 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry2152759308unspecifiedscanfile4.5.216.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (05/04/2015 08:11:36 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 939557046.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (05/04/2015 08:11:19 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 939557046.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (05/04/2015 06:34:08 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1944) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/04/2015 06:34:08 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1944) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/04/2015 06:34:08 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1944) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).

System errors:
=============
Error: (07/02/2015 10:14:02 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Error: (07/02/2015 04:50:50 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.69 on the
Network Card with network address 000F20725971.

Error: (06/29/2015 04:22:43 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.68 on the
Network Card with network address 000F20725971.

Error: (06/27/2015 03:42:21 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.67 on the
Network Card with network address 000F20725971.

Error: (06/23/2015 11:25:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error: 
%%3

Error: (06/23/2015 11:25:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%3

Error: (06/23/2015 05:32:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error: 
%%3

Error: (06/23/2015 05:32:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%3

Error: (06/23/2015 05:32:53 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000243qozysh.sysHarddiskVolume4

Error: (06/23/2015 04:17:28 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.66 on the
Network Card with network address 000F20725971.

Microsoft Office:
=========================
Error: (06/20/2015 01:46:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: helper.exe1.0.0.0msvcrt.dll7.0.2600.551200032a16

Error: (06/18/2015 11:58:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: hh.exe5.2.3790.2453hungapp0.0.0.000000000

Error: (06/18/2015 11:57:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: hh.exe5.2.3790.2453hungapp0.0.0.000000000

Error: (05/06/2015 02:10:57 AM) (Source: MsiInstaller) (EventID: 11704) (User: SIMON1)
Description: Product: Microsoft Security Client -- Error 1704. An installation for Avira is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (05/04/2015 08:31:42 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry2152759308unspecifiedscanfile4.5.216.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (05/04/2015 08:11:36 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: 939557046

Error: (05/04/2015 08:11:19 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: 939557046

Error: (05/04/2015 06:34:08 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1944C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/04/2015 06:34:08 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1944C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/04/2015 06:34:08 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1944C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of memory in use: 84%
Total physical RAM: 2039.48 MB
Available physical RAM: 315.56 MB
Total Virtual: 3935.78 MB
Available Virtual: 978.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:24.41 GB) (Free:5.93 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:60.31 GB) (Free:49.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 76.3 GB) (Disk ID: E226E662)
Partition 1: (Active) - (Size=60.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1.8 GB) - (Type=82)
Partition 3: (Not Active) - (Size=14.3 GB) - (Type=83)

========================================================
Disk: 1 (Size: 37.3 GB) (Disk ID: 0BDC0BDB)
Partition 1: (Active) - (Size=24.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.8 GB) - (Type=83)
Partition 4: (Not Active) - (Size=7 MB) - (Type=01)

==================== End of log ============================


----------



## kevinf80 (Mar 21, 2006)

Download attached *fixlist.txt* file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download *AdwCleaner* by Xplode onto your Desktop.


 Double click on Adwcleaner.exe to run the tool.
 Click on Scan
 Once the scan is done, click on the *Clean button*. <<<--- Ensure this option is completed
 You will get a prompt asking to close all programs. Click OK.
 Click OK again to reboot your computer.
 A text file will open after the restart. Please post the content of that logfile in your reply.
 You can also find the logfile at C:\AdwCleaner[Sn].txt. Where *n* in the scan reference number

Next,








Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save *direct* to the *desktop*

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select *Quick* Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

*notepad c:\windows\debug\mrt.log*

Post those logs, also let me know if any remaining issues or concerns...

Thanks,

Kevin...


----------



## Pearguy (May 14, 2011)

Hi Kevin

Here is the RogueKiller report but I cannot locate FRST anywhere. I will keep looking..

RogueKiller V10.8.7.0 [Jun 29 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : simon [Administrator]
Started from : C:\Documents and Settings\simon\Desktop\RogueKiller (1).exe
Mode : Scan -- Date : 07/03/2015 00:53:26

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : Unknown @ 0xf7abf8fe
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[552] : Unknown @ 0xf7abf903

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Maxtor 6Y080L0 +++++
--- User ---
[MBR] e03bee9a9809aa509c9c6ddacc226150
[BSP] e54b62b6bec0dd07b9ed45fe4a257445 : Linux|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 61752 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] LINUX-SWP (0x82) [VISIBLE] Offset (sectors): 126470144 | Size: 1806 MB
2 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 130168832 | Size: 14608 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST340014AS +++++
--- User ---
[MBR] aef709cc60bd8566d864fc83ed839372
[BSP] 05f81b898a35c387bf4de4323758486b : Linux|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 24998 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 51202048 | Size: 13145 MB
3 - [XXXXXX] FAT12 (0x1) [VISIBLE] Offset (sectors): 10704960 | Size: 7 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!

============================================
RKreport_SCN_11132014_165916.log - RKreport_SCN_02162015_180545.log - RKreport_SCN_07032015_003705.log - RKreport_SCN_07032015_003754.log
RKreport_SCN_07032015_003832.log - RKreport_SCN_07032015_004244.log - RKreport_SCN_07032015_004745.log

Thank you for your continued support.


----------



## kevinf80 (Mar 21, 2006)

FRST is on your Desktop......


----------



## Pearguy (May 14, 2011)

Got it..

Fix result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by simon at 2015-07-03 01:23:07 Run:1
Running from C:\Documents and Settings\simon\Desktop
Loaded Profiles: simon & (Available Profiles: simon)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f32a5f38.exe
C:\Documents and Settings\simon\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\simon\Local Settings\Temp\Foxit Reader Updater.exe
C:\Documents and Settings\simon\Local Settings\Temp\gcapi_dll.dll
C:\Documents and Settings\simon\Local Settings\Temp\gtapi_signed.dll
C:\Documents and Settings\simon\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\simon\Local Settings\Temp\sqlite3.dll
Emptytemp:
End
*****************

"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
hpt3xx => Service removed successfully.
IntelIde => Service removed successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f32a5f38.exe => moved successfully.
C:\Documents and Settings\simon\Local Settings\Temp\avgnt.exe => moved successfully.
C:\Documents and Settings\simon\Local Settings\Temp\Foxit Reader Updater.exe => moved successfully.
C:\Documents and Settings\simon\Local Settings\Temp\gcapi_dll.dll => moved successfully.
C:\Documents and Settings\simon\Local Settings\Temp\gtapi_signed.dll => moved successfully.
C:\Documents and Settings\simon\Local Settings\Temp\Quarantine.exe => moved successfully.
C:\Documents and Settings\simon\Local Settings\Temp\sqlite3.dll => moved successfully.
EmptyTemp: => 4.3 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 01:26:14 ====

I'll continue with AdwCleaner and the other tools tomorrow.

Thanks again.


----------



## Pearguy (May 14, 2011)

Good morning
Here is the AdwCleaner logfile, JRT and MSRT results to follow:

# AdwCleaner v4.207 - Logfile created 03/07/2015 at 09:42:24
# Updated 21/06/2015 by Xplode
# Database : 2015-07-02.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : simon - SIMON1
# Running from : C:\Documents and Settings\simon\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\ph0pjuen.default-1415779564531\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v

-\\ Google Chrome v43.0.2357.130

*************************

AdwCleaner[R0].txt - [436 bytes] - [22/02/2015 17:32:47]
AdwCleaner[R1].txt - [914 bytes] - [26/02/2015 00:05:22]
AdwCleaner[R2].txt - [992 bytes] - [27/03/2015 13:56:19]
AdwCleaner[R3].txt - [1349 bytes] - [03/07/2015 09:36:33]
AdwCleaner[R4].txt - [1408 bytes] - [03/07/2015 09:41:23]
AdwCleaner[S0].txt - [979 bytes] - [26/02/2015 00:14:43]
AdwCleaner[S1].txt - [1057 bytes] - [27/03/2015 14:00:31]
AdwCleaner[S2].txt - [1339 bytes] - [03/07/2015 09:42:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1398 bytes] ##########


----------



## Pearguy (May 14, 2011)

JRT logfile:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.7 (07.02.2015:2)
OS: Microsoft Windows XP x86
Ran by simon on 03/07/2015 at 9:56:33.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\Documents and Settings\simon\Application Data\tuneup software

~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\simon\local settings\application data\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/07/2015 at 10:01:31.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Pearguy (May 14, 2011)

JRT logfile:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.7 (07.02.2015:2)
OS: Microsoft Windows XP x86
Ran by simon on 03/07/2015 at 9:56:33.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\Documents and Settings\simon\Application Data\tuneup software

~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\simon\local settings\application data\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/07/2015 at 10:01:31.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Pearguy (May 14, 2011)

MSRT didn't give the option to 'Run as administrator' so I just clicked 'Run'.


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon May 04 22:08:34 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon May 04 22:13:49 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.24, May 2015 (build 5.24.11401.0)
Started On Thu May 14 03:00:55 2015

Engine: 1.1.11602.0
Signatures: 1.197.1100.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 15:54:03 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.25, June 2015 (build 5.25.11502.0)
Started On Thu Jun 11 03:00:37 2015

Engine: 1.1.11701.0
Signatures: 1.199.892.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 11 03:07:56 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.25, June 2015 (build 5.25.11502.0)
Started On Fri Jul 03 10:09:31 2015

Engine: 1.1.11701.0
Signatures: 1.199.892.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 03 10:19:47 2015


Return code: 0 (0x0)


I'm afraid I forgot to disable Avira Real-time; please tell me if I need to re-scan.
A remaining concern is repeated Avira update reminders. I don't mean the usual pop-up that tries to persuade users to buy the pro version (I get those too) but a persistent window that calls itself 'Updater'. Not sure if it's genuine or a scam/virus symptom..
I'll check back with you later today.

Thank you.


----------



## kevinf80 (Mar 21, 2006)

If MSRT completed without crashing is ok that security was active, no need to run again....

From your installed program list I can see two (2) entries for Avira as follows:

Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)

Obviously the second one is your security, what is the first one, what does it do? Is that possibly the issue you refer to....


----------



## Pearguy (May 14, 2011)

Hm.. I really don't know about the extra Avira entry, whatever it is I'm sure it was nothing I installed on purpose. Do you think I should remove it? 'Add or Remove Programs' shows it as taking up only 0.75 MB and that it was apparently last used on 15th Feb, though I find Add/Remove info can't be relied upon. For example, it claims that Chrome was last used on 20/12/14 when I actually have it open right now.. 

I should tell you I'm pretty sure I also ran JRT without disabling Avira, though like MSRT it appeared to perform without a problem.

Another recent issue is that start-up takes longer than it used to (not really a drama) and I can no longer boot to Safe Mode for some reason. Since a lot of online DIY advice suggests running anti malware programs in Safe Mode I wondered if a virus was interfering with it.

Thanks again


----------



## kevinf80 (Mar 21, 2006)

If you do not what that proram is, or where it came from i`d remove it. If there are problems with the uninstall use the following:

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on *Program name* to highlight that entry.

Select *Action* from the Menu bar, then *Uninstall* from there follow the prompts.

If *Uninstall* fails open the "Action" menu one more time and use "Force Removal" option

Next,

For the Safe mode issue i`ve attached *SafeBoot-for-Windows-XP-SP3.zip* download and unzip the file to your Desktop, you will now have a registry key of the same name on your Desktop. Double left click on the reg key, agree any alerts or merges. Re-boot when complete.
That will copy the safe mode reg keys back to the registry, try safe mode, does it now work?

Let me know if any remaining issues or concerns....

Thanks,

Kevin...


----------



## Pearguy (May 14, 2011)

Morning Kevin

Ok, I removed the spare Avira entry. I wondered if this would now prevent the persistent 'Updater' window from opening but it was soon back. I decided to allow it to run to see if that would stop it nagging and will keep you posted on that.

The safe mode zip appeared to run successfully - I got a message saying 'finished' (or something similar) - but there is no visible registry key on the desktop. Should I run it again?

Other remaining issues include:
Very slow start-up, by which I mean the whole process from pressing the 'on' button to being able to access emails. It used to take maybe 3 - 4 minutes, now it's more like 10 or 15, during which time the fan is very noisy and cpu usage shows as being 90 - 100%. Could this be just because it's an old machine? In the past I've found that running CCleaner can improve things but I shan't take any action without your approval.
Additionally Avira now takes several minutes to activate, this is both before and after the update I let it perform earlier today. Do you think this a risk? I've read that some viruses delay real-time protection start up while they do their dirty work.

Malwarebytes sometimes opens without prompting. This was a frequent occurrence when the other issues (listed in my OP) first started, now less so, but still happening. Usually occurs just after I open some other program or tab.


I could live with these issues if necessary (it's an old machine after all) but it would be good if they could be fixed, or at least to know that the cause is nothing to worry about.

Thank you


----------



## kevinf80 (Mar 21, 2006)

You not not run *SafeBoot-for-Windows-XP-SP3.zip* the zip file needs to be unzipped (extracted) to your Desktop. When that is done you will have a .reg file named *SafeBoot-for-Windows-XP-SP3.reg* it will look like the following:



Double click on that reg file, agree any alerts or merges. When done re-boot and check to see if safe mode now works....

Next,

Run the system in a Clean Boot mode, basically all non MS services are disabled, see how it runs in that mode. Any services that effect internet connection or security will need to be left active....

Click Start, click Run, type msconfig, and then click OK.

The System Configuration Utility dialog box is displayed.

We now need to configure selective startup options:


 In the *System Configuration Utility* dialog box, click the *General tab*, and then click *Selective Startup*.
 Click to clear the *Process SYSTEM.INI File* check box.
 Click to clear the *Process WIN.INI File* check box.
 Click to clear the *Load Startup Items check box*. Verify that *Load System Services* and *Use Original BOOT.INI* are checked.
 Click the Services tab.
 Click to select the *Hide All Microsoft Services* check box.
 Click *Disable All*, and then click *OK*. this will disable none MS services.
 When you are prompted, click Restart to restart the computer.

When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

How does the system respond in that mode?

Thanks,

Kevin...


----------



## Pearguy (May 14, 2011)

That little icon is on the desktop, it's named 'SafeBoot-for-Windows-XP-SP3.reg' .Double clicking produces a registry editor box asking if I'm sure I want to add the contents to the registry. Clicking 'yes' brings up another message saying that it was successfully done, but I've performed the action twice and still unable to boot to safe mode (pressing F8 repeatedly on start-up). 

Also being frustrated on the System Configuration actions. Very easy to follow your clear instructions but at the end I get an 'Access denied' message telling me I may have to login as administrator, but I thought I already was by default?
Additionally, an Avira pop-up tells me that Avira 'blocked an attempt to access the registry' - which suggests that no changes would be made - so I disabled RealTime protection but the same 'access denied' message came up, likewise the same Avira pop-up. However, there is also another contradictory message that I have to restart my computer for some of the changes to take effect. 
Should I restart anyway and see if anything happens, despite being denied access?


----------



## kevinf80 (Mar 21, 2006)

Read the following link before we continue and run Combofix:

*ComboFix usage, Questions, Help? - Look here*

Next,

Download Combofix from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## Pearguy (May 14, 2011)

Hi Kevin
Combofix seemed to perform without problems, the only minor issue was that I didn't get any option to 'run as administrator' so I simply clicked 'run'. Here is the log:

ComboFix 15-07-05.01 - simon 06/07/2015 10:37:58.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1546 [GMT 1:00]
Running from: c:\documents and settings\simon\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET193.tmp
c:\windows\system32\SET198.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-06-06 to 2015-07-06 )))))))))))))))))))))))))))))))
.
.
2015-07-03 21:31 . 2015-07-03 21:31	--------	d-----w-	c:\documents and settings\simon\Application Data\Geek Uninstaller
2015-07-03 21:26 . 2015-07-03 21:26	--------	d-----w-	C:\OETemp
2015-07-03 08:56 . 2015-07-03 08:56	--------	d-----w-	C:\RegBackup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-06 09:12 . 2014-11-09 10:04	98520	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-04 10:02 . 2014-05-15 23:10	37896	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2015-07-04 10:02 . 2014-05-15 23:10	136728	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-07-04 10:02 . 2014-05-15 23:10	108448	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-07-02 23:43 . 2014-11-13 16:52	35064	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2015-06-27 15:46 . 2014-01-31 11:40	778416	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-06-27 15:46 . 2014-01-31 11:40	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-18 07:41 . 2014-11-09 10:04	121560	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 07:41 . 2014-11-09 10:04	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-05-04 09:27 . 2015-05-04 09:27	326	----a-w-	c:\windows\system32\PerfStringBackup.TMP
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-07-04 730416]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-25 2729800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2015-07-04 09:59	730416	----a-w-	c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 05:42	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 09:32	77824	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 09:36	114688	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 09:35	94208	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:42	1695232	----a-w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2011-01-25 11:41	2729800	----a-w-	c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2015-02-13 17:30	295512	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [16/05/2014 00:10 37896]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16/05/2014 00:11 450808]
R2 MBAMScheduler;MBAMScheduler;d:\my pictures\Malwarebytes Anti-Malware\mbamscheduler.exe [02/07/2015 17:24 1871160]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25/01/2011 12:41 2336072]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [16/04/2013 04:07 39056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09/11/2014 11:04 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [09/11/2014 11:04 98520]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [23/03/2015 14:38 825136]
S2 MBAMService;MBAMService;d:\my pictures\Malwarebytes Anti-Malware\mbamservice.exe [02/07/2015 17:24 1133880]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [09/11/2014 11:04 121560]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12/11/2014 23:29 27064]
S4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [16/05/2014 00:10 1187336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-27 15:51	990024	----a-w-	c:\program files\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-28 15:47]
.
2015-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-20 21:39]
.
2015-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-20 21:39]
.
2015-07-06 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-10 01:59]
.
2015-06-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-10 01:59]
.
2015-07-03 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1844237615-1004336348-682003330-1003.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16 03:09]
.
2015-07-06 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1844237615-1004336348-682003330-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 03:07]
.
2015-06-10 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1844237615-1004336348-682003330-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 03:07]
.
2015-07-06 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-1004336348-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 12:45]
.
2015-07-06 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-1004336348-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 12:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\simon\Application Data\Mozilla\Firefox\Profiles\ph0pjuen.default-1415779564531\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-07-06 10:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2015-07-06 10:49:15
ComboFix-quarantined-files.txt 2015-07-06 09:48
.
Pre-Run: 10,700,734,464 bytes free
Post-Run: 10,679,275,520 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - DAA24B831B2E8C595B562B651351992C
398D826556BBA78EA006382933F9F481

Thank you


----------



## kevinf80 (Mar 21, 2006)

1. Close any open browsers.

2. *Close/disable all anti virus and anti malware programs* so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
ClearJavaCache::
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

Next,








* Scan with ESET Online Scanner*

This step can only be done using *Internet Explorer*, *Google Chrome* or *Mozilla Firefox*.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit *ESET Online Scanner* website.

Click there *Run ESET Online Scanner*.

If using *Internet Explorer*:


Accept the Terms of Use and click *Start*.
Allow the running of add-on.
If using *Mozilla Firefox* or *Google Chrome*:

Download *esetsmartinstaller_enu.exe* that you'll be given link to.
Double click *esetsmartinstaller_enu.exe*.
Allow the Terms of Use and click *Start*.
To perform the scan:

Make sure that *Remove found threats* is *Checked*.
*Scan archives* is *checked*.
In Advanced Settings: *Scan for potentially unwanted applications*, *Scan for potentially unsafe applications* and *Enable Anti-Stealth technology* are *checked*.
Under Enable Stealth Technology select Change select any extra drives in that window.
Click *Start*
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. *This may take several hours.* Please, be patient.
*Do not do anything on your machine as it may interrupt the scan*.
When the scan is done, click *Finish*.
A logfile will be created at *C:\Program Files (x86)\ESET\ESET Online Scanner*. Open it using *Notepad*.

Please include this logfile in your next reply.

Don't forget to re-enable protection software!

Post those logs....

Thank you,

Kevin


----------



## Pearguy (May 14, 2011)

Here is the requested ComboFix log. Unfortunately the ESET scan hung at 28% of stage three for ages. I stopped it (expecting to be able to start it again) in the hope that this might get it moving again but instead it finished. I will try to run it again. 
Thank you for your continued support and clear instructions.

ComboFix 15-07-05.01 - simon 06/07/2015 22:47:02.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1564 [GMT 1:00]
Running from: c:\documents and settings\simon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\simon\Desktop\CFScript.txt
AV: Avira Antivirus *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2015-06-06 to 2015-07-06 )))))))))))))))))))))))))))))))
.
.
2015-07-03 21:31 . 2015-07-03 21:31	--------	d-----w-	c:\documents and settings\simon\Application Data\Geek Uninstaller
2015-07-03 21:26 . 2015-07-03 21:26	--------	d-----w-	C:\OETemp
2015-07-03 08:56 . 2015-07-03 08:56	--------	d-----w-	C:\RegBackup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-06 20:55 . 2014-11-09 10:04	98520	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-04 10:02 . 2014-05-15 23:10	37896	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2015-07-04 10:02 . 2014-05-15 23:10	136728	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-07-04 10:02 . 2014-05-15 23:10	108448	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-07-02 23:43 . 2014-11-13 16:52	35064	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2015-06-27 15:46 . 2014-01-31 11:40	778416	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-06-27 15:46 . 2014-01-31 11:40	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-18 07:41 . 2014-11-09 10:04	121560	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 07:41 . 2014-11-09 10:04	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-05-04 09:27 . 2015-05-04 09:27	326	----a-w-	c:\windows\system32\PerfStringBackup.TMP
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-07-04 730416]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-25 2729800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2015-07-04 09:59	730416	----a-w-	c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 05:42	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 09:32	77824	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 09:36	114688	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 09:35	94208	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:42	1695232	----a-w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2011-01-25 11:41	2729800	----a-w-	c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2015-02-13 17:30	295512	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [16/05/2014 00:10 37896]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16/05/2014 00:11 450808]
R2 MBAMScheduler;MBAMScheduler;d:\my pictures\Malwarebytes Anti-Malware\mbamscheduler.exe [02/07/2015 17:24 1871160]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25/01/2011 12:41 2336072]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [16/04/2013 04:07 39056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09/11/2014 11:04 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [09/11/2014 11:04 98520]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [23/03/2015 14:38 825136]
S2 MBAMService;MBAMService;d:\my pictures\Malwarebytes Anti-Malware\mbamservice.exe [02/07/2015 17:24 1133880]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [09/11/2014 11:04 121560]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12/11/2014 23:29 27064]
S4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [16/05/2014 00:10 1187336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-27 15:51	990024	----a-w-	c:\program files\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-28 15:47]
.
2015-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-20 21:39]
.
2015-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-20 21:39]
.
2015-07-06 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-10 01:59]
.
2015-06-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-10 01:59]
.
2015-07-03 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1844237615-1004336348-682003330-1003.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16 03:09]
.
2015-07-06 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1844237615-1004336348-682003330-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 03:07]
.
2015-06-10 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1844237615-1004336348-682003330-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 03:07]
.
2015-07-06 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-1004336348-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 12:45]
.
2015-07-06 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-1004336348-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 12:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\simon\Application Data\Mozilla\Firefox\Profiles\ph0pjuen.default-1415779564531\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-07-06 22:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2015-07-06 22:57:37
ComboFix-quarantined-files.txt 2015-07-06 21:57
ComboFix2.txt 2015-07-06 09:49
.
Pre-Run: 10,629,980,160 bytes free
Post-Run: 10,621,251,584 bytes free
.
- - End Of File - - 9DD08C2A1538DC72CC9F1B8EE550B571
398D826556BBA78EA006382933F9F481


----------



## Pearguy (May 14, 2011)

Ok, it took a while but the ESET scan finally completed. 

[email protected] as downloader log:
all ok
[email protected] as downloader log:
all ok
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2b3ef0e37d89804898849480bdc3b576
# engine=21002
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-09 11:37:47
# local_time=2014-11-09 11:37:47 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 10568 15902465 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 19042611 38509861 0 0
# scanned=52185
# found=9
# cleaned=9
# scan_time=1594
sh=A20C92C9A0F2DB8F19A4BF9B10174AC32D3428BF ft=1 fh=c71c0011611a890e vn="a variant of Win32/AdWare.MultiPlug.BN application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\shopndrop\eUyRVzgnVtkbP7.dll.vir"
sh=8172654BCB3456935D304504F8EF20B47AD463BA ft=1 fh=d744aea5d58197f1 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\All Users\Application Data\Avira\My Avira\Temp\antivirus.exe"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\simon\Local Settings\Temp\77626218.Uninstall\uninstaller.exe"
sh=16DF912F96438033B4065294B934738DBC9072DF ft=1 fh=5d1f954a634f269a vn="a variant of Win32/OptimizerEliteMax.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\simon\Local Settings\Temp\is765589038\181F6EF7_stp\OptimizerPro.exe"
sh=E5E4E3DF67EF76B47C8993AC1F35236577124934 ft=1 fh=b4ebd1af99768d94 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\simon\Local Settings\Temp\is765589038\542330E9_stp\termtutor-setup-1.9.0.8.exe"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\simon\Local Settings\Temp\is765589038\5D4B7A38_stp\uninstaller.exe"
sh=B9A96D9AE94C4B42CA5499933F6DF218B3903768 ft=1 fh=966b3592656dc188 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\RECYCLER\S-1-5-21-1844237615-1004336348-682003330-1003\Dc41.exe"
sh=85C2E758DADB8A93064CA5CEDF96BC69C021B84C ft=1 fh=1f9bbc275addc6d3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\RECYCLER\S-1-5-21-1844237615-1004336348-682003330-1003\Dc53.exe"
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2b3ef0e37d89804898849480bdc3b576
# end=init
# utc_time=2015-07-06 10:06:56
# local_time=2015-07-06 11:06:56 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
Update Init
Update Download
Update Finalize
Updated modules version: 24671
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2b3ef0e37d89804898849480bdc3b576
# end=updated
# utc_time=2015-07-06 10:13:44
# local_time=2015-07-06 11:13:44 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2b3ef0e37d89804898849480bdc3b576
# engine=24671
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-06 10:36:48
# local_time=2015-07-06 11:36:48 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=7495
# found=0
# cleaned=0
# scan_time=1383
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2b3ef0e37d89804898849480bdc3b576
# end=init
# utc_time=2015-07-06 10:44:06
# local_time=2015-07-06 11:44:06 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 24671
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2b3ef0e37d89804898849480bdc3b576
# end=updated
# utc_time=2015-07-06 10:44:49
# local_time=2015-07-06 11:44:49 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2b3ef0e37d89804898849480bdc3b576
# engine=24671
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-06 11:57:57
# local_time=2015-07-07 12:57:57 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=43821
# found=0
# cleaned=0
# scan_time=4388


----------



## kevinf80 (Mar 21, 2006)

What is the current status of your system, are there any remaining issues or concerns...


----------



## Pearguy (May 14, 2011)

System is currently running without apparent major problems, although there are several comparatively minor issues

Fan very noisy on start-up; this continues for 15 - 20 minutes before it quiets down.

Noisy fan often starts up when pc is in power -down mode, i.e. when I've left it on but been away from the keyboard for an hour or so. When this happens CPU usage is usually between 90 - 100%

I now appear to be able to boot into Safe Mode but unable to login as administrator - for some reason my password is no longer accepted.

Every so often Malwarebytes still opens unprompted. Easy to dismiss with a click but curious as to why it's happening

I found a huge text file in 'Downloads'. It's in code or script so I have no idea what it is or if I should delete it. 
It's titled "Unconfirmed 992098.crdownload" . Too long to insert here so this is a VERY small extract:

$ ©¤·UíÅÙíÅÙíÅÙä½LøÅÙä½]ÆÅÙä½Z‰ÅÙä½JàÅÙíÅØlÅÙä½SÿÅÙó-MìÅÙä½HìÅÙRichíÅÙ PE L %ÚºO à  Ö ‰ ,ó  ð @     P‹  HC‹  @      Ô2 Œ  Hˆ îŠ ¸ ‹ X @ò  H @ ð ì .text wÔ  Ö  `.rdata ÚM ð N Ú @ @.data C @  ( @ À.rsrc Hˆ  ˆ < @ @.reloc * ‹ " ÌŠ @ B ‹QÿÀðA ÃÌÌÌÌÌÌ‹Qÿ ðA ÃÌÌÌÌÌÌjÿháA d¡ P¸p  è8" ¡xBB 3Ä‰„$l  SUVW¡xBB 3ÄP„$„  d£ ‹„$"  ‹ñ‰t$‰D$ ÇD$ èL L$HèêL ½ 9hr‹@ëƒÀ‹¼ðA j h€ jj jh €PÿÓ‹ø‰|$DÇ„$Œ  9l$`r
‹L$LQè*Ü ƒÄ3ÒÇD$` ÇD$\ f‰T$Lƒÿÿu"ÿ¸ðA PL$,è]R ƒÄh0(B D$,PèVä F‰D$9nr‹ j h€ jj j h @PÿÓ‹ð‰t$$Æ„$Œ  ƒþÿu"ÿ¸ðA PL$,èR ƒÄh0(B L$,Qèþã ‹-pðA j T$Rh  „$Œ PWÿÕ…ÀtB‹´ðA ‹D$…Àt.j L$QP"$Œ RVÿÓj D$Ph  Œ$Œ QWÿÕ…ÀuÊ‹¼ðA V‹5ÀðA ÿÖWÇ„$  ÿÿÿÿÿÖ‹T$‹D$¾ 9rr‹ j PÿtðA ‰D$…Àu"ÿ¸ðA PL$,èDQ ƒÄh0(B L$,Qè=ã ‹D$ 9pr‹@ëƒÀj h€ jj jh €PÿÓ‹ð‰t$$Ç„$Œ   ƒþÿu"ÿ¸ðA PL$,èæP ƒÄh0(B T$,Rèßâ j Vÿ ðA ‹øWèÎ ƒÄj ‹ØD$PWSVÿÕ…À„¦ 9|$…œ W‹|$Sh  jej
Wÿ$ðA …Àu"ÿ¸ðA PL$,èvP ƒÄh0(B L$,Qèoâ j Wÿ(ðA …Àu"ÿ¸ðA PL$hèGP ƒÄh0(B T$hRè@â VÿÀðA 3À‹Œ$„  d‰
Y_^][‹Œ$l  3Ìè"Õ Ä|  Ãÿ¸ðA PL$hèôO ƒÄh0(B D$hPèíá ÌÌ€x t
‹@PèHÕ YÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌQS‹\$ƒ; „¤ UV‹t$‹F+F n;‰D$WÇD$ € D$ r‹Ã8 € vD$‹ ‰…Àu3ÿëPè à ƒÄ‹ø‹N‹N PQWèh	 ‹T$(‰:‹F~èeH Û‹…É}ÜÐB ‹U ÛE …Ò}ÜÐB ÞùƒÄ‹ðÙ\$$ÙD$$Ù$èàL _^]3À[YÃÌÌÌÌÌÌÌÌQS‹\$UV‹t$‹F+F n;‰D$WÇD$ € D$r‹Ã8 € vD$‹ ‹L$P‰‹FF PQèÂ ‹V ‹F~èÀG Û‹…É}ÜÐB ‹U ÛE …Ò}ÜÐB ÞùƒÄ‹ðÙ\$ÙD$Ù$è;L _^]3À[YÃÌÌÌ‹D$‹H ‹T$Ê;Hv¸ Ã‰H 3ÀÃÌÌU‹ìƒäøQ‹UƒêS‹]V‹3W‹{‹Î‹Çtƒêu‹E‹H3À+ÎÇë‹U‹R ÊƒÐ ‹U‹r3Ò;Â$|;Îw…À|…Ér‹U‰J ‰C‰3À_^[‹å]Ã_^¸ [‹å]ÃÌÌÌÌÌÌÌÌjÿhâA d¡ Pì  ¡xBB 3Ä‰„$ü SUVW¡xBB 3ÄP„$ d£ 3Û‰œ$ 3Àf‰D$4j¸8B t$4ÇD$L ‰\$Hèy ‹„$8 pÿ;ðvèÚÖ ‹„$( ¿ 9¼$< s„$( ·pT$‰L$RL$4è4 ƒøÿ"D$9|$Hr
‹D$4Pè× ƒÄ8\$tj[email protected]B „$, èà èûE ‹5daB j
jeVÿ,ðA ‹ø;ûu"ÿ¸ðA PL$4è´L ƒÄh0(B L$4Qè*Þ WVÿ0ðA ‹è;ëu"ÿ¸ðA PL$4è„L ƒÄh0(B T$4Rè}Þ WVÿ4ðA U‹ðÿ8ðA ;Ãu"ÿ¸ðA PL$4èML ƒÄh0(B D$4PèFÞ ¹ð[email protected] ‰L$L‰L$X¹[email protected] ‰L$P‰L$\ÇD$d*@ ÇD$h @ ÇD$l`@ ÇD$p @ ‰D$x‰\$|‰´$€ ˆ\$t‰œ$„ Æ„$ èš[ L$dQ"$Œ RT$`L$T‰œ$ ‰œ$" ‰œ$˜ ‰œ$œ ‰œ$* ‰œ$¤ ‰œ$¨ ‰œ$¬ ‰œ$À ‰œ$Ä ‰œ$È ‰œ$Ì ‰œ$Ð ‰œ$Ô ‰œ$Ø è‡~ ƒÄ;Ãt-|$L„$ˆ èà] ¸HB L$0è² h0(B D$4Pè.Ý ‰\$`‰\$,‰\$T‰\$9œ$¤ †, ‹¬$˜ ƒÅ‰l$ ë
› ‹l$ ‹D$Œ$ø "$ˆ ‰\$$‰\$(è*u h Œ$ Qh "$ RSSS„$ SPè$Ð Œ$$ Q"$  h Rè*Ò „$0 ƒÄ0Pf‹ƒÀf;Ëuõ+ÂÑø‹Ð„$  pf‹ƒÀf;ËuõŒ$ Q+Æ¹ +ÊÑøQ"D  RèÖÑ „$0 Pœ$ [email protected]èl ¿ ƒÄ9xr‹@ëƒÀj h€ jj j h @Pÿ¼ðA ‹ð‰´$Ø Æ„$ 9|$Hr
‹L$4QèîÓ ƒÄ3ÒÇD$H ÇD$D f‰T$4ƒþÿ„5 ‹] ‹md$ ‹ÃÅ„ L$XQT$PRD$0PL$0QT$dR‹T$0[email protected]L$xQR„$„ P„$¬ èj€ ƒÄ$…À… ‹T$,‹|$(P‰D$‹D$(L$QWÂPVÿ´ðA …À„ü ‹D$;Ç…ð +ØƒÝ è0B è›B éfÿÿÿVÆ„$  ÿÀðA ‹D$ƒD$ @3Û‰D$;„$¤ ‚êýÿÿ|$L„$ˆ èj[ 8\$tt
‹L$xQè1Î ƒÄƒ¼$< r‹"$( RèÁÒ ƒÄ‹Œ$ d‰
Y_^][‹Œ$ü 3Ìè"Í Ä Ãÿ¸ðA PŒ$à èbH ƒÄh0(B Œ$à QèXÚ ¸B Œ$Ü è¼ h0(B "$à Rè5Ú ÿ¸ðA PŒ$à èH ƒÄh0(B „$à Pè
Ú ÌÌjÿh§àA d¡ Pì´ ¡xBB 3Ä‰„$° SUVW¡xBB 3ÄP„$È d£ 3Û‰\$3Àf‰D$lj¸èB t$lÇ„$„  ‰œ$€ è¶ ‰œ$Ð ‰\$‹ÎQhøB |$(Æ„$Ø è‚ ¿ ƒÄ9xr‹@ëƒÀ‹-ðA T$Rh  SPh €ÿÕ‹ð9|$8r
‹D$$PèSÑ ƒÄƒþuwL$hQhPB |$(è' ƒÄƒxr‹@ëƒÀT$Rh  3ÿWPh €ÿÕƒ|$8‹ðr
‹D$$PèÿÐ ƒÄƒþu%‹L$Qÿ ðA ƒ¼$€ ‚N ‹T$lRé< 3ÿ;÷tVL$$è£F ƒÄh0(B D$$PèœØ ½@ UŒ$ˆ WQ‰l$$èiú ‹L$ ‹5ðA ƒÄT$R„$ˆ PWWhÀB QÿÖ;Çt#=ê tPL$$è@F ƒÄh0(B T$$Rè9Ø ƒ|$…' 9¼$„ „… U„$ˆ WP‰l$$èóù ‹D$ ƒÄL$Q"$ˆ RWWhÐB PÿÖ;Çt=ê u‹L$;ÍuPL$$èÈE ƒÄh0(B L$$QèÁ× ‰|$<‰|[email protected]‰|$DÑé3Ò¼$„ ƒïf‰"L„ 3í‹ÿwj.Vè-Í ‹øƒÄ…ÿt:‹L$QWT$(3ÀR‹ÎÇD$D Ç[email protected] f‰D$0ès D$ Æ„$Ð ƒËë‹ÆL$Lè· Ç„$Ð  ƒËP‰\$ èï ƒÄ‰D¬<öÃtƒãýL$L‰\$èó Ç„$Ð  öÃtƒãþL$ ‰\$èÓ …ÿt
Eƒý‚Eÿÿÿƒ|$<uƒ|[email protected]u|$D	x |³ë2Û‹D$Pÿ ðA ƒ¼$€ r
‹L$lQè¹Î ƒÄŠÃë$‹T$Rÿ ðA ƒ¼$€ r
‹D$lPè"Î ƒÄ2À‹Œ$È d‰
Y_^][‹Œ$° 3ÌècÉ ÄÀ ÃÌÌÌÌÌU‹ìƒäøjÿh!àA d¡ Pìð SVW¡xBB 3ÄP„$  d£ ‹ù‹G3É@º ÷âÁ÷ÙÈQè@Á ƒÄƒ‹ðr‹GëG‹PGWVèuË ƒÄjD3ÿ„$¸ WPè®÷ ƒÄL$Q"$¸ RWWWWWW3ÀVW‰D$<‰[email protected]‰D$D‰D$Hÿ<ðA V…ÀuèûÈ ƒÄÿ¸ðA PŒ$œ ènC ƒÄ‰D$$‹EP‰¼$ hèB |$hè^ P»àB ´$ˆ Æ„$ è„ ƒÄ‹L$$QP|$0Æ„$ èê ƒÄh0(B ‹×RèÕ è|È ‹D$‹[email protected]ðA ƒÄj2PÿÖ= ulƒËÿöœaB uKƒ
œaB Ç„$  ‰=˜aB ‰="aB ‰=aB ‰=ˆaB Æ„$ è™= h°ãA è®Ð ƒÄ‰œ$ è < ‹L$j2QÿÖ= t-=€ u03ÒjM¸B t$,ÇD$D ‰|[email protected]‰T$0èv
h0(B ‹ÆPèTÔ ‹T$L$QR‰|$ÿDðA …Àu"ÿ¸ðA PL$Hè!B ƒÄh0(B D$HPèÔ ‹L$‹5ÀðA QÿÖ‹T$RÿÖ‹D$‹Œ$  d‰
Y_^[‹å]ÃÌjÿhØáA d¡ PƒìD¡xBB 3Ä‰[email protected]¡xBB 3ÄPD$Xd£ 3Û‰\$`èÃ: ‹ø‹GjðPÿ¤ñA ‹OƒÈPjðQÿ*ñA ‹Wjdjh
 RÿÄñA è: èø: ƒì‹ô3À½ ‰n‰^‰d$4f‰Fj¸´B èb ‹Ïè‹? 3Éj¸8B t$ ‰l$8‰\$4f‰L$$è< ‹D$|pÿ;ðvè*Ê ‹D$l¿ 9¼$€ sD$l·pD$PL$ ‰T$è  ƒøÿ"D$9|$4r
‹L$ QèéÊ ƒÄ8\$tj[email protected]B D$pè¯ T$h|$8è" jhðB ‹ÇÆD$hè 8œ$„ tjh(B ‹Çèx 3Òj¸0B t$ ‰l$8‰\$4f‰T$$èy ‹ÆPL$<ÆD$dèüÿÿƒÄ…À¾ "D$9t$4r
‹L$ QèJÊ ƒÄ3Ò‰l$4‰\$0f‰T$ 9t$Pr
‹D$<Pè(Ê ƒÄ3É‰l$P‰\$Lf‰L$<9´$€ r
‹T$lRèÊ ƒÄŠD$‹L$Xd‰
Y_^][‹[email protected]Ìè×Ä ƒÄPÃÌÌÌÌÌÌÌÌÌÌÌÌjÿhŽáA d¡ Pì„ ¡xBB 3Ä‰„$€ SUVW¡xBB 3ÄP„$˜ d£ 3Û‰œ$* è‡8 ‹ø‹GjðPÿ¤ñA ‹OƒÈPjðQÿ*ñA ‹Wjdjh
 RÿÄñA èQ8 è¼8 ƒì‹ô3À½ ‰n‰^‰d$Pf‰Fj¸dB è& ‹ÏèO= 3ÀL$8Q‰D$<‰[email protected]‰D$D‰D$H‰D$L‰D$P‰D$T‰D$X‰D$\ÿHðA 3Òj¸8B t$‰l$4‰\$0f‰T$ èÏ ‹„$¼ pÿ;ðvè0È ‹„$¬ ¿ 9¼$À s„$¬ ·pL$4QL$‰D$8èŠ ƒøÿ"D$9|$0r
‹T$RèsÈ ƒÄ8\$tj[email protected]B „$° è6 fƒ|$8	j„$¬ th´B ëhB è 3Àf‰D$|j¸ØB t$|‰¬$" ‰œ$ è "$¨ |$\Æ„$* èW P|$Æ„$¤ èõ ƒÄSPƒÈÿÆ„$¨ è* ¿ 9|$0r
‹L$Qè¼Ç ƒÄ3ÒÆ„$* ‰l$0‰\$,f‰T$9|$tr
‹D$`Pè'Ç ƒÄ8œ$Ä tjhøB „$€ èR 3Éj¸ B t$‰l$4‰\$0f‰L$ èS ‹ÖRL$|Æ„$¤ èßøÿÿƒÄ…À"D$9|$0r
‹D$Pè&Ç ƒÄ3É‰l$0‰\$,f‰L$9¼$ r
‹T$|RèÇ ƒÄ3À‰¬$ ‰œ$Œ f‰D$|9¼$À r‹Œ$¬ QèÓÆ ƒÄŠD$‹Œ$˜ d‰
Y_^][‹Œ$€ 3Ìè¡Á Ä ÃÌÌÌV‹ñ3ÉÇF ÇF f‰N‹ÈWyI f‹ƒÁf…Òuõ+ÏÑùQèk _‹Æ^ÃÌÌÌÌÌÌV‹ñ3ÀjÿÇF ÇF f‰FP‹D$èM ‹Æ^Â ÌÌÌÌÌÌÌV‹ñƒ~r‹FPèÆ ƒÄÇF ÇF 3Éf‰N^ÃÌÌÌÌÌ‹ÁÂ ÌÌÌÌÌÌÌÌÌÌÌSU‹l$V‹ØW‹ñ9ksèK¹ ‹{‹D$+ý;Çs‹ø;óu/ƒÈÿè¬ ‹Å3Ûè£ _‹Æ^][Â ÿþÿÿvèÖ¸ ‹F;Çs‹FPWVèÛ …ÿvzƒ{r3‹Kë1…ÿuï‰~ƒør‹F3É_f‰‹Æ^][Â F3É_f‰‹Æ^][Â Kƒ~nr‹E ë‹Å‹T$Q?SQ‹N	RPè¦Ä ƒÄƒ~‰~r‹m 3Àf‰+_‹Æ^][Â ÌÌÌÌ‹AƒìSU‹l$VW…ÀvKƒørF‹ø‹A‰D$ƒør‹AƒÁ‰L$ëA‰D$‹Ø› ‹Ï‹Ã…ÿv·U d$ f9tƒÀƒéuó_^]ƒÈÿ[ƒÄÂ …Àtï¾ ‹Õ‹Èf‹)f;*u&ƒÁƒÂƒîuíƒ|$‹L$r‹	_^+Á]Ñø[ƒÄÂ f‹Íf;
ÒƒâþƒÂtÕ‹l$ ‹È+ËÑùƒÊÿ+ÑúXérÿÿÿÌÌSU‹l$W‹|$‹Ø9}sèŠ· ‹E+Ç;Ãs‹Ø‹FƒÉÿ+È;Ëv;Ðsè/· …Û†¹ ‹~ûÿþÿÿvè· ‹F;Çs‹FPWVè …ÿ† ƒ}r1‹më/…ÿuë‰~ƒør‹F_3É]f‰‹Æ[Â _F3É]f‰‹Æ[Â ƒÅ‹Fƒør‹VëV‹NÛS‹\$+Á\] SÀPJRèßÂ ƒÄƒ~‰~r‹F3Éf‰x_]‹Æ[Â F3Éf‰x_]‹Æ[Â ÌÌÌÌÌÌÌÌÌÌÌÌÌ‹L$SU‹l$VW‹ð…ÉtE‹~Fƒÿr‹ë‹Ð;Êr0ƒÿr‹ë‹Ð‹^Z;Ñvƒÿr‹ +ÈÑùQV‹Åè*þÿÿ_^][Â ‹FƒÉÿ+È;Ív(;Ðsèêµ …í†" ‹~ýÿþÿÿvèÐµ ‹F;Çs‹FPWVèÕ …ÿvl‹F^ƒør2‹ë0…ÿuë‰~ƒør‹F3É_f‰‹Æ^][Â F3É_f‰‹Æ^][Â ‹Ó‹NíU‹l$+ÁUÀPJRè*Á ƒÄƒ~‰~r‹3Àf‰{_‹Æ^][Â ÌÌÌÌÌÌÌÌÌÌÌÌS‹ØW…ÛtI‹VFƒúr‹ë‹È;Ùr4ƒúr‹ë‹È‹~y;Ëvƒúr‹ ‹T$+ØRÑûS‹Æ‹ÎèÄûÿÿ_[Â ‹|$ÿþÿÿvè×´ ‹F;Çs ‹FPWVèÜ …ÿve‹NUnƒùr/‹E ë,…ÿué‰~ƒør‹F3É_f‰‹Æ[Â F3É_f‰‹Æ[Â ‹ÅÿWS	RPèÁÀ ‹D$ ƒÄƒ~‰Fr‹m 3Éf‰/]_‹Æ[Â ÌÌÌÌÌÌÌÌÌÌÌÌƒìW‹ø9^sèq´ ‹F+Ã;Çs‹ø…ÿvi‹NUnƒùr	‹U ‰T$ë‰l$ƒùr	‹U ‰T$ë‰l$‹T$+ÇÀP;B+ËPÉQ‹L$YRè¿Â ‹F+ÇƒÄƒ~‰Fr‹m 3Éf‰LE ]‹Æ_ƒÄÃÌU‹l$V‹ðýþÿÿvè¤³ ‹F;Ås‹FPUVè© 3É;ÍÀ^÷Ø]Â €|$ tWƒýsRW‹~;ïs‹ýƒør$FS‹…ÿv?QSjPèž¿ ƒÄSèÀ ƒÄ[3Ò‰~ÇF 3Éf‰T~;Í_À^÷Ø]Â …íu%‰nƒør‹v3À3É;Íf‰À^÷Ø]Â ƒÆ3Àf‰3É;ÍÀ^÷Ø]Â ÌÌÌÌÌÌÌÌU‹ìjÿh€ÜA d¡ PƒìSVW¡xBB 3ÅPEôd£ ‰eð‹E‹}‹ðƒÎþþÿÿv‹ðë"‹_¸«ªªª÷æ‹ËÑéÑê;Ñs¸þÿÿ+Á;Øw43ÛN‰]ü;Ëw3É	PèëÀ ƒÄ‹ØëWƒÈÿ3Ò÷ñƒøsäMìQMÜ‰]ìè0¿ [email protected])B UÜRÇEÜ`òA èéÆ ‹EH‰eð‰EÆEüè¹ ‰Eè¸*[email protected] Ã‹}‹u‹]è‹M…Év#ƒr‹GëGÉQPT6RSè7¾ ‹MƒÄƒr‹GPèŸ¾ ‹MƒÄG3Ò‰‰w‰Oƒþr‹Ã3Òf‰H‹Môd‰
Y_^[‹å]Â ‹uƒ~r‹FPèY¾ ƒÄ3ÉQÇF ÇF Qf‰Nè%Æ ÌÌÌÌÌÌÌÌÌÌƒì…Éw3É	RèÔ¿ ƒÄƒÄÃƒÈÿ3Ò÷ñƒøsä$PL$ÇD$ è¾ [email protected])B L$QÇD$`òA èÊÅ ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌjÿhØÜA d¡ Pƒì W¡xBB 3ÄPD$(d£ 3ÿ3Àjÿf‰D$‹D$<WL$‰|$ÇD$, ‰|$(è"÷ÿÿ‹Ã‰|$0Pf‹ƒÀf;Ïuõ+ÂÑøPSD$è@úÿÿ3ÉÇF ‰~jÿf‰NW‹ÎèV÷ÿÿƒ|$$r
‹T$Rè6½ ƒÄ‹Æ‹L$(d‰
Y_ƒÄ,ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌjÿh¨ÜA d¡ Pƒì SV¡xBB 3ÄPD$,d£ ‹D$<3Û3Éf‰L$‹È‰\$ÇD$( ‰\$$qf‹ƒÁf;Óuõ+ÎÑùQt$è°úÿÿ‹[email protected]ƒÈÿ‰\$<ènøÿÿ3ÉÇG ‰_jÿf‰OS‹Ïè"öÿÿƒ|$(r
‹T$Rèt¼ ƒÄ‹Ç‹L$,d‰

Mean anything to you? Could it be virus related?

I suppose my main concern is that I may have a very clever infection which can hide from scans. Have you seen anything so far that might be suspicious?


----------



## kevinf80 (Mar 21, 2006)

Can you zip up the file "Unconfirmed 992098.crdownload" and attach it to your reply...

Also run the following:

Please download Gmer from *Here* by clicking on the "Download EXE" Button.


 Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
 If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
 In the right panel, you will see several boxes that have been checked. Uncheck the following ...

*Sections
IAT/EAT
Show All* ( should be unchecked by default )

 Leave everything else as it is.
 *Close all* other running *Programs* as well as your *Browsers*.
 Click the Scan button & wait for it to finish.
 Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
 Save it where you can easily find it, such as your desktop.

Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

**If GMER crashes** Follow the instructions *here* and disable your security temporarily

Thanks,

Kevin..


----------



## Pearguy (May 14, 2011)

I managed to zip the 'Unconfirmed' file but the attachments uploader won't upload it, I keep getting a message that 'a security token is missing'. Do you think it's a system glitch or something I'm doing wrong?

The GMER log:

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-07-07 23:28:00
Windows 5.1.2600 Service Pack 3 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19 ST340014AS rev.8.12 37.25GB
Running: d087w8nh.exe; Driver: C:\DOCUME~1\simon\LOCALS~1\Temp\awtdypog.sys

---- System - GMER 2.1 ----

SSDT AE44DEBC ZwClose
SSDT AE44DE76 ZwCreateKey
SSDT AE44DEC6 ZwCreateSection
SSDT AE44DE9E ZwCreateSymbolicLinkObject
SSDT AE44DE6C ZwCreateThread
SSDT AE44DE7B ZwDeleteKey
SSDT AE44DE85 ZwDeleteValueKey
SSDT AE44DEB7 ZwDuplicateObject
SSDT AE44DEA3 ZwLoadDriver
SSDT AE44DE8A ZwLoadKey
SSDT AE44DE58 ZwOpenProcess
SSDT AE44DE99 ZwOpenSection
SSDT AE44DE5D ZwOpenThread
SSDT AE44DEDF ZwQueryValueKey
SSDT AE44DE94 ZwReplaceKey
SSDT AE44DED0 ZwRequestWaitReplyPort
SSDT AE44DE8F ZwRestoreKey
SSDT AE44DECB ZwSetContextThread
SSDT AE44DED5 ZwSetSecurityObject
SSDT AE44DEA8 ZwSetSystemInformation
SSDT AE44DE80 ZwSetValueKey
SSDT AE44DEDA ZwSystemDebugControl
SSDT AE44DE67 ZwTerminateProcess
SSDT AE44DE62 ZwWriteVirtualMemory

---- User code sections - GMER 2.1 ----

.text C:\Program Files\OO Software\Defrag\oodag.exe[1464] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 5 Bytes JMP 00401340 C:\Program Files\OO Software\Defrag\oodag.exe

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk1\DR1 unknown MBR code

---- EOF - GMER 2.1 ----


----------



## kevinf80 (Mar 21, 2006)

Thanks for the reply, GMER log does not show any obvious malware or infection. if the suspicious file is zipped correctly i`m not really sure what is wrong. Could you upload to drop box or another similar file transfer program and post the link to your reply so I can download it from there...


----------



## Pearguy (May 14, 2011)

I'm still fairly new to all things IT related (I'm sure you guessed!) but hopefully the link below will lead to the 'Unconfirmed' document. The 'Insert Link' tool doesn't seem to work for me so I just copy/pasted direct into the message box.

https://www.dropbox.com/s/renrlprzg5yclj8/Unconfirmed 992098.zip?dl=0


----------



## kevinf80 (Mar 21, 2006)

Thanks for the file upload, i`ve checked it and concluded the file is inert and of no harm to your system. I recommend that you delete the file... here is a quote from a related search:



> What is a CRDOWNLOAD file?
> 
> Files that contain the .crdownload file extension are associated with the Google Chrome Internet browser. The files with the .crdownload file suffix store the contents of partial file downloads that are being performed with the Chrome Web browser.
> 
> ...


What is the status at present, give list of any issues or concerns...

Thank you,

Kevin...


----------



## Pearguy (May 14, 2011)

Ok I'll delete it, thanks for checking it out. 

Current pc status is a bit 'clunky'. CPU usage and fan often go suddenly into overdrive which typically lasts 10 - 15 minutes. Sometimes when this is happening mbam.exe shows as active in Task manager, other times it might be aveguard.exe or update.exe, but frequently there is no apparent cause or culprit. During these periods my pc is extremely slow, often completely unresponsive. Even when pc is running quietly CPU usage often jumps around wildly from second to second; 100%, 40%, 5%, 30%, 75%..

Malwarebytes still sometimes opens by itself. Early on, when odd symptoms first began several weeks ago, Malwarebytes was behaving strangely. It refused to scan, or - if it did - the scan was over much too quickly. It kept prompting me to update with a surprise pop-up window, but then it would tell me that no updates were available. When I tried to do a fresh download it wouldn't happen. This behaviour was partly what made me sure I was infected, it just had that 'feel' about it, especially as other anti-malware programs were behaving similarly.
Since then I did manage a fresh MBAM download which appears to work correctly except that it opens unexpectedly. It's also still telling me that my Free Trial has expired, though this didn't seem to prevent it scanning. 

My Windows Administrator login password is no longer recognized. This could be unrelated to anything else - possibly a MS issue - but I've read that some viruses will block admin access to avoid certain actions being performed that might lead to detection. I realize that's probably unlikely in this case but I'd like to be sure.

I keep seeing "1 Click Video Download" tab when I open Firefox. I don't have this loaded as a program but no matter how often I dismiss it it reappears next time I open FF.

Although it would be nice to correct these issues I could live with them as long as I'm sure that they aren't symptoms of something more serious; I've heard of viruses that can evade almost any efforts to detect them.

Thank you for all your help so far.


----------



## kevinf80 (Mar 21, 2006)

The erratic behavior is that you mention is still a concerns, recent logs do not show any obvious malware or infection. Lets have another deep scan:

1.Download Malwarebytes Anti-Rootkit from this link:

http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run *mbar.exe*










4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:










5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.










7. The following image opens, select Update










8. When the update completes select Next.










9. In the following window ensure "Targets" are ticked. Then select "Scan"










10. If an infection is found select the *"Cleanup Button"* to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.










11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click *"Cleanup Button"* once more and repeat the process.
12. If no threats were found you will see the following image, Select *Exit*:










13. Verify that your system is now running normally, making sure that the following items are functional:


 Internet access
 Windows Update
 Windows Firewall

14. If there are additional problems with your system, such as any of those listed above or *other system* issues, then run the *'fixdamage'* tool included within Malwarebytes Anti-Rootkit folder.

15. Select *"Y"* from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the *mbar* folder:

*System - log*
*Mbar - log* Date and time of scan will also be shown

Thanks,

Kevin....


----------



## Pearguy (May 14, 2011)

This is the first instruction that makes me a bit nervous. I know you wouldn't give bad instructions, and that this is a highly regarded tool, but twice in the past I have used it (Malwarebytes Anti-Rootkit) and on both occasions it left big problems behind. 
The second time time was about three years ago. 
I ran the scan and there were - I think - two detections. I can't recall the exact sequence of actions performed but on re-booting I was frozen out of my own pc until I had 'Activated Windows'. It was a legit copy and I had the correct product key. MS customer services acknowledged that I was using a licensed edition but they still wanted to charge me £95 to allow me to continue to use my own computer. I declined their offer. 
It's possible that my problems were because this is an old pc, or that the detections were the false positives you warned about in an earlier post and that I shouldn't have cleaned or quarantined them. I didn't have expert supervision at the time so perhaps I just did something wrong that wouldn't happen this time.
If you feel that the potential benefit of running the tool outweighs the possible risk, or that any resulting problems can be fixed, then I'll go ahead. I just felt I should mention this history before proceeding.


----------



## Pearguy (May 14, 2011)

P.S...
Googling 'update.exe' brings up a lot of hits which state that it can be present as a virus, often undetected because it's disguised as a legitimate program. I don't understand the technicalities but update.exe only shows in Task Manager when CPU usage is maxed out. Right now it's absent from the processes list, and the system is quiet and running smoothly.
When I highlight it and attempt to 'Stop process' it I get a message telling me that it can't be stopped.


----------



## kevinf80 (Mar 21, 2006)

Any file on your PC can be seen as malicious, it really depends where it is run from or if it has been patched etc....

We can check on update.exe at Virus Total later.. Regarding MBAR, i`ve never had any problems before and have used it hundreds of times... If you do not like it we can miss it out, or run the scan as instructed, if anything is found reather than selecting "Cleanup" select "Exit" and post the logs for me to see...

Back to Update.exe, do the following:

Please download *SystemLook* from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe <<- 64 bit.

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe <<- 32 bit


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:filefind
update.exe
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Post MBAR log if you`ve ran it, also log from System Look..

Thanks,

Kevin..


----------



## Pearguy (May 14, 2011)

I ran SystemLook first, here is the log. Now to run MBAR..

SystemLook 30.07.11 by jpshortstuff
Log created at 11:40 on 10/07/2015 by simon
Administrator - Elevation successful

========== filefind ==========

Searching for "update.exe"
C:\Documents and Settings\All Users\Application Data\Avira\Antivirus\TEMP\SELFUPDATE\update.exe	--a---- 1085448 bytes	[15:26 05/07/2015]	[15:26 05/07/2015] 6056283F22A59D87D7A3A1486FF8C060
C:\Program Files\Avira\AntiVir Desktop\update.exe	--a---- 1085448 bytes	[23:11 15/05/2014]	[15:26 05/07/2015] 6056283F22A59D87D7A3A1486FF8C060
C:\Program Files\MSN\MSNCoreFiles\update.exe	--a---- 77824 bytes	[06:40 21/01/2014]	[12:00 23/08/2001] 5FDB8BF110E892E20A928B0EA1FC87BB
C:\WINDOWS\$hf_mig$\KB2115168\update\update.exe	--a---- 755576 bytes	[12:58 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2229593\update\update.exe	--a---- 755576 bytes	[12:58 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2345886\update\update.exe	--a---- 755576 bytes	[22:08 22/01/2014]	[14:23 22/02/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2347290\update\update.exe	--a---- 755576 bytes	[12:58 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2387149\update\update.exe	--a---- 755576 bytes	[12:59 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2393802\update\update.exe	--a---- 755576 bytes	[13:00 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2419632\update\update.exe	--a---- 755576 bytes	[13:00 21/01/2014]	[14:23 22/02/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2423089\update\update.exe	--a---- 755576 bytes	[13:00 21/01/2014]	[14:23 22/02/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2443105\update\update.exe	--a---- 755576 bytes	[13:00 21/01/2014]	[14:23 22/02/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2478960\update\update.exe	--a---- 755576 bytes	[13:00 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2478971\update\update.exe	--a---- 755576 bytes	[13:00 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2479943\update\update.exe	--a---- 755576 bytes	[13:01 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2481109\update\update.exe	--a---- 755576 bytes	[13:01 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2483185\update\update.exe	--a---- 755576 bytes	[13:00 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2485663\update\update.exe	--a---- 755576 bytes	[13:01 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2506212\update\update.exe	--a---- 755576 bytes	[13:01 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2507938\update\update.exe	--a---- 755576 bytes	[13:02 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2508429\update\update.exe	--a---- 755576 bytes	[13:01 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2509553\update\update.exe	--a---- 755576 bytes	[13:02 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2510531-IE8\update\update.exe	--a---- 755576 bytes	[13:02 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2535512\update\update.exe	--a---- 755576 bytes	[13:02 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2536276-v2\update\update.exe	--a---- 755576 bytes	[13:02 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2544893-v2\update\update.exe	--a---- 755576 bytes	[13:03 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2566454\update\update.exe	--a---- 755576 bytes	[13:02 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2570947\update\update.exe	--a---- 755576 bytes	[13:03 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2584146\update\update.exe	--a---- 755576 bytes	[13:03 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2585542\update\update.exe	--a---- 755576 bytes	[13:04 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2592799\update\update.exe	--a---- 755576 bytes	[13:03 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2598479\update\update.exe	--a---- 755576 bytes	[13:04 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2603381\update\update.exe	--a---- 755576 bytes	[13:04 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2619339\update\update.exe	--a---- 755576 bytes	[13:03 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2620712\update\update.exe	--a---- 755576 bytes	[13:03 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2631813\update\update.exe	--a---- 755576 bytes	[13:04 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2653956\update\update.exe	--a---- 755576 bytes	[13:04 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2655992\update\update.exe	--a---- 755576 bytes	[13:05 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2661637\update\update.exe	--a---- 755576 bytes	[13:04 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2676562\update\update.exe	--a---- 755576 bytes	[13:05 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2686509\update\update.exe	--a---- 755576 bytes	[13:05 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2691442\update\update.exe	--a---- 755576 bytes	[13:05 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2698365\update\update.exe	--a---- 755576 bytes	[13:06 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2705219-v2\update\update.exe	--a---- 755576 bytes	[13:06 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2712808\update\update.exe	--a---- 755576 bytes	[13:06 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2719985\update\update.exe	--a---- 755576 bytes	[13:05 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2723135-v2\update\update.exe	--a---- 755576 bytes	[13:06 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2727528\update\update.exe	--a---- 755576 bytes	[13:06 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2749655\update\update.exe	--a---- 755576 bytes	[13:06 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2757638\update\update.exe	--a---- 755576 bytes	[13:07 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2758857\update\update.exe	--a---- 755576 bytes	[13:07 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2770660\update\update.exe	--a---- 755576 bytes	[13:07 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2780091\update\update.exe	--a---- 755576 bytes	[13:07 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2802968\update\update.exe	--a---- 755576 bytes	[13:07 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2807986\update\update.exe	--a---- 755576 bytes	[13:07 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2813345\update\update.exe	--a---- 755576 bytes	[13:08 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB2820917\update\update.exe	--a---- 755576 bytes	[13:07 21/01/2014]	[13:15 05/07/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe	--a---- 718048 bytes	[12:30 21/01/2014]	[03:35 25/02/2005] 3B5EAAEDB8A9D3F98DEBBDB0CFD214D5
C:\WINDOWS\$hf_mig$\KB923561\update\update.exe	--a---- 755576 bytes	[12:53 21/01/2014]	[17:18 15/11/2008] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe	--a---- 716000 bytes	[07:34 21/01/2014]	[01:22 06/03/2007] 0B630C8656B1EA82C82B929D51FA351B
C:\WINDOWS\$hf_mig$\KB946648\update\update.exe	--a---- 755576 bytes	[12:52 21/01/2014]	[11:20 30/11/2007] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB950762\update\update.exe	--a---- 755576 bytes	[12:51 21/01/2014]	[12:39 30/11/2007] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB950974\update\update.exe	--a---- 755576 bytes	[12:52 21/01/2014]	[12:39 30/11/2007] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe	--a---- 755576 bytes	[12:52 21/01/2014]	[11:18 30/11/2007] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB951978\update\update.exe	--a---- 755576 bytes	[12:52 21/01/2014]	[12:39 30/11/2007] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB952004\update\update.exe	--a---- 755576 bytes	[12:53 21/01/2014]	[12:39 30/11/2007] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB952287\update\update.exe	--a---- 755576 bytes	[12:52 21/01/2014]	[11:18 30/11/2007] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB952954\update\update.exe	--a---- 755576 bytes	[12:52 21/01/2014]	[12:39 30/11/2007] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB955759\update\update.exe	--a---- 755576 bytes	[14:05 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB956572\update\update.exe	--a---- 755576 bytes	[12:53 21/01/2014]	[07:38 09/07/2008] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB956844\update\update.exe	--a---- 755576 bytes	[12:55 21/01/2014]	[13:02 08/07/2008] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB959426\update\update.exe	--a---- 755576 bytes	[12:54 21/01/2014]	[12:39 30/11/2007] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB960803\update\update.exe	--a---- 755576 bytes	[12:53 21/01/2014]	[12:39 30/11/2007] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB960859\update\update.exe	--a---- 755576 bytes	[12:54 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB968389\update\update.exe	--a---- 755576 bytes	[12:55 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB969059\update\update.exe	--a---- 755576 bytes	[12:55 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB970430\update\update.exe	--a---- 755576 bytes	[22:08 22/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB971029\update\update.exe	--a---- 755576 bytes	[13:01 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB971657\update\update.exe	--a---- 755576 bytes	[12:54 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB972270\update\update.exe	--a---- 755576 bytes	[12:56 21/01/2014]	[13:02 08/07/2008] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB973507\update\update.exe	--a---- 755576 bytes	[12:54 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB973815\update\update.exe	--a---- 755576 bytes	[12:54 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB973869\update\update.exe	--a---- 755576 bytes	[12:54 21/01/2014]	[13:02 08/07/2008] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB973904\update\update.exe	--a---- 755576 bytes	[12:56 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB974112\update\update.exe	--a---- 755576 bytes	[12:55 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB974318\update\update.exe	--a---- 755576 bytes	[12:56 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB974392\update\update.exe	--a---- 755576 bytes	[12:56 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB974571\update\update.exe	--a---- 755576 bytes	[12:55 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB975025\update\update.exe	--a---- 755576 bytes	[12:55 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB975467\update\update.exe	--a---- 755576 bytes	[12:56 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB975560\update\update.exe	--a---- 755576 bytes	[12:57 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB975713\update\update.exe	--a---- 755576 bytes	[12:56 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB977816\update\update.exe	--a---- 755576 bytes	[12:57 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB977914\update\update.exe	--a---- 755576 bytes	[12:57 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB978338\update\update.exe	--a---- 755576 bytes	[12:57 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB978542\update\update.exe	--a---- 755576 bytes	[12:57 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB978706\update\update.exe	--a---- 755576 bytes	[12:57 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB979309\update\update.exe	--a---- 755576 bytes	[12:57 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB979482\update\update.exe	--a---- 755576 bytes	[12:58 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB979687\update\update.exe	--a---- 755576 bytes	[12:59 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB981997\update\update.exe	--a---- 755576 bytes	[12:58 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB982132\update\update.exe	--a---- 755576 bytes	[12:59 21/01/2014]	[11:40 26/05/2009] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\$hf_mig$\KB982665\update\update.exe	--a---- 755576 bytes	[12:58 21/01/2014]	[14:23 22/02/2010] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\SoftwareDistribution\Download\122ece420ea2cadf18cdf04c90b6d8f1\update\update.exe	--a---- 755576 bytes	[10:41 27/07/2007]	[10:41 27/07/2007] 0FF4E4E0DD01E7872D9C2013560FD4A7
C:\WINDOWS\SoftwareDistribution\Download\18f6b4c16b6e97c0405341fa27c62ee8\update\update.exe	--a---- 755576 bytes	[23:11 27/07/2007]	[23:11 27/07/2007] 0FF4E4E0DD01E7872D9C2013560FD4A7

-= EOF =-


----------



## Pearguy (May 14, 2011)

Fan and CPU usage have both been in overdrive a lot of the time since last night, pc is painfully slow, unresponsive and jerky; update.exe was always showing in Task Manager. Right now the system is smooth again and update has disappeared. 

I'm having problem with MBAR. Downloaded to desktop and opened it ok, but double click on mbar.exe brings up message that "Malwarebytes anti-rootkit beta is already running. Do you really want to run another instance of the application?" Then another window opened offering an update. After trying unsuccessfully to run mbar.exe I eventually clicked 'yes' to the update, and - when nothing happened - I then clicked 'yes' to running another instance of the MBAR Beta application. Neither had any apparent effect. Checking the Malwarebytes update window again, I see the message "Failed: Cancelled update. 
The system-log text states that 'protection driver' could not be loaded. There was no mention of DDA driver, nor any option to re-boot.


Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2138550272, free: 795770880

Could not load protection driver
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2138550272, free: 769552384

Could not load protection driver


----------



## kevinf80 (Mar 21, 2006)

The log entries from SystemLook are ok, no malware or infection. The issue with MBAR will be related to Malwarebytes, right click on the tray icon for Malwarebytes and select "exit" that will close down Mawarebytes.

Try MBAR one more time, it should run ok...

Thanks,

Kevin...


----------



## Pearguy (May 14, 2011)

You're right, MBAR ran this time. System-log beneath MBAR-log
Have to go out now but will check system later and report back to you. Internet access seems ok, maybe I should check after re-booting?

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.07.10.04
rootkit: v2015.07.10.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
simon :: SIMON1 [administrator]

10/07/2015 15:01:05
mbar-log-2015-07-10 (15-01-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 300950
Time elapsed: 52 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2138550272, free: 795770880

Could not load protection driver
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2138550272, free: 769552384

Could not load protection driver
Downloaded database version: v2015.07.10.03
Canceled update
=======================================

=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2138550272, free: 580104192

Could not load protection driver
Downloaded database version: v2015.07.10.04
Downloaded database version: v2015.07.10.01
Downloaded database version: v2015.07.01.02
=======================================
Initializing...
------------ Kernel report ------------
07/10/2015 14:58:10
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\b57xp32.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\Aspi32.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\DOCUME~1\simon\LOCALS~1\Temp\awtdypog.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.07.10.04
rootkit: v2015.07.10.01

<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff89bfdab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89b8b900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89bfdab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89a81f18, DeviceName: \Device\0000005b\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff89ac8940, DeviceName: \Device\Ide\IdeDeviceP3T0L0-19\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff89bd7ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89aeb150, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89bd7ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89abc3b8, DeviceName: \Device\0000005a\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff89bd2d98, DeviceName: \Device\Ide\IdeDeviceP0T1L0-c\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E226E662

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 126470081
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Other (0x82)
Partition is NOT ACTIVE.
Partition starts at LBA: 126470144 Numsec = 3698688

Partition 2 type is Other (0x83)
Partition is NOT ACTIVE.
Partition starts at LBA: 130168832 Numsec = 29917184

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 81964302336 bytes
Sector size: 512 bytes

Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BDC0BDB

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 51196257
Partition file system is NTFS
Partition is bootable

Partition 1 type is Other (0x83)
Partition is NOT ACTIVE.
Partition starts at LBA: 51202048 Numsec = 26920960

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Other (0x1)
Partition is NOT ACTIVE.
Partition starts at LBA: 10704960 Numsec = 15120

Disk Size: 40000000000 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished


----------



## kevinf80 (Mar 21, 2006)

We see yet another clean log, I believe we can close this one out on the malware/infection front for sure...

Lets do a bit of maintenance and see what we find:

Go to Start, then Run and type *cmd* into the Run box and tap <Enter>.* After the command box opens, type this at the prompt *chkdsk /r* and tap <Enter>.*
Note the space between the * chkdsk * and the * /r *.* You will get a message that the drive cannot be locked, but that the command can be scheduled to run at the next boot.* Type *Y* and then tap <Enter> again.* You will get a message that *chkdsk* has been scheduled to run on the next boot.* Then reboot.

*chkdsk* will run during the boot, and it will take quite a bit of time, particularly if your boot partition is large.* What the */r* flag does is force *chkdsk* to run an expanded version of *chkdsk* that has 5 tests.* The last two will check the drive for file/folder/free space errors and also fix related MFT errors if there are any.

To get the results: Go to Start - Run and type in *eventvwr.msc* and hit enter.
When Event Viewer opens, click on *"Application"*, then scroll
down to *"Winlogon"* and double-click on it to open it up. This is the log
created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.

Next,

Go to the following link: https://support.microsoft.com/en-us/kb/314848 follow those instructions to Defrag you hard drive...

Let me know the status of your system when complete.....

Thanks,

Kevin....


----------



## Pearguy (May 14, 2011)

Seems to be an issue. Double clicking 'Winlogon' brings up the message that "The shell stopped unexpectedly & Explorer.exe was restarted". Clicking either of the up/down arrows brings up the dialogue below:

Event Type:	Information
Event Source:	dbupdate
Event Category:	None
Event ID:	0
Date:	 08/07/2015
Time: 10:19:59
User: N/A
Computer:	SIMON1
Description:
The description for Event ID ( 0 ) in Source ( dbupdate ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service stopped.

I'll try again in case I did something wrong but I shan't run the defrag yet in case you need to see these results first.


----------



## Pearguy (May 14, 2011)

I've just noticed, the date and time listed in the above event info are both wrong, unless they relate to something else. 
Also there were literally hundreds of "ERROR" entries in the Applications event list. I've no idea if this is important but I felt I should mention just in case it is.


----------



## Pearguy (May 14, 2011)

Retry scan just finished, this time seemed to work. Log below, will defrag next.
Event Type:	Information
Event Source:	Winlogon
Event Category:	None
Event ID:	1001
Date: 11/07/2015
Time: 14:43:08
User: N/A
Computer:	SIMON1
Description:
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk. 
Cleaning up minor inconsistencies on the drive.
Cleaning up 593 unused index entries from index $SII of file 0x9.
Cleaning up 593 unused index entries from index $SDH of file 0x9.
Cleaning up 593 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

25598128 KB total disk space.
15020232 KB in 43831 files.
16692 KB in 5490 indexes.
0 KB in bad sectors.
221596 KB in use by the system.
65536 KB occupied by the log file.
10339608 KB available on disk.

4096 bytes in each allocation unit.
6399532 total allocation units on disk.
2584902 allocation units available on disk.

Internal Info:
f0 42 02 00 b5 c0 00 00 dc 07 01 00 00 00 00 00 .B..............
20 0d 00 00 03 00 00 00 7d 08 00 00 00 00 00 00 .......}.......
6c d5 f3 1a 00 00 00 00 8e ef c3 45 00 00 00 00 l..........E....
9e c9 4b 2e 00 00 00 00 12 83 e4 34 0b 00 00 00 ..K........4....
56 b2 fc 8b 00 00 00 00 74 0d b0 62 0c 00 00 00 V.......t..b....
b0 4e 7d a6 00 00 00 00 20 3b 07 00 37 ab 00 00 .N}..... ;..7...
00 00 00 00 00 20 c3 94 03 00 00 00 72 15 00 00 ..... ......r...

Windows has finished checking your disk.
Please wait while your computer restarts.


----------



## kevinf80 (Mar 21, 2006)

Let me know current status when Defrag completes....


----------



## Pearguy (May 14, 2011)

Will do. Defrag finished but a bit late to check everything tonight. I'll do it tomorrow and get back to you.
Thanks again for all your help.


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update.... I will be away tonight from 10pm GMT until 8 pm GMT Friday 17th july.. I will definitely be offline for that period.....

Cheers,

Kevin...


----------



## Pearguy (May 14, 2011)

I see, thanks for letting me know. I'll check back with you after the 17th.

Good news re no sign of infection so far but pc still not quite right. The fan is blowing like a hovercraft and has done since I accessed the internet (Chrome) 20 minutes+ ago. This time update.exe isn't showing in Task Manager. Ah, the noise is dying down now as I type..
Yes, now that it's quietened everything seems to be running smooth and responsive. tabs much quicker to load than before defrag. Start-up was quicker too. All much better, except for long delay in reaching this stage after booting. Still getting 15 - 20 mins of noisy and slow.

Possible minor issue with the defrag. "C:drive > properties > tools > defragment now" opened O&O defrag, it must have been set as default. I started it without noticing that it wasn't MS; by the time I realized it the scan was underway so I thought it best to just let it finish. 
However it stalled at 5% complete so I stopped it and ran MS defrag. This time it completed but left a message that 'some files could not be defragmented', but when I checked which ones there was nothing listed. The defrag seems to have improved performance noticeably so I guess the process must have been effective.

Malwarebytes window opened spontaneously again shortly after start-up. It will be unusual if it doesn't happen again before this session ends. Not a terrible issue; worst case I can always uninstall it, but it shouldn't be happening and it would be good to stop it if possible.

Other minor issues I forgot to mention previously are that the system often spontaneously 'wakes up' from hibernation, and can be reluctant to go into standby mode in the first place. And there's a frequent glitch at start-up where I'm left faced with a black screen (immediately after the 'Intel' screen with the 'F Key' options along the bottom disappears). The only way then to get started is to switch off by physically pressing the button and then turning on again. Sometimes takes three or four attempts, but didn't happen today after the defrag. I'll keep notes and update you after 17th.

One question; should I clear history, cache and cookies 'from the beginning of time' as Chrome phrases it? Or only the recent stuff? Or should I leave it as is?

All in all, so far today the system is running much better than previously and once again my sincere thanks for your help. I'll update you on your return.


----------



## Pearguy (May 14, 2011)

Ah, fan just started up again and CPU usage at 100%. System back to painfully slow, jerky and unresponsive, almost unuseable. update .exe is listed in Task Managers applications and this time I'm sure is definitely responsible. Can I somehow delete it?


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, regarding "update.exe" in Taskmanager, it really depends on which service is running that .exe file. If you recall the results from "System Look" for update.exe it was clear to see that the majority were old and outdated system updates.
The only recent entries were related to your security "Avira"



> C:\Documents and Settings\All Users\Application Data\Avira\Antivirus\TEMP\SELFUPDATE\update.exe --a---- 1085448 bytes [15:26 05/07/2015] [15:26 05/07/2015] 6056283F22A59D87D7A3A1486FF8C060
> C:\Program Files\Avira\AntiVir Desktop\update.exe --a---- 1085448 bytes [23:11 15/05/2014] [15:26 05/07/2015] 6056283F22A59D87D7A3A1486FF8C060


I guess the only way to prove if Avira is causing the issue would be to Uninstall it and replace with a different AV program, maybe AVG or Avast, i`ll leave that choice up to yourself...

To temp files, caches etc is a definite gain point, keeping that crap at bay is a bonus.. maybe is better to use a file cleaner such as TFC...

Download







TFC to your desktop, from either of the following links
http://oldtimer.geekstogo.com/TFC.exe
http://itxassociates.com/OT-Tools/TFC.exe

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

The issue with hibernation may improve if we can check and replace any associated system files, as you run XP it would be necessary to have an XP installation CD with SP3, that is required to run "System File Checker".....

Catch up later....

Kevin...


----------



## Pearguy (May 14, 2011)

Ah, I think I understand now. I've been thinking of update.exe as a program in its own right. I may try uninstalling Avira, but I'll certainly download TFC, thank for the links.

Btw, do you have an opinion on the CCleaner tool? I only ask as I've run it several times in the past whenever my pc has been persistently sluggish and sometimes the results have been remarkable, almost like a new system. Other occasions I haven't noticed much difference.


----------



## kevinf80 (Mar 21, 2006)

Yes CCleaner is ok to use as a temp file cleaner, it also has several other strings to its bow, have a look at the following tutorial by "How-To Geek"

http://www.howtogeek.com/113382/how-to-use-ccleaner-like-a-pro-9-tips-tricks/

If you like CCleaner there is no reason to d/l TFC....

Will catch up later...

Kevin...


----------



## kevinf80 (Mar 21, 2006)

Hello again, what is the current status, any remaining issues or concerns...


----------



## Pearguy (May 14, 2011)

Hi Kevin,
Thanks for checking back.

Booting to safe mode has remained straightforward, and I've uninstalled Malwarebytes so it no longer starts spontaneously.

Otherwise overall performance seems unchanged. Still slow to start, still getting sudden surges in CPU usage and fan noise which last about 15 - 20 minutes, and which cause such drastic unresponsiveness that I don't even try to use the pc at those times. During these episodes Process Explorer shows something called "Interrupts" as hogging CPU usage (occasionally "lsass.exe" shows activity) but I've so far found limited info on the Interrupts process. 

Apart from the above, I have to say that, when it's running smoothly (most of the time now) the system is pretty good. A/v is still stuttery, such as on YouTube or BBC iPlayer, but I'm certain that's not malware related. 
The only dodgy occurrence since our last posts has been another blatant scam email. This one claimed to be from 'HM Customs And Excise' and offered me a link to a tax rebate but needless to say I didn't click it. I assumed this was a coincidence rather than a sign of infection..


----------



## kevinf80 (Mar 21, 2006)

Thanks for the reply, did you uninstall Avira and try a different AV program?

Set you system to run in Clean boot mode, use the following instructions....

Click Start, click Run, type msconfig, and then click OK.

The System Configuration Utility dialog box is displayed.

We now need to configure selective startup options:


 In the *System Configuration Utility* dialog box, click the *General tab*, and then click *Selective Startup*.
 Click to clear the *Process SYSTEM.INI File* check box.
 Click to clear the *Process WIN.INI File* check box.
 Click to clear the *Load Startup Items check box*. Verify that *Load System Services* and *Use Original BOOT.INI* are checked.
 Click the Services tab.
 Click to select the *Hide All Microsoft Services* check box.
 Click *Disable All*, and then click *OK*. this will disable none MS services. (Leave security and any wifi entries active)
 When you are prompted, click Restart to restart the computer.

When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

How does the system perform in "clean boot" mode...


----------



## Pearguy (May 14, 2011)

Haven't uninstalled Avira yet. In the past I've tried AVG and the system slowed to a permanent crawl. Avira was noticeably lighter on usage. I've followed your instructions above so will see how all goes in Clean Boot mode. 

I got the same message as last time about needing to login in as admin, and Avira popped up a box telling me that access to the registry had been blocked, but everything else went just as you described including the message on re-start, which also told me that I'd made changes, so I assume that some action was effectively performed.

On restart there was another message box from Windows security. I'm surprised as I thought support for XP had ceased but apparently Firewall, Auto Updates and Virus Protection are all currently activated. Should I de-activate any of them? I seem to recall something about not running two anti-virus progs at once.

Btw, you probably realized it but in my previous post, when I mentioned jerky A/v, I was referring to Audio/Visual not anti-virus. Sorry if it was misleading. I'll give Clean Boot mode a decent test run and report back later this evening or tomorrow.

Thanks as always


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, I ask about Avira as there was the issue with "Update" causing high CPU readings earlier in the thread. I wanted Avira removed to see if that problem corrected...

The problem with video in YouTube and iPlayer maybe down to video card drivers or possibly the video card starting to fail, how old is this PC...

Do you have an XP installation CD with SP3

Thanks,

Kevin


----------



## Pearguy (May 14, 2011)

Now that you mention it, 'Update.exe' hasn't been a nuisance for a few days now. It could be coincidence but the problem seemed to stop after I uninstalled Malwarebytes. Fingers crossed..

CPU usage still frequently goes mad. I tried to type this post earlier but had to give up. The main culprit now, according to Process Manager, is 'Interrupts'. I don't think Interrupts ever showed in Task Manager, and I could never see 'Update' listed in Process Explorer. 

I'm unsure as to the PC's age as I bought it secondhand from an outlet specializing in used office equipment. I've owned it about 2.5 years and a more knowledgable friend thought it was probably about three or four years old when I got it. I don't have a CD.

The YouTube (etc) issue is noticeably worse with Chrome as opposed to IE. Not sure about Firefox as I try not to use it anymore but I'll check it out.


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update. High interrupts mean your CPU is busy attending to some piece of hardware that wants attention. It's completely normal when using the hard drive or network to excess.
We need to know for sure that no background 3rd party services are active and contributing to the CPU issue. When the system is in "Clean Boot" mode let me know if there is any improvement...

Another problem could be failing hardware such as the hard drive, that was the reason I ask how old the PC was. 

Thanks,

Kevin...


----------



## Pearguy (May 14, 2011)

PC has been in Clean Boot mode since yesterday and interrupts has been monopolising the CPU on average once an hour or so for between five and ten minutes. It often starts when PC is in power-down, i.e. when I've been away from it for a while, so it doesn't seem to be caused by anything I might be doing at the time. It's happening pretty much the same as before Clean Boot.
Do you think it could it be caused by Avira? Do you want me to uninstall to test?


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, i`m sure we are not dealing with any Malware/Infection. The CPU issue and "interrupts" flagging in Taskmanger have many different causes, as the system still has the problem in "clean boot" mode we can discount all 3rd party services.
The interrupt is therfore probably being generated by an Input/Output device (such as a disk controller, network card, USB controller etc.) when it wants some attention from the processor.

Run the following to check event viewer to see if there are possible indications....

Please download VEW by Vino Rosso from HERE and save it to your Desktop.


Double-click VEW.exe. to start, Vista and Windows 7/8 users Right Click and select "Run as Administrator"
Under 'Select log to query...check the boxes for both Application and System.
Under 'Select type to list... select both Error and Critical.
Click the radio button for 'Number of events...Type 15 in the 1 to 20 box.
Then click the Run button.
Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient.

Please post the Output log in your next reply.

Thanks,

Kevin...


----------



## Pearguy (May 14, 2011)

Morning Kevin

Vino's Event Viewer v01c run on Windows XP in English
Report run at 21/07/2015 08:15:29

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/07/2015 21:55:13
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. 

Log: 'Application' Date/Time: 12/07/2015 21:47:47
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application avgnt.exe, version 15.0.11.574, faulting module ccmsg.dll, version 15.0.11.574, fault address 0x0000ca43. 

Log: 'Application' Date/Time: 20/06/2015 13:46:00
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application helper.exe, version 1.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00032a16. 

Log: 'Application' Date/Time: 18/06/2015 23:58:19
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000. 

Log: 'Application' Date/Time: 18/06/2015 23:57:31
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000. 

Log: 'Application' Date/Time: 06/05/2015 02:10:57
Type: error Category: 0
Event: 11704 Source: MsiInstaller
Product: Microsoft Security Client -- Error 1704. An installation for Avira is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes? 

Log: 'Application' Date/Time: 04/05/2015 20:31:42
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 04/05/2015 20:11:36
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket 939557046. 

Log: 'Application' Date/Time: 04/05/2015 20:11:19
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket 939557046. 

Log: 'Application' Date/Time: 04/05/2015 18:34:08
Type: error Category: 1
Event: 489 Source: ESENT
avguard (1944) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01). 

Log: 'Application' Date/Time: 04/05/2015 18:34:08
Type: error Category: 1
Event: 489 Source: ESENT
avguard (1944) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01). 

Log: 'Application' Date/Time: 04/05/2015 18:34:08
Type: error Category: 1
Event: 489 Source: ESENT
avguard (1944) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01). 

Log: 'Application' Date/Time: 04/05/2015 18:34:08
Type: error Category: 1
Event: 489 Source: ESENT
avguard (1944) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01). 

Log: 'Application' Date/Time: 04/05/2015 18:34:08
Type: error Category: 1
Event: 489 Source: ESENT
avguard (1944) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01). 

Log: 'Application' Date/Time: 04/05/2015 18:34:08
Type: error Category: 1
Event: 489 Source: ESENT
avguard (1944) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01). 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/07/2015 07:54:30
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 

Log: 'System' Date/Time: 21/07/2015 07:43:22
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service. 

Log: 'System' Date/Time: 20/07/2015 22:54:31
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 

Log: 'System' Date/Time: 20/07/2015 22:25:56
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service dbupdate with arguments "/comsvc" in order to run the server: {96D1EED3-701E-4FE5-B996-A543A8465897} 

Log: 'System' Date/Time: 20/07/2015 17:54:09
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 

Log: 'System' Date/Time: 20/07/2015 17:25:15
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service dbupdate with arguments "/comsvc" in order to run the server: {96D1EED3-701E-4FE5-B996-A543A8465897} 

Log: 'System' Date/Time: 20/07/2015 17:24:07
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service. 

Log: 'System' Date/Time: 20/07/2015 06:25:51
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service dbupdate with arguments "/comsvc" in order to run the server: {96D1EED3-701E-4FE5-B996-A543A8465897} 

Log: 'System' Date/Time: 20/07/2015 05:54:52
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 

Log: 'System' Date/Time: 20/07/2015 01:25:03
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service dbupdate with arguments "/comsvc" in order to run the server: {96D1EED3-701E-4FE5-B996-A543A8465897} 

Log: 'System' Date/Time: 20/07/2015 00:54:42
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 

Log: 'System' Date/Time: 19/07/2015 20:25:29
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service dbupdate with arguments "/comsvc" in order to run the server: {96D1EED3-701E-4FE5-B996-A543A8465897} 

Log: 'System' Date/Time: 19/07/2015 19:54:40
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 

Log: 'System' Date/Time: 19/07/2015 11:54:15
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 

Log: 'System' Date/Time: 19/07/2015 11:10:15
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The BITS service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, can you UNinstall Avira and try another AV program. Maybe Microsoft Secuirty Essentials, it is very light on resources..
Download the installer from here: http://windows.microsoft.com/en-GB/windows/security-essentials-download

Next,

Please download *SystemLook* from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe <<- 64 bit.

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe <<- 32 bit


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:filefind
comsvc.*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Thanks,

Kevin.....


----------



## Pearguy (May 14, 2011)

Sorry for the delay, partly due to slow system. 
Managed to uninstall Avira. The linked page states that apparently Microsoft Security Essentials is no longer available forXP so in the end I went with Avast which is now - finally! - up and running.
It may take a little while before I have a clear idea if there are any improvements but interrupts seems so far to still be keeping the CPU busy. I'll keep you posted. Below is the SystemLook log.

Thanks again

SystemLook 30.07.11 by jpshortstuff
Log created at 22:35 on 21/07/2015 by simon
Administrator - Elevation successful

========== filefind ==========

Searching for "comsvc.*"
No files found.

-= EOF =-


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, run SystemLook as follows..


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:regfind
comsvc
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Apologies regarding MSE, I should have known as XP is no longer supported that MSE would not be compatible...


----------



## Pearguy (May 14, 2011)

Sorry, not sure what happened with SystemLook; I ran it twice and got the result copied into the previous post. Hopefully this is what you wanted..:

SystemLook 30.07.11 by jpshortstuff
Log created at 07:20 on 22/07/2015 by simon
Administrator - Elevation successful

========== regfind ==========

Searching for "comsvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}]
"ServiceParameters"="/comsvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{76E258F0-DE86-4CEC-9D30-3F728A898741}]
"ServiceParameters"="/comsvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}]
"ServiceParameters"="/comsvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{96D1EED3-701E-4FE5-B996-A543A8465897}]
"ServiceParameters"="/comsvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A005C11-A5DE-11CF-9E66-00AA00A3F464}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{455ACF57-5345-11D2-99CF-00C04F797BC9}\InProcServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B2E958D-0393-11D1-B1AB-00AA00BA3258}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51372af3-cae7-11cf-be81-00aa00a2fa25}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cb66670-d3d4-11cf-acab-00a024a55aef}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71E38F91-7E88-11CF-9EDE-0080C78B7F89}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74075FD1-AEE9-11D1-8645-0060089F6007}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7999FC25-D3C6-11CF-ACAB-00A024A55AEF}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabaebb-7f19-11d2-978E-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabaebc-7f19-11d2-978E-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabaebd-7f19-11d2-978E-0000f8757e2a}\DefaultIcon]
@="C:\WINDOWS\system32\comsvcs.dll,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabaebd-7f19-11d2-978E-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabaebf-7f19-11d2-978E-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabaec0-7f19-11d2-978E-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafaa-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafaa-7f19-11d2-978e-0000f8757e2a}\ProgID]
@="COMSVCS.ActivityUnmarshal.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafaa-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID]
@="COMSVCS.ActivityUnmarshal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafab-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafab-7f19-11d2-978e-0000f8757e2a}\ProgID]
@="COMSVCS.SecurityEnvoy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafab-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID]
@="COMSVCS.SecurityEnvoy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafac-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafac-7f19-11d2-978e-0000f8757e2a}\ProgID]
@="COMSVCS.TransactionUnmarshal.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafac-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID]
@="COMSVCS.TransactionUnmarshal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafad-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafad-7f19-11d2-978e-0000f8757e2a}\ProgID]
@="COMSVCS.NonRootTransactionEnvoy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafad-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID]
@="COMSVCS.NonRootTransactionEnvoy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafae-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafaf-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb0-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb1-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb2-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb3-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb3-7f19-11d2-978e-0000f8757e2a}\ProgID]
@="COMSVCS.UserContextProperty"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb3-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID]
@="COMSVCS.UserContextProperty"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb4-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb4-7f19-11d2-978e-0000f8757e2a}\ProgID]
@="COMSVCS.AssociationUnmarshaler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb4-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID]
@="COMSVCS.AssociationUnmarshaler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb5-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb5-7f19-11d2-978e-0000f8757e2a}\ProgID]
@="COMSVCS.PoolMgr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb5-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID]
@="COMSVCS.PoolMgr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb6-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb7-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb9-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb9-7f19-11d2-978e-0000f8757e2a}\ProgID]
@="COMSVCS.TrackerServer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafb9-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID]
@="COMSVCS.TrackerServer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafbc-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafbe-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafbf-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafc0-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafc2-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafc3-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafc4-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafc6-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafc7-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafc9-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafca-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafcb-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafcc-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafcc-7f19-11d2-978e-0000f8757e2a}\ProgID]
@="COMSVCS.PartitionPropertyUnmarshal.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafcc-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID]
@="COMSVCS.PartitionPropertyUnmarshal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafcd-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafcd-7f19-11d2-978e-0000f8757e2a}\ProgID]
@="COMSVCS.TrkInfoCollUnmarshal.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafcd-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID]
@="COMSVCS.TrkInfoCollUnmarshal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafce-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafce-7f19-11d2-978e-0000f8757e2a}\ProgID]
@="COMSVCS.TrkInfoObjUnmarshal.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafce-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID]
@="COMSVCS.TrkInfoObjUnmarshal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafcf-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafd0-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0a8-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0a8-7f19-11d2-978e-0000f8757e2a}\ProgID]
@="COMSVCSLib.GetSecCallCtx.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0a8-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID]
@="COMSVCSLib.GetSecCallCtx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0aa-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0ab-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0ac-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0bd-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0be-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0bf-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0c0-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0c0-7f19-11d2-978e-0000f8757e2a}\ProgID]
@="COMSVCS.DispenserManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0c0-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID]
@="COMSVCS.DispenserManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0c4-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0c5-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0c7-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0c8-7f19-11d2-978e-0000f8757e2a}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0c8-7f19-11d2-978e-0000f8757e2a}\ProgID]
@="COMSVCS.CServiceConfig.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0c8-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID]
@="COMSVCS.CServiceConfig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3CFF120-9C41-11D1-863D-0060089F6007}\InprocServer32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.ActivityUnmarshal]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.ActivityUnmarshal\CurVer]
@="COMSVCS.ActivityUnmarshal.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.ActivityUnmarshal.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.AssociationUnmarshaler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.CServiceConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.CServiceConfig\CurVer]
@="COMSVCS.CServiceConfig.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.CServiceConfig.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.DispenserManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.NonRootTransactionEnvoy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.NonRootTransactionEnvoy\CurVer]
@="COMSVCS.NonRootTransactionEnvoy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.NonRootTransactionEnvoy.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.PartitionPropertyUnmarshal]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.PartitionPropertyUnmarshal\CurVer]
@="COMSVCS.PartitionPropertyUnmarshal.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.PartitionPropertyUnmarshal.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.PoolMgr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.PoolMgr\CurVer]
@="COMSVCS.PoolMgr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.PoolMgr.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.SecurityEnvoy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.SecurityEnvoy\CurVer]
@="COMSVCS.SecurityEnvoy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.SecurityEnvoy.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.TrackerServer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.TransactionUnmarshal]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.TransactionUnmarshal\CurVer]
@="COMSVCS.TransactionUnmarshal.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.TransactionUnmarshal.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.TrkInfoCollUnmarshal]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.TrkInfoCollUnmarshal\CurVer]
@="COMSVCS.TrkInfoCollUnmarshal.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.TrkInfoCollUnmarshal.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.TrkInfoObjUnmarshal]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.TrkInfoObjUnmarshal\CurVer]
@="COMSVCS.TrkInfoCollUnmarshal.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.TrkInfoObjUnmarshal.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCS.UserContextProperty]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCSLib.GetSecCallCtx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCSLib.GetSecCallCtx\CurVer]
@="COMSVCSLib.GetSecCallCtx.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMSVCSLib.GetSecCallCtx.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v3.0|Windows Communication Foundation|ComSvcConfig.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v3.0|Windows Communication Foundation|ComSvcConfig.exe]
"ComSvcConfig,fileVersion="3.0.4506.2152",culture="neutral",version="3.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="MSIL""="i`TI]]zu$6IFqxoJt$?iWCF_x86_enu_DDF>v`lu6qI?o?DW+.-knkk$"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Trust.PolicyPackage\DefaultIcon]
@="C:\WINDOWS\system32\comsvcs.dll,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Trust.PolicyPackage.1\DefaultIcon]
@="C:\WINDOWS\system32\comsvcs.dll,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2A005C00-A5DE-11CF-9E66-00AA00A3F464}\1.0\0\win32]
@="C:\WINDOWS\System32\COMSVCS.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4B2E957D-0393-11D1-B1AB-00AA00BA3258}\1.0\0\win32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74C08640-CEDB-11CF-8B49-00AA00B8A790}\1.0\0\win32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7999FC20-D3C6-11CF-ACAB-00A024A55AEF}\1.0\0\win32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BACEDF3E-74AB-11D0-B162-00AA00BA3258}\1.0\0\win32]
@="C:\WINDOWS\system32\comsvcs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\C:/WINDOWS/Microsoft.NET/Framework/v3.0/Windows Communication Foundation/ComSvcConfig.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}-{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}-{00000000-0000-0000-0000-000000000000}]
"TypeLib"="COMSVCS.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{ECABB0C6-7F19-11D2-978E-0000F8757E2A}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}]
"TypeLib"="COMSVCS.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\15379461\6f06d536\3d]
"DisplayName"="ComSvcConfig,3.0.0.0,,b03f5f7f11d50a3a"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1865da81\15379461\25]
"DisplayName"="ComSvcConfig,3.0.0.0,,b03f5f7f11d50a3a"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\948F0DA3115722A4894358F18AB5E850]
"0DC1503A46F231838AD88BCDDC8E8F7C"="C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\comsvcs.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\comsvcs.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\comsvcs.dll]

-= EOF =-


----------



## kevinf80 (Mar 21, 2006)

Those look very much like default settings, i`ll have to research each CLSID key so may take me awhile....

Do you still have the CPU issue with interupts?


----------



## Pearguy (May 14, 2011)

Yes, unfortunately interrupts is still an issue. I even installed a different browser, Opera, to see if that would make a difference, but it didn't seem any better earlier today. A/v play is also just as bad as it was with Chrome, maybe even a bit worse.


----------



## kevinf80 (Mar 21, 2006)

Go to the following link: http://www.seagate.com/gb/en/suppor...-electronics/ld25-series/seatools-dos-master/

Follow the instructions to create diagnostic tool that checks the health of your drive..

Go to this link: http://pcsupport.about.com/od/toolsofthetrade/gr/memtest86.htm

Follow the instructions to d/l and create MemTest86 diagnostic tool, use the tool to check out system Memory...


----------



## Pearguy (May 14, 2011)

Hi Kevin
I'm having problems with the Seagate and Memtest instructions and can't find any workaround. 
The first and biggest issue is that I don't have a CD burner to create the Seagate tool and it seems that a flash drive cannot be used instead. 
A flash drive should work with Memtest but I've tried repeatedly to burn it to three different USB sticks without success. Tried everything, including different ports and the 'Rufus' tool.
I can't tell you what exactly is wrong, the message is short and not very specific, just 'Unable to access disk' or words to that effect.


----------



## kevinf80 (Mar 21, 2006)

Is it possible to ask a friend or family member to create the two tools for you?


----------



## Pearguy (May 14, 2011)

Unfortunately not. I've only a small family/social group these days and they're all even more technophobic than myself.
I've tried again to load Memtest to a USB stick but still no dice. 
My own fumbling research has come across articles suggesting that USB hardware, especially in older machines, can cause high Interrupts/CPU usage.
Do you think it's possible that there could be a link between this Memtest USB access issue and the high Interrupts? I've also had problems with 'safely removing' memory sticks, getting the message that 'This device cannot be stopped right now..' 
Interestingly, and perhaps relevant, is the fact that I very recently got a pop-up message telling me that my 'Windows Virtual Memory' was running low and that more would be added but the message disappeared before I could investigate it.
Are there any alternative diagnostic tools that don't need to be burnt to external drives?

Thanks as always for your continued support.


----------



## kevinf80 (Mar 21, 2006)

Run the following:

Please download MiniToolBox from here:

http://www.bleepingcomputer.com/download/minitoolbox/dl/65/

Transfer to sick PC save to desktop and run it.

Checkmark the following checkboxes:


Flush DNS 
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files
List Restore Points

Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

*Note:* When using "Reset FF Proxy Settings" option Firefox should be closed.

Thanks,

Kevin


----------



## Pearguy (May 14, 2011)

Thanks. Here's the log, hope it helps. 
I notice 'Boot Mode: Normal'; does that mean 'Clean Boot' wasn't activated after all?

MiniToolBox by Farbar Version: 01-07-2015
Ran by simon (administrator) on 25-07-2015 at 12:23:34
Running from "C:\Documents and Settings\simon\My Documents"
Microsoft Windows XP Professional Service Pack 3 (X86)
Model: HP d330 uT(DZ021T) Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Connected)

# ---------------------------------- 
# Interface IP Configuration 
# ---------------------------------- 
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : simon1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : lan

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : lan

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-0F-20-72-59-71

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.72

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

 DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : 25 July 2015 12:05:09

Lease Expires . . . . . . . . . . : 26 July 2015 12:05:09

Server: dsldevice.lan
Address: 192.168.1.254

Name: google.com
Address: 216.58.208.78

Pinging google.com [216.58.209.238] with 32 bytes of data:

Reply from 216.58.209.238: bytes=32 time=24ms TTL=56

Reply from 216.58.209.238: bytes=32 time=24ms TTL=56

Ping statistics for 216.58.209.238:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 24ms, Maximum = 24ms, Average = 24ms

Server: dsldevice.lan
Address: 192.168.1.254

Name: yahoo.com
Addresses: 206.190.36.45, 98.139.183.24, 98.138.253.109

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=182ms TTL=46

Reply from 206.190.36.45: bytes=32 time=185ms TTL=46

Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 182ms, Maximum = 185ms, Average = 183ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f 20 72 59 71 ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.72 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.72 192.168.1.72 20
192.168.1.72 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.72 192.168.1.72 20
224.0.0.0 240.0.0.0 192.168.1.72 192.168.1.72 20
255.255.255.255 255.255.255.255 192.168.1.72 192.168.1.72 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/12/2015 09:55:13 PM) (Source: Application Hang) (User: )
Description: Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/12/2015 09:47:47 PM) (Source: Application Error) (User: )
Description: Faulting application avgnt.exe, version 15.0.11.574, faulting module ccmsg.dll, version 15.0.11.574, fault address 0x0000ca43.
Processing media-specific event for [avgnt.exe!ws!]

Error: (06/20/2015 01:46:00 PM) (Source: Application Error) (User: )
Description: Faulting application helper.exe, version 1.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00032a16.
Processing media-specific event for [helper.exe!ws!]

Error: (06/18/2015 11:58:19 PM) (Source: Application Hang) (User: )
Description: Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/18/2015 11:57:31 PM) (Source: Application Hang) (User: )
Description: Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/06/2015 02:10:57 AM) (Source: MsiInstaller) (User: SIMON1)
Description: Product: Microsoft Security Client -- Error 1704. An installation for Avira is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (05/04/2015 08:31:42 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry2152759308unspecifiedscanfile4.5.216.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (05/04/2015 08:11:36 PM) (Source: Application Error) (User: )
Description: Fault bucket 939557046.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (05/04/2015 08:11:19 PM) (Source: Application Error) (User: )
Description: Fault bucket 939557046.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (05/04/2015 06:34:08 PM) (Source: ESENT) (User: )
Description: avguard (1944) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).

System errors:
=============
Error: (07/25/2015 00:06:04 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (07/24/2015 11:54:23 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/24/2015 11:25:13 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service dbupdate with arguments "/comsvc"
in order to run the server:
{96D1EED3-701E-4FE5-B996-A543A8465897}

Error: (07/24/2015 06:54:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/24/2015 06:25:49 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service dbupdate with arguments "/comsvc"
in order to run the server:
{96D1EED3-701E-4FE5-B996-A543A8465897}

Error: (07/24/2015 01:54:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/24/2015 01:25:46 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service dbupdate with arguments "/comsvc"
in order to run the server:
{96D1EED3-701E-4FE5-B996-A543A8465897}

Error: (07/24/2015 08:54:08 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/24/2015 08:25:52 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service dbupdate with arguments "/comsvc"
in order to run the server:
{96D1EED3-701E-4FE5-B996-A543A8465897}

Error: (07/24/2015 00:25:13 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service dbupdate with arguments "/comsvc"
in order to run the server:
{96D1EED3-701E-4FE5-B996-A543A8465897}

Microsoft Office Sessions:
=========================
Error: (07/12/2015 09:55:13 PM) (Source: Application Hang)(User: )
Description: taskmgr.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (07/12/2015 09:47:47 PM) (Source: Application Error)(User: )
Description: avgnt.exe15.0.11.574ccmsg.dll15.0.11.5740000ca43

Error: (06/20/2015 01:46:00 PM) (Source: Application Error)(User: )
Description: helper.exe1.0.0.0msvcrt.dll7.0.2600.551200032a16

Error: (06/18/2015 11:58:19 PM) (Source: Application Hang)(User: )
Description: hh.exe5.2.3790.2453hungapp0.0.0.000000000

Error: (06/18/2015 11:57:31 PM) (Source: Application Hang)(User: )
Description: hh.exe5.2.3790.2453hungapp0.0.0.000000000

Error: (05/06/2015 02:10:57 AM) (Source: MsiInstaller)(User: SIMON1)
Description: Product: Microsoft Security Client -- Error 1704. An installation for Avira is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (05/04/2015 08:31:42 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile4.5.216.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (05/04/2015 08:11:36 PM) (Source: Application Error)(User: )
Description: 939557046

Error: (05/04/2015 08:11:19 PM) (Source: Application Error)(User: )
Description: 939557046

Error: (05/04/2015 06:34:08 PM) (Source: ESENT)(User: )
Description: avguard1944C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

=========================== Installed Programs ============================

888poker (HKLM\...\888poker) (Version: - )
Adblock Plus for IE (32-bit) (HKLM\...\{80D9592D-BB3F-42A0-9907-C0C5A26BB43A}) (Version: 1.3 - Eyeo GmbH)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2223 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Dropbox (HKLM\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.27.33 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.4.96.511 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
LibreOffice 4.1 Help Pack (English (United Kingdom)) (HKLM\...\{5286F9E3-8276-4405-89DA-C73398A3C8D4}) (Version: 4.1.4.2 - The Document Foundation)
LibreOffice 4.1.4.2 (HKLM\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 39.0 (x86 en-GB)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
O&O Defrag Free Edition (HKLM\...\{E29CFB36-F070-4612-8DB5-7038161B6294}) (Version: 14.1.431 - O&O Software GmbH)
Opera Stable 30.0.1835.125 (HKLM\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
RealDownloader (HKLM\...\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}) (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Simple Sudoku 4.2 (HKLM\...\Simple Sudoku_is1) (Version: - )
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.5318 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wise JetSearch 1.48 (HKLM\...\Wise JetSearch_is1) (Version: 1.48 - WiseCleaner.com, Inc.)

========================= Devices: ================================

Name: ACPI Multiprocessor PC
Description: ACPI Multiprocessor PC
Class Guid: {4D36E966-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL
Device ID: ROOT\ACPI_HAL\0000

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: ACPI
Device ID: ACPI_HAL\PNP0C08\0

Name: PCI bus
Description: PCI bus
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: ACPI\PNP0A03\2&DABA3FF&0

Name: Intel(R) 82865G/PE/P/GV/82848P Processor to I/O Controller - 2570
Description: Intel(R) 82865G/PE/P/GV/82848P Processor to I/O Controller - 2570
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: 
Device ID: PCI\VEN_8086&DEV_2570&SUBSYS_00000000&REV_02\3&61AAA01&0&00

Name: Intel(R) 82865G Graphics Controller
Description: Intel(R) 82865G Graphics Controller
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm
Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_12BC103C&REV_02\3&61AAA01&0&10

Name: Plug and Play Monitor
Description: Plug and Play Monitor
Class Guid: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard monitor types)
Service: 
Device ID: DISPLAY\DELA023\4&2D02E9FD&0&80861100&00&02

Name: Standard Universal PCI to USB Host Controller
Description: Standard Universal PCI to USB Host Controller
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbuhci
Device ID: PCI\VEN_8086&DEV_24D2&SUBSYS_12BC103C&REV_02\3&61AAA01&0&E8

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&1C187CF9&0

Name: Standard Universal PCI to USB Host Controller
Description: Standard Universal PCI to USB Host Controller
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbuhci
Device ID: PCI\VEN_8086&DEV_24D4&SUBSYS_12BC103C&REV_02\3&61AAA01&0&E9

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&23850E3A&0

Name: Standard Universal PCI to USB Host Controller
Description: Standard Universal PCI to USB Host Controller
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbuhci
Device ID: PCI\VEN_8086&DEV_24D7&SUBSYS_12BC103C&REV_02\3&61AAA01&0&EA

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&34F0EBEB&0

Name: Intel(R) 82801EB USB2 Enhanced Host Controller - 24DD
Description: Intel(R) 82801EB USB2 Enhanced Host Controller - 24DD
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_12BC103C&REV_02\3&61AAA01&0&EF

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&1492509&0

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Device ID: USB\VID_26BD&PID_9917\07082B210D944537

Name: USB DISK 2.0 USB Device
Description: Disk drive
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: USBSTOR\DISK&VEN_&PROD_USB_DISK_2.0&REV_PMAP\07082B210D944537&0

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\REMOVABLEMEDIA\7&27C7E46C&0&RM

Name: Intel(R) 82801BA/CA PCI Bridge - 244E
Description: Intel(R) 82801BA/CA PCI Bridge - 244E
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: pci
Device ID: PCI\VEN_8086&DEV_244E&SUBSYS_00000000&REV_C2\3&61AAA01&0&F0

Name: Broadcom NetXtreme Gigabit Ethernet
Description: Broadcom NetXtreme Gigabit Ethernet
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: b57w2k
Device ID: PCI\VEN_14E4&DEV_1696&SUBSYS_12BC103C&REV_03\4&3A321F38&0&10F0

Name: Intel(R) 82801EB LPC Interface Controller - 24D0
Description: Intel(R) 82801EB LPC Interface Controller - 24D0
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: isapnp
Device ID: PCI\VEN_8086&DEV_24D0&SUBSYS_00000000&REV_02\3&61AAA01&0&F8

Name: ISAPNP Read Data Port
Description: ISAPNP Read Data Port
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ISAPNP\READDATAPORT\0

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C04\4&369939D9&0

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0000\4&369939D9&0

Name: System timer
Description: System timer
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0100\4&369939D9&0

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0200\4&369939D9&0

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0B00\4&369939D9&0

Name: System speaker
Description: System speaker
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0800\4&369939D9&0

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Device ID: ACPI\PNP0F13\4&369939D9&0

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Device ID: ACPI\PNP0303\4&369939D9&0

Name: ECP Printer Port (LPT1)
Description: ECP Printer Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Parport
Device ID: ACPI\PNP0401\4&369939D9&0

Name: Printer Port Logical Interface
Description: Printer Port Logical Interface
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: LPTENUM\MICROSOFTRAWPORT\5&26D1CFF5&0&LPT1

Name: Communications Port (COM1)
Description: Communications Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Serial
Device ID: ACPI\PNP0501\1

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Device ID: ACPI\PNP0700\4&369939D9&0

Name: Floppy disk drive
Description: Floppy disk drive
Class Guid: {4D36E980-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk drives)
Service: flpydisk
Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&A47DC5B&0&0

Name: Advanced programmable interrupt controller
Description: Advanced programmable interrupt controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0003\1

Name: Standard Dual Channel PCI IDE Controller
Description: Standard Dual Channel PCI IDE Controller
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: pciide
Device ID: PCI\VEN_8086&DEV_24DB&SUBSYS_12BC103C&REV_02\3&61AAA01&0&F9

Name: Primary IDE Channel
Description: Primary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Device ID: PCIIDE\IDECHANNEL\4&25BA53AB&0&0

Name: TSSTcorp DVD-ROM TS-H352C
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Device ID: IDE\CDROMTSSTCORP_DVD-ROM_TS-H352C_______________DE02____\5&31036641&0&0.0.0

Name: Maxtor 6Y080L0
Description: Disk drive
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: IDE\DISKMAXTOR_6Y080L0__________________________YAR41BW0\3259324238304356202020202020202020202020

Name: Secondary IDE Channel
Description: Secondary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Device ID: PCIIDE\IDECHANNEL\4&25BA53AB&0&1

Name: Standard Dual Channel PCI IDE Controller
Description: Standard Dual Channel PCI IDE Controller
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: pciide
Device ID: PCI\VEN_8086&DEV_24D1&SUBSYS_12BC103C&REV_02\3&61AAA01&0&FA

Name: Primary IDE Channel
Description: Primary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Device ID: PCIIDE\IDECHANNEL\4&31A79E60&0&0

Name: Secondary IDE Channel
Description: Secondary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Device ID: PCIIDE\IDECHANNEL\4&31A79E60&0&1

Name: ST340014AS
Description: Disk drive
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: IDE\DISKST340014AS______________________________8.12____\5&1DEC0F19&0&0.0.0

Name: SoundMAX Integrated Digital Audio
Description: SoundMAX Integrated Digital Audio
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Analog Devices, Inc.
Service: smwdm
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_12BC103C&REV_02\3&61AAA01&0&FD

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C02\1

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C02\2

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\FIXEDBUTTON\2&DABA3FF&0

Name: Intel(R) Pentium(R) 4 CPU 2.80GHz
Description: Intel Processor
Class Guid: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Manufacturer: Intel
Service: intelppm
Device ID: ACPI\GENUINEINTEL_-_X86_FAMILY_15_MODEL_2\_0

Name: System board
Description: System board
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C01\2&DABA3FF&0

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C0C\2&DABA3FF&0

Name: Logical Disk Manager
Description: Logical Disk Manager
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: dmio
Device ID: ROOT\DMIO\0000

Name: Volume Manager
Description: Volume Manager
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: ftdisk
Device ID: ROOT\FTDISK\0000

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUME\1&30A96598&0&SIGNATUREE226E662OFFSET7E00LENGTHF138F8200

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUME\1&30A96598&0&SIGNATUREE226E662OFFSETF13900000LENGTH70E00000

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUME\1&30A96598&0&SIGNATUREE226E662OFFSETF84700000LENGTH391000000

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUME\1&30A96598&0&SIGNATUREBDC0BDBOFFSET7E00LENGTH61A62C200

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUME\1&30A96598&0&SIGNATUREBDC0BDBOFFSET61A900000LENGTH335900000

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUME\1&30A96598&0&SIGNATUREBDC0BDBOFFSET146B08000LENGTH762000

Name: AFD Networking Support Environment
Description: AFD Networking Support Environment
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AFD
Device ID: ROOT\LEGACY_AFD\0000

Name: Aspi32
Description: Aspi32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Aspi32
Device ID: ROOT\LEGACY_ASPI32\0000

Name: avkmgr
Description: avkmgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: avkmgr
Device ID: ROOT\LEGACY_AVKMGR\0000

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Beep
Device ID: ROOT\LEGACY_BEEP\0000

Name: catchme
Description: catchme
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: catchme
Device ID: ROOT\LEGACY_CATCHME\0000

Name: dmboot
Description: dmboot
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: dmboot
Device ID: ROOT\LEGACY_DMBOOT\0000

Name: dmload
Description: dmload
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: dmload
Device ID: ROOT\LEGACY_DMLOAD\0000

Name: Fips
Description: Fips
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Fips
Device ID: ROOT\LEGACY_FIPS\0000

Name: Generic Packet Classifier
Description: Generic Packet Classifier
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Gpc
Device ID: ROOT\LEGACY_GPC\0000

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HTTP
Device ID: ROOT\LEGACY_HTTP\0000

Name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: IpFilterDriver
Device ID: ROOT\LEGACY_IPFILTERDRIVER\0000

Name: IP Network Address Translator
Description: IP Network Address Translator
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: IpNat
Device ID: ROOT\LEGACY_IPNAT\0000

Name: IPSEC driver
Description: IPSEC driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: IPSec
Device ID: ROOT\LEGACY_IPSEC\0000

Name: ksecdd
Description: ksecdd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ksecdd
Device ID: ROOT\LEGACY_KSECDD\0000

Name: mnmdd
Description: mnmdd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mnmdd
Device ID: ROOT\LEGACY_MNMDD\0000

Name: mountmgr
Description: mountmgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mountmgr
Device ID: ROOT\LEGACY_MOUNTMGR\0000

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NDIS
Device ID: ROOT\LEGACY_NDIS\0000

Name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NdisTapi
Device ID: ROOT\LEGACY_NDISTAPI\0000

Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Ndisuio
Device ID: ROOT\LEGACY_NDISUIO\0000

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NDProxy
Device ID: ROOT\LEGACY_NDPROXY\0000

Name: NetBios over Tcpip
Description: NetBios over Tcpip
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NetBT
Device ID: ROOT\LEGACY_NETBT\0000

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Null
Device ID: ROOT\LEGACY_NULL\0000

Name: PartMgr
Description: PartMgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: PartMgr
Device ID: ROOT\LEGACY_PARTMGR\0000

Name: ParVdm
Description: ParVdm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ParVdm
Device ID: ROOT\LEGACY_PARVDM\0000

Name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: RasAcd
Device ID: ROOT\LEGACY_RASACD\0000

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: RDPCDD
Device ID: ROOT\LEGACY_RDPCDD\0000

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Tcpip
Device ID: ROOT\LEGACY_TCPIP\0000

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VgaSave
Device ID: ROOT\LEGACY_VGASAVE\0000

Name: VolSnap
Description: VolSnap
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VolSnap
Device ID: ROOT\LEGACY_VOLSNAP\0000

Name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Wanarp
Device ID: ROOT\LEGACY_WANARP\0000

Name: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Description: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: WS2IFSL
Device ID: ROOT\LEGACY_WS2IFSL\0000

Name: Audio Codecs
Description: Audio Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub
Device ID: ROOT\MEDIA\MS_MMACM

Name: Legacy Audio Drivers
Description: Legacy Audio Drivers
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub
Device ID: ROOT\MEDIA\MS_MMDRV

Name: Media Control Devices
Description: Media Control Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub
Device ID: ROOT\MEDIA\MS_MMMCI

Name: Legacy Video Capture Devices
Description: Legacy Video Capture Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub
Device ID: ROOT\MEDIA\MS_MMVCD

Name: Video Codecs
Description: Video Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub
Device ID: ROOT\MEDIA\MS_MMVID

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Rasl2tp
Device ID: ROOT\MS_L2TPMINIPORT\0000

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NdisWan
Device ID: ROOT\MS_NDISWANIP\0000

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: RasPppoe
Device ID: ROOT\MS_PPPOEMINIPORT\0000

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PptpMiniport
Device ID: ROOT\MS_PPTPMINIPORT\0000

Name: WAN Miniport (IP) - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched
Device ID: ROOT\MS_PSCHEDMP\0000

Name: Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched
Device ID: ROOT\MS_PSCHEDMP\0001

Name: Direct Parallel
Description: Direct Parallel
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Raspti
Device ID: ROOT\MS_PTIMINIPORT\0000

Name: Terminal Server Device Redirector
Description: Terminal Server Device Redirector
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: rdpdr
Device ID: ROOT\RDPDR\0000

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: TermDD
Device ID: ROOT\RDP_KBD\0000

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: TermDD
Device ID: ROOT\RDP_MOU\0000

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: swenum
Device ID: ROOT\SYSTEM\0000

Name: Microsoft WINMM WDM Audio Compatibility Driver
Description: Microsoft WINMM WDM Audio Compatibility Driver
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: wdmaud
Device ID: SW\{CD171DE3-69E5-11D2-B56D-0000F8754380}\{9B365890-165F-11D0-A195-0020AFD156E4}

Name: Microsoft Kernel System Audio Device
Description: Microsoft Kernel System Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: sysaudio
Device ID: SW\{A7C7A5B0-5AF3-11D1-9CED-00A024BF0407}\{9B365890-165F-11D0-A195-0020AFD156E4}

Name: Microcode Update Device
Description: Microcode Update Device
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: update
Device ID: ROOT\SYSTEM\0001

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: mssmbios
Device ID: ROOT\SYSTEM\0002

Name: avast! HardwareID
Description: avast! HardwareID
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswHwid
Device ID: ROOT\LEGACY_ASWHWID\0000

Name: aswRdr
Description: aswRdr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRdr
Device ID: ROOT\LEGACY_ASWRDR\0000

Name: Avast StreamFilter Driver
Description: Avast StreamFilter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswStmXP
Device ID: ROOT\LEGACY_ASWSTMXP\0000

Name: aswTdi
Description: aswTdi
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswTdi
Device ID: ROOT\LEGACY_ASWTDI\0000

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
Device ID: ROOT\LEGACY_ASWVMM\0000

Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Wdf01000
Device ID: ROOT\LEGACY_WDF01000\0000

========================= Memory info: ===================================

Percentage of memory in use: 69%
Total physical RAM: 2039.48 MB
Available physical RAM: 614.54 MB
Total Virtual: 5227.76 MB
Available Virtual: 2266.73 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:24.41 GB) (Free:7.63 GB) NTFS
3 Drive d: () (Fixed) (Total:60.31 GB) (Free:45.68 GB) NTFS
6 Drive g: (USB2) (Removable) (Total:28.88 GB) (Free:23.99 GB) FAT32

========================= Users: ========================================

User accounts for \\SIMON1

Administrator Guest HelpAssistant 
simon SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

21-07-2015 21:15:20 avast! antivirus system restore point
21-07-2015 21:20:48 Installed Windows XP Wdf01009.
22-07-2015 23:41:38 System Checkpoint
24-07-2015 08:20:24 System Checkpoint

**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

I notice that you have Windows Repair by Tweaking.com installed, can you open that tool and do the following:

Select *Tab 5* and Create *System Restore Point*



Select *Repairs tab* => Click the *Open repairs* tab



The repairs window will open, Check the boxes as indicated, also the "Restart" option, then select Start...



DON'T use the computer while each scan is in progress.

Post the log, to access select "settings" tab > "open log folder" tab, log will be named * _Windows_Repair_Log*



Let me see that log, Do we see any improvement?

Cheers,

Kevin


----------



## Pearguy (May 14, 2011)

Hm.. This PC isn't making things easy. 
Trying to run the installed Windows Repair program produced the message "TweakingFormControls.ocx or one of its dependancies is not currently registered; a file is missing or invalid"
Attempting to download afresh (from Major Geeks) brings up another warning about "Sharing Violation" and the program will not then properly download. The Repair Windows desk icon will open with a right-click but no program will run. 
Currently there are now two 'Tweaking.com' entries on the task bar which I'm unable to close; neither will respond to left or right clicks.
I'll try downloading from a different site. If that doesn't work then I'll attempt to uninstall all current signs of Tweaking or Windows Repair and try re-installing from scratch.


----------



## Pearguy (May 14, 2011)

Ok, I finally managed to download Windows Repair to a usb stick and ran it from there. Re-booted to 'Safe Mode with networking' as the program instructed and it seemed to run properly.

Since the system auto-restarted it has, so far, been as bad or worse than ever. Almost totally frozen for about fifteen minutes and, although now responding (interrupts is hovering around 10 - 15% which is comparatively low) the fan still sounds like a hovercraft. 
That's a new development since running Windows Repair, i.e. noisy fan but with no apparent cause. CPU usage is also only about 10 - 15% whereas before, when the fan was this noisy, it would always be up around 90 - 100%.

Tweaking.com - Windows Repair v3.2.5
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Microsoft Windows XP
OS Architecture: 32-bit
OS Version: 5.1.2600
OS Service Pack: Service Pack 3
Computer Name: SIMON1
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Current Profile: C:\Documents and Settings\simon
Current Profile SID: S-1-5-21-1844237615-1004336348-682003330-1003
Current Profile Classes: S-1-5-21-1844237615-1004336348-682003330-1003_Classes
Profiles Location: C:\Documents and Settings
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Documents and Settings\simon\Local Settings\Application Data
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:06:13

Process Count: 16
Commit Total: 95.17 MB
Commit Limit: 3.84 GB
Commit Peak: 111.25 MB
Handle Count: 3273
Kernel Total: 21.34 MB
Kernel Paged: 16.64 MB
Kernel Non Paged: 4.70 MB
System Cache: 240.54 MB
Thread Count: 211
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.99 GB
Memory Used: 275.46 MB(13.5066%)
Memory Avail.: 1.72 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.99 GB
Memory Used: 219.40 MB(10.7578%)
Memory Avail.: 1.78 GB
--------------------------------------------------------------------------------

Starting Repairs...
Started at (7/26/2015 15:22:46)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 66

01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (7/26/2015 15:22:51)

Running Repair Under Current User Account
Done (7/26/2015 15:23:01)

01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (7/26/2015 15:23:01)

Running Repair Under System Account
Done (7/26/2015 15:25:06)

01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (7/26/2015 15:25:07)

Running Repair Under System Account
Done (7/26/2015 15:26:14)

03 - Reset Service Permissions
Start (7/26/2015 15:26:14)

Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:26:46)

04 - Register System Files
Start (7/26/2015 15:26:46)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:33:01)

05 - Repair WMI
Start (7/26/2015 15:33:01)

Starting Security Center So We Can Export The Security Info.

Exporting Antivirus Info...
avast! Antivirus Exported.

Exporting 3rd Party Firewall Info...
No 3rd Party Firewall Products Reported.

Running Repair Under Current User Account
Done (7/26/2015 15:36:43)

06 - Repair Windows Firewall
Start (7/26/2015 15:36:43)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:36:58)

07 - Repair Internet Explorer
Start (7/26/2015 15:36:58)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:40:24)

08 - Repair MDAC/MS Jet
Start (7/26/2015 15:40:24)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:40:37)

09 - Repair Hosts File
Start (7/26/2015 15:40:37)
Running Repair Under System Account
Done (7/26/2015 15:40:39)

10 - Remove Policies Set By Infections
Start (7/26/2015 15:40:40)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:40:47)

12 - Repair Icons
Start (7/26/2015 15:40:47)
Running Repair Under Current User Account
Done (7/26/2015 15:40:51)

13 - Repair Network
Start (7/26/2015 15:40:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:41:07)

15 - Repair Proxy Settings
Start (7/26/2015 15:41:07)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:41:09)

17 - Repair Windows Updates
Start (7/26/2015 15:41:10)
Running Repair Under Current User Account
Running Repair Under System Account
Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
Done (7/26/2015 15:41:55)

18 - Repair CD/DVD Missing/Not Working
Start (7/26/2015 15:41:55)
iTunes not found, not applying UpperFilters iTunes Reg Key
Done (7/26/2015 15:41:56)

19 - Repair Volume Shadow Copy Service
Start (7/26/2015 15:41:56)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:42:26)

21 - Repair MSI (Windows Installer)
Start (7/26/2015 15:42:26)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:42:46)

23.01 - Repair bat Association
Start (7/26/2015 15:42:46)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:42:48)

23.02 - Repair cmd Association
Start (7/26/2015 15:42:48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:42:51)

23.03 - Repair com Association
Start (7/26/2015 15:42:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:42:53)

23.04 - Repair Directory Association
Start (7/26/2015 15:42:53)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:42:55)

23.05 - Repair Drive Association
Start (7/26/2015 15:42:56)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:42:59)

23.06 - Repair exe Association
Start (7/26/2015 15:42:59)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:43:01)

23.07 - Repair Folder Association
Start (7/26/2015 15:43:01)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:43:03)

23.08 - Repair inf Association
Start (7/26/2015 15:43:04)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:43:06)

23.09 - Repair lnk (Shortcuts) Association
Start (7/26/2015 15:43:06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:43:09)

23.10 - Repair msc Association
Start (7/26/2015 15:43:09)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:43:11)

23.11 - Repair reg Association
Start (7/26/2015 15:43:11)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:43:13)

23.12 - Repair scr Association
Start (7/26/2015 15:43:14)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:43:16)

24 - Repair Windows Safe Mode
Start (7/26/2015 15:43:16)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:43:18)

25 - Repair Print Spooler
Start (7/26/2015 15:43:18)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:43:28)

26 - Restore Important Windows Services
Start (7/26/2015 15:43:28)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:43:39)

27 - Set Windows Services To Default Startup
Start (7/26/2015 15:43:40)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:43:58)

Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 5.1

Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 5.1

Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 5.1

31 - Repair Windows 'New' Submenu
Start (7/26/2015 15:43:59)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/26/2015 15:44:01)

33 - Repair Performance Counters
Start (7/26/2015 15:44:01)
Running Repair Under Current User Account
Done (7/26/2015 15:44:02)

Cleaning up empty logs...

All Selected Repairs Done.
Done at (7/26/2015 15:44:03)
Total Repair Time: 00:21:21


...YOU MUST RESTART YOUR SYSTEM...


----------



## kevinf80 (Mar 21, 2006)

If CPU reading is not excessive yet fan runs like a hovercraft maybe there are temperature problems..

Download and install Speccy from here: http://www.piriform.com/speccy

Run speccy, wait until it is finished analysing, then select > File > Save as text file. Save to your desktop or a folder of your choice. Open the text file, have a look under "Summary" are the temps excessive?

Attach the file to your reply, ensure to remove the serial number under "Operating System" that is your licence key...


----------



## Pearguy (May 14, 2011)

It's odd. System was a bit sluggish waking up from hibernation this evening but not enough to be a concern. Performance isn't stellar but it's not bad, certainly nowhere near as bad as when interrupts hogs the CPU usage, yet the fan is still relentless. 
Interrupts is currently negligible and CPU is averaging about 20%, although it's jumping around a bit. This is higher than when the system was running smoothly before Windows Repair, though nothing like as high as it was when Interrupts was being a nuisance. Yet the fan hasn't let up since I re-started an hour ago, and there's nothing showing in Process Explorer to suggest a cause.
Speccy's reported temps are 23 °C and 27 °C, is that excessive? The fan has only been constantly loud since running Windows Repair, it seems as though that altered something. 
Speccy results below:

Summary
Operating System
Windows XP Professional 32-bit SP3
CPU
Intel Pentium 4
Northwood 0.13um Technology
RAM
2.00GB Single-Channel DDR @ 199MHz (3-3-3-8)
Motherboard
Hewlett-Packard 085Ch (XU1 PROCESSOR)	71 °C
Graphics
DELL E177FP ([email protected])
Intel 82865G Graphics Controller (HP)
Storage
76GB Maxtor 6Y080L0 (ATA)	23 °C
37GB Seagate ST340014AS (SATA)	27 °C
Optical Drives
TSSTcorp DVD-ROM TS-H352C
Audio
SoundMAX Integrated Digital Audio
Operating System
Windows XP Professional 32-bit SP3
Computer type: Tower
Installation Date: 1/21/2014 06:45:34
Serial Number: 
Windows Security Center
Firewall	Enabled
Windows Update
AutoUpdate	Not configured
Antivirus
Antivirus	Enabled
Company Name	AVAST Software
Display Name	avast! Antivirus
Product Version	10.3.2223
Virus Signature Database	Up to date
.NET Frameworks installed
v4.0 Client
v3.5 SP1
v3.0 SP2
v2.0 SP2
Internet Explorer
Version	8.0.6001.18702
PowerShell
Version	1.0
Environment Variables
USERPROFILE	C:\Documents and Settings\simon
SystemRoot	C:\WINDOWS
User Variables
MOZ_PLUGIN_PATH	C:\Program Files\Foxit Software\Foxit Reader\plugins\
TEMP	C:\Documents and Settings\simon\Local Settings\Temp
TMP	C:\Documents and Settings\simon\Local Settings\Temp
Machine Variables
ComSpec	C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK	NO
NUMBER_OF_PROCESSORS	1
OS	Windows_NT
Path	C:\WINDOWS\system32
C:\WINDOWS
C:\WINDOWS\system32\wbem
C:\WINDOWS\system32\WindowsPowerShell\v1.0
PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
PROCESSOR_ARCHITECTURE	x86
PROCESSOR_IDENTIFIER	x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL	15
PROCESSOR_REVISION	0209
TEMP	C:\WINDOWS\TEMP
TMP	C:\WINDOWS\TEMP
windir	C:\WINDOWS
Power Profile
Active power scheme	Home/Office Desk
Hibernation	Disabled
Turn Off Monitor after: (On AC Power)	15 min
Turn Off Hard Disk after: (On AC Power)	Never
Suspend after: (On AC Power)	60 min
Screen saver	Enabled
Uptime
Current Session
Current Time	7/27/2015 00:02:19
Current Uptime	26,777 sec (0 d, 07 h, 26 m, 17 s)
Last Boot Time	7/26/2015 16:36:02
Services
Running	Application Layer Gateway Service
Running	Automatic Updates
Running	Avast Antivirus
Running	Background Intelligent Transfer Service
Running	COM+ Event System
Running	Computer Browser
Running	Cryptographic Services
Running	DCOM Server Process Launcher
Running	DHCP Client
Running	Distributed Link Tracking Client
Running	DNS Client
Running	Error Reporting Service
Running	Event Log
Running	Fast User Switching Compatibility
Running	Help and Support
Running	HTTP SSL
Running	IPSEC Services
Running	Logical Disk Manager
Running	Network Connections
Running	Network Location Awareness (NLA)
Running	Plug and Play
Running	Print Spooler
Running	Protected Storage
Running	Remote Access Connection Manager
Running	Remote Procedure Call (RPC)
Running	Remote Registry
Running	Secondary Logon
Running	Security Accounts Manager
Running	Security Center
Running	Server
Running	Shell Hardware Detection
Running	SSDP Discovery Service
Running	System Event Notification
Running	System Restore Service
Running	Task Scheduler
Running	TCP/IP NetBIOS Helper
Running	Telephony
Running	Terminal Services
Running	Themes
Running	WebClient
Running	Windows Audio
Running	Windows Firewall/Internet Connection Sharing (ICS)
Running	Windows Image Acquisition (WIA)
Running	Windows Management Instrumentation
Running	Windows Time
Running	Wireless Zero Configuration
Running	Workstation
Stopped	.NET Runtime Optimization Service v2.0.50727_X86
Stopped	Adobe Flash Player Update Service
Stopped	Alerter
Stopped	Application Management
Stopped	ASP.NET State Service
Stopped	ClipBook
Stopped	COM+ System Application
Stopped	Distributed Transaction Coordinator
Stopped	Dropbox Update Service (dbupdate)
Stopped	Dropbox Update Service (dbupdatem)
Stopped	Extensible Authentication Protocol Service
Stopped	Foxit Cloud Safe Update Service
Stopped	Google Update Service (gupdate)
Stopped	Google Update Service (gupdatem)
Stopped	Health Key and Certificate Management Service
Stopped	Human Interface Device Access
Stopped	IMAPI CD-Burning COM Service
Stopped	Indexing Service
Stopped	Logical Disk Manager Administrative Service
Stopped	Messenger
Stopped	Microsoft .NET Framework NGEN v4.0.30319_X86
Stopped	Mozilla Maintenance Service
Stopped	MS Software Shadow Copy Provider
Stopped	Net Logon
Stopped	Net.Tcp Port Sharing Service
Stopped	NetMeeting Remote Desktop Sharing
Stopped	Network Access Protection Agent
Stopped	Network DDE
Stopped	Network DDE DSDM
Stopped	Network Provisioning Service
Stopped	NT LM Security Support Provider
Stopped	O&O Defrag Agent
Stopped	Performance Logs and Alerts
Stopped	Portable Media Serial Number Service
Stopped	QoS RSVP
Stopped	RealNetworks Downloader Resolver Service
Stopped	Remote Access Auto Connection Manager
Stopped	Remote Desktop Help Session Manager
Stopped	Remote Procedure Call (RPC) Locator
Stopped	Removable Storage
Stopped	Routing and Remote Access
Stopped	Smart Card
Stopped	Telnet
Stopped	Uninterruptible Power Supply
Stopped	Universal Plug and Play Device Host
Stopped	Volume Shadow Copy
Stopped	Windows CardSpace
Stopped	Windows Driver Foundation - User-mode Driver Framework
Stopped	Windows Installer
Stopped	Windows Management Instrumentation Driver Extensions
Stopped	Windows Presentation Foundation Font Cache 3.0.0.0
Stopped	Windows Presentation Foundation Font Cache 4.0.0.0
Stopped	Wired AutoConfig
Stopped	WMI Performance Adapter
TimeZone
TimeZone	GMT
Language	English (United States)
Location	United Kingdom
Format	English (United Kingdom)
Currency	£
Date Format	M/d/yyyy
Time Format	HH:mm:ss
Scheduler
7/27/2015 00:25;Every 1 hour(s) from 09:25 for 24 hour(s) every day, starting 7/18/2015	DropboxUpdateTaskMachineUA
7/27/2015 00:46;Every 1 hour(s) from 00:46 for 24 hour(s) every day, starting 1/1/2000	Adobe Flash Player Updater
7/27/2015 00:54;Every 1 hour(s) from 02:54 for 24 hour(s) every day, starting 7/16/2015	GoogleUpdateTaskMachineUA
7/27/2015 02:54;Run at user logon	GoogleUpdateTaskMachineCore
7/27/2015 08:27;At 08:27 every day, starting 7/22/2015	Opera scheduled Autoupdate 1437549974
7/27/2015 09:25;Run at user logon	DropboxUpdateTaskMachineCore
7/27/2015 10:19;Every 12 hour(s) from 10:19 for 24 hour(s) every day, starting 7/22/2015	avast! Emergency Update
8/2/2015 15:47;At 15:47 every 7 days, starting 7/26/2015	RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-1004336348-682003330-1003
8/2/2015 16:38;At 16:38 every 7 days, starting 7/26/2015	RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1844237615-1004336348-682003330-1003
8/2/2015 22:07;At 22:07 every 10 days, starting 2/13/2015	RealDownloaderDownloaderScheduledTaskS-1-5-21-1844237615-1004336348-682003330-1003
8/8/2015 15:00;At 15:00 on day 8 of every month, starting 3/8/2014	Microsoft Windows XP End of Service Notification Monthly
Run at user logon	Microsoft Windows XP End of Service Notification Logon
Run at user logon	RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-1004336348-682003330-1003
Run at user logon	RealDownloaderRealUpgradeLogonTaskS-1-5-21-1844237615-1004336348-682003330-1003
System Folders
Application Data	C:\Documents and Settings\All Users\Application Data
Cookies	C:\Documents and Settings\simon\Cookies
Desktop	C:\Documents and Settings\simon\Desktop
Documents	C:\Documents and Settings\All Users\Documents
Fonts	C:\WINDOWS\Fonts
Global Favorites	C:\Documents and Settings\All Users\Favorites
Internet History	C:\Documents and Settings\simon\Local Settings\History
Local Application Data	C:\Documents and Settings\simon\Local Settings\Application Data
Music	C:\Documents and Settings\All Users\Documents\My Music
Path for burning CD	C:\Documents and Settings\simon\Local Settings\Application Data\Microsoft\CD Burning
Physical Desktop	C:\Documents and Settings\simon\Desktop
Pictures	C:\Documents and Settings\All Users\Documents\My Pictures
Program Files	C:\Program Files
Public Desktop	C:\Documents and Settings\All Users\Desktop
Start Menu	C:\Documents and Settings\All Users\Start Menu
Start Menu Programs	C:\Documents and Settings\All Users\Start Menu\Programs
Startup	C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Templates	C:\Documents and Settings\All Users\Templates
Temporary Internet Files	C:\Documents and Settings\simon\Local Settings\Temporary Internet Files
User Favorites	C:\Documents and Settings\simon\Favorites
Videos	C:\Documents and Settings\All Users\Documents\My Videos
Windows Directory	C:\WINDOWS
Windows/System	C:\WINDOWS\system32
Process List
AdblockPlusEngine.exe
Process ID	2708
User	simon
Domain	SIMON1
Path	C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
Memory Usage	5.18 MB
Peak Memory Usage	5.18 MB
alg.exe
Process ID	1048
Path	C:\WINDOWS\System32\alg.exe
Memory Usage	464 KB
Peak Memory Usage	3.47 MB
AvastSvc.exe
Process ID	1144
User	SYSTEM
Domain	NT AUTHORITY
Path	C:\Program Files\AVAST Software\Avast\AvastSvc.exe
Memory Usage	49 MB
Peak Memory Usage	149 MB
AvastUI.exe
Process ID	1772
User	simon
Domain	SIMON1
Path	C:\Program Files\AVAST Software\Avast\AvastUI.exe
Memory Usage	7.11 MB
Peak Memory Usage	29 MB
csrss.exe
Process ID	472
User	SYSTEM
Domain	NT AUTHORITY
Path	\??\C:\WINDOWS\system32\csrss.exe
Memory Usage	4.00 MB
Peak Memory Usage	6.39 MB
ctfmon.exe
Process ID	1860
User	simon
Domain	SIMON1
Path	C:\WINDOWS\system32\ctfmon.exe
Memory Usage	1.61 MB
Peak Memory Usage	3.43 MB
Dropbox.exe
Process ID	1832
User	simon
Domain	SIMON1
Path	C:\Program Files\Dropbox\Client\Dropbox.exe
Memory Usage	23 MB
Peak Memory Usage	106 MB
explorer.exe
Process ID	1344
User	simon
Domain	SIMON1
Path	C:\WINDOWS\Explorer.EXE
Memory Usage	1.29 MB
Peak Memory Usage	19 MB
iexplore.exe
Process ID	3768
User	simon
Domain	SIMON1
Path	C:\Program Files\Internet Explorer\iexplore.exe
Memory Usage	18 MB
Peak Memory Usage	18 MB
iexplore.exe
Process ID	640
User	simon
Domain	SIMON1
Path	C:\Program Files\Internet Explorer\iexplore.exe
Memory Usage	15 MB
Peak Memory Usage	15 MB
lsass.exe
Process ID	552
User	SYSTEM
Domain	NT AUTHORITY
Path	C:\WINDOWS\system32\lsass.exe
Memory Usage	3.08 MB
Peak Memory Usage	8.30 MB
oodtray.exe
Process ID	1744
User	simon
Domain	SIMON1
Path	C:\Program Files\OO Software\Defrag\oodtray.exe
Memory Usage	2.28 MB
Peak Memory Usage	5.28 MB
opera.exe
Process ID	2432
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	10 MB
Peak Memory Usage	74 MB
opera.exe
Process ID	2428
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	25 MB
Peak Memory Usage	96 MB
opera.exe
Process ID	396
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	30 MB
Peak Memory Usage	113 MB
opera.exe
Process ID	2584
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	46 MB
Peak Memory Usage	110 MB
opera.exe
Process ID	1068
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	79 MB
Peak Memory Usage	122 MB
opera.exe
Process ID	1588
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	25 MB
Peak Memory Usage	100 MB
opera.exe
Process ID	2492
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	91 MB
Peak Memory Usage	94 MB
opera.exe
Process ID	2636
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	30 MB
Peak Memory Usage	103 MB
opera.exe
Process ID	2544
User	simon
Domain	SIMON1
 Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	2.72 MB
Peak Memory Usage	84 MB
opera.exe
Process ID	2516
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	20 MB
Peak Memory Usage	101 MB
opera.exe
Process ID	2664
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	17 MB
Peak Memory Usage	91 MB
opera.exe
Process ID	1768
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	25 MB
Peak Memory Usage	104 MB
opera.exe
Process ID	1296
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	3.09 MB
Peak Memory Usage	113 MB
opera.exe
Process ID	2108
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	52 MB
Peak Memory Usage	115 MB
opera.exe
Process ID	3964
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	183 MB
Peak Memory Usage	255 MB
opera.exe
Process ID	2064
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	102 MB
Peak Memory Usage	161 MB
opera.exe
Process ID	3896
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera.exe
Memory Usage	109 MB
Peak Memory Usage	150 MB
opera_crashreporter.exe
Process ID	1564
User	simon
Domain	SIMON1
Path	C:\Program Files\Opera\30.0.1835.125\opera_crashreporter.exe
Memory Usage	560 KB
Peak Memory Usage	3.59 MB
realsched.exe
Process ID	1816
User	simon
Domain	SIMON1
Path	C:\Program Files\Real\RealPlayer\update\realsched.exe
Memory Usage	512 KB
Peak Memory Usage	3.11 MB
recordingmanager.exe
Process ID	2936
User	simon
Domain	SIMON1
Path	C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Memory Usage	8.55 MB
Peak Memory Usage	8.56 MB
services.exe
Process ID	540
User	SYSTEM
Domain	NT AUTHORITY
Path	C:\WINDOWS\system32\services.exe
Memory Usage	1.68 MB
Peak Memory Usage	3.61 MB
smss.exe
Process ID	424
User	SYSTEM
Domain	NT AUTHORITY
Path	\SystemRoot\System32\smss.exe
Memory Usage	44 KB
Peak Memory Usage	508 KB
Speccy.exe
Process ID	1096
User	simon
Domain	SIMON1
Path	C:\Program Files\Speccy\Speccy.exe
Memory Usage	20 MB
Peak Memory Usage	20 MB
spoolsv.exe
Process ID	1396
User	SYSTEM
Domain	NT AUTHORITY
Path	C:\WINDOWS\system32\spoolsv.exe
Memory Usage	1.23 MB
Peak Memory Usage	4.74 MB
svchost.exe
Process ID	724
User	SYSTEM
Domain	NT AUTHORITY
Path	C:\WINDOWS\system32\svchost.exe
Memory Usage	1.32 MB
Peak Memory Usage	4.34 MB
svchost.exe
Process ID	780
Path	C:\WINDOWS\system32\svchost.exe
Memory Usage	1.39 MB
Peak Memory Usage	4.15 MB
svchost.exe
Process ID	848
User	SYSTEM
Domain	NT AUTHORITY
Path	C:\WINDOWS\System32\svchost.exe
Memory Usage	16 MB
Peak Memory Usage	29 MB
svchost.exe
Process ID	912
Path	C:\WINDOWS\system32\svchost.exe
Memory Usage	1.49 MB
Peak Memory Usage	3.62 MB
svchost.exe
Process ID	1088
Path	C:\WINDOWS\system32\svchost.exe
Memory Usage	2.82 MB
Peak Memory Usage	5.75 MB
svchost.exe
Process ID	444
User	SYSTEM
Domain	NT AUTHORITY
Path	C:\WINDOWS\System32\svchost.exe
Memory Usage	1.66 MB
Peak Memory Usage	4.09 MB
svchost.exe
Process ID	600
User	SYSTEM
Domain	NT AUTHORITY
Path	C:\WINDOWS\System32\svchost.exe
Memory Usage	1.01 MB
Peak Memory Usage	4.20 MB
svchost.exe
Process ID	2500
User	SYSTEM
Domain	NT AUTHORITY
Path	C:\WINDOWS\System32\svchost.exe
Memory Usage	248 KB
Peak Memory Usage	3.34 MB
svchost.exe
Process ID	1868
Path	C:\WINDOWS\System32\svchost.exe
Memory Usage	92 KB
Peak Memory Usage	3.78 MB
System
Process ID	4
Memory Usage	32 KB
Peak Memory Usage	2.06 MB
System Idle Process
Process ID	0
unsecapp.exe
Process ID	3480
User	simon
Domain	SIMON1
Path	C:\WINDOWS\system32\wbem\unsecapp.exe
Memory Usage	1.09 MB
Peak Memory Usage	4.56 MB
winlogon.exe
Process ID	496
User	SYSTEM
Domain	NT AUTHORITY
Path	\??\C:\WINDOWS\system32\winlogon.exe
Memory Usage	3.77 MB
Peak Memory Usage	76 MB
wmiprvse.exe
Process ID	1952
Path	C:\WINDOWS\system32\wbem\wmiprvse.exe
Memory Usage	6.02 MB
Peak Memory Usage	8.07 MB
wmiprvse.exe
Process ID	192
User	SYSTEM
Domain	NT AUTHORITY
Path	C:\WINDOWS\system32\wbem\wmiprvse.exe
Memory Usage	4.90 MB
Peak Memory Usage	4.91 MB
wuauclt.exe
Process ID	844
User	SYSTEM
Domain	NT AUTHORITY
Path	C:\WINDOWS\system32\wuauclt.exe
Memory Usage	6.59 MB
Peak Memory Usage	6.59 MB
Security Options
Accounts: Administrator account status	Enabled
Accounts: Guest account status	Disabled
Accounts: Limit local account use of blank passwords to console logon only	Enabled
Accounts: Rename administrator account	Administrator
Accounts: Rename guest account	Guest
Audit: Audit the access of global system objects	Disabled
Audit: Audit the use of Backup and Restore privilege	Disabled
Audit: Shut down system immediately if unable to log security audits	Disabled
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax	Not defined
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax	Not defined
Devices: Allow undock without having to log on	Enabled
Devices: Allowed to format and eject removable media	Administrators
Devices: Prevent users from installing printer drivers	Disabled
Devices: Restrict CD-ROM access to locally logged-on user only	Disabled
Devices: Restrict floppy access to locally logged-on user only	Disabled
Devices: Unsigned driver installation behavior	Warn but allow installation
Domain controller: Allow server operators to schedule tasks	Not defined
Domain controller: LDAP server signing requirements	Not defined
Domain controller: Refuse machine account password changes	Not defined
Domain member: Digitally encrypt or sign secure channel data (always)	Enabled
Domain member: Digitally encrypt secure channel data (when possible)	Enabled
Domain member: Digitally sign secure channel data (when possible)	Enabled
Domain member: Disable machine account password changes	Disabled
Domain member: Maximum machine account password age	30 days
Domain member: Require strong (Windows 2000 or later) session key	Disabled
Interactive logon: Display user information when the session is locked	Not defined
Interactive logon: Do not display last user name	Disabled
Interactive logon: Do not require CTRL+ALT+DEL	Not defined
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Interactive logon: Number of previous logons to cache (in case domain controller is not available)	10 logons
Interactive logon: Prompt user to change password before expiration	14 days
Interactive logon: Require Domain Controller authentication to unlock workstation	Disabled
Interactive logon: Require smart card	Not defined
Interactive logon: Smart card removal behavior	No Action
Microsoft network client: Digitally sign communications (always)	Disabled
Microsoft network client: Digitally sign communications (if server agrees)	Enabled
Microsoft network client: Send unencrypted password to third-party SMB servers	Disabled
Microsoft network server: Amount of idle time required before suspending session	15 minutes
Microsoft network server: Digitally sign communications (always)	Disabled
Microsoft network server: Digitally sign communications (if client agrees)	Disabled
Microsoft network server: Disconnect clients when logon hours expire	Enabled
Network access: Allow anonymous SID/Name translation	Disabled
Network access: Do not allow anonymous enumeration of SAM accounts	Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares	Disabled
Network access: Do not allow storage of credentials or .NET Passports for network authentication	Disabled
Network access: Let Everyone permissions apply to anonymous users	Disabled
Network access: Named Pipes that can be accessed anonymously	COMNAP,COMNODE,SQL\QUERY,SPOOLSS,LLSRPC,browser
Network access: Remotely accessible registry paths	System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Control\Server Applications,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
Network access: Shares that can be accessed anonymously	COMCFG,DFS$
Network access: Sharing and security model for local accounts	Guest only - local users authenticate as Guest
Network security: Do not store LAN Manager hash value on next password change	Disabled
Network security: Force logoff when logon hours expire	Disabled
Network security: LAN Manager authentication level	Send LM & NTLM responses
Network security: LDAP client signing requirements	Negotiate signing
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients	No minimum
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers	No minimum
Recovery console: Allow automatic administrative logon	Enabled
Recovery console: Allow floppy copy and access to all drives and all folders	Enabled
Shutdown: Allow system to be shut down without having to log on	Enabled
Shutdown: Clear virtual memory pagefile	Disabled
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing	Disabled
System objects: Default owner for objects created by members of the Administrators group	Object creator
System objects: Require case insensitivity for non-Windows subsystems	Enabled
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)	Enabled
Device Tree
ACPI Multiprocessor PC
Microsoft ACPI-Compliant System
ACPI Fixed Feature Button
ACPI Power Button
Intel Pentium 4 CPU 2.80GHz
System board
PCI bus
Intel 82865G/PE/P/GV/82848P Processor to I/O Controller - 2570
Motherboard resources
Motherboard resources
SoundMAX Integrated Digital Audio
Intel(R) 82865G Graphics Controller
Plug and Play Monitor
Standard Universal PCI to USB Host Controller
USB Root Hub
Standard Universal PCI to USB Host Controller
USB Root Hub
Standard Universal PCI to USB Host Controller
USB Root Hub
Intel(R) 82801EB USB2 Enhanced Host Controller - 24DD
USB Root Hub
Intel(R) 82801BA/CA PCI Bridge - 244E
Broadcom NetXtreme Gigabit Ethernet
Intel(R) 82801EB LPC Interface Controller - 24D0
Advanced programmable interrupt controller
Communications Port (COM1)
Direct memory access controller
ISAPNP Read Data Port
Numeric data processor
Programmable interrupt controller
PS/2 Compatible Mouse
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
System CMOS/real time clock
System speaker
System timer
ECP Printer Port (LPT1)
Printer Port Logical Interface
Standard floppy disk controller
Floppy disk drive
Standard Dual Channel PCI IDE Controller
Secondary IDE Channel
Primary IDE Channel
Maxtor 6Y080L0
TSSTcorp DVD-ROM TS-H352C
Standard Dual Channel PCI IDE Controller
Primary IDE Channel
Secondary IDE Channel
ST340014AS
CPU
Intel Pentium 4
Cores	1
Threads	1
Name	Intel Pentium 4
Code Name	Northwood
Package	Socket 478 mPGA
Technology	0.13um
Specification	Intel Pentium 4 CPU 2.80GHz
Family	F
Extended Family	F
Model	2
Extended Model	2
Stepping	9
Revision	D1
Instructions	MMX, SSE, SSE2
Virtualization	Not supported
Hyperthreading	Not supported
Bus Speed	200.0 MHz
Rated Bus Speed	800.0 MHz
Stock Core Speed	2800 MHz
Stock Bus Speed	200 MHz
Caches
L1 Data Cache Size	8 KBytes
L1 trace cache	12 KBytes
L2 Unified Cache Size	512 KBytes
Cores
Core 0
Core Speed	2799.8 MHz
Multiplier	x 14.0
Bus Speed	200.0 MHz
Rated Bus Speed	800.0 MHz
Threads	APIC ID: 0
RAM
Memory slots
Total memory slots	1
Used memory slots	3
Free memory slots	4294967294
Memory
Type	DDR
Size	2048 MBytes
Channels #	Single
DRAM Frequency	200.0 MHz
CAS# Latency (CL)	3 clocks
RAS# to CAS# Delay (tRCD)	3 clocks
RAS# Precharge (tRP)	3 clocks
Cycle Time (tRAS)	8 clocks
Physical Memory
Memory Usage	64 %
Total Physical	1.99 GB
Available Physical	724 MB
Total Virtual	3.84 GB
Available Virtual	1.24 GB
SPD
Number Of SPD Modules	3
Slot #1
Type	DDR
Size	512 MBytes
Manufacturer	Kingston
Max Bandwidth	PC3200 (200 MHz)
Part Number	K
Serial Number	6004F727
Week/year	44 / 04
Timing table
JEDEC #1
Frequency	133.3 MHz
CAS# Latency	2.0
RAS# To CAS#	2
RAS# Precharge	2
tRAS	6
Voltage	2.500 V
JEDEC #2
Frequency	166.7 MHz
CAS# Latency	2.5
RAS# To CAS#	3
RAS# Precharge	3
tRAS	7
Voltage	2.500 V
JEDEC #3
Frequency	200.0 MHz
CAS# Latency	3.0
RAS# To CAS#	3
RAS# Precharge	3
tRAS	8
Voltage	2.500 V
Slot #2
Type	DDR
Size	512 MBytes
Manufacturer	Kingston
Max Bandwidth	PC3200 (200 MHz)
Part Number	K
Serial Number	6B3D5C53
Timing table
JEDEC #1
Frequency	133.3 MHz
CAS# Latency	2.0
RAS# To CAS#	2
RAS# Precharge	2
tRAS	6
Voltage	2.500 V
JEDEC #2
Frequency	166.7 MHz
CAS# Latency	2.5
RAS# To CAS#	3
RAS# Precharge	3
tRAS	7
Voltage	2.500 V
JEDEC #3
Frequency	200.0 MHz
CAS# Latency	3.0
RAS# To CAS#	3
RAS# Precharge	3
tRAS	8
Voltage	2.500 V
Slot #3
Type	DDR
Size	1024 MBytes
Manufacturer	Nanya Technology
Max Bandwidth	PC3200 (200 MHz)
Part Number	M2Y1G64DS8HB1G-5T
Serial Number	80253515
Week/year	19 / 07
Timing table
JEDEC #1
Frequency	166.7 MHz
CAS# Latency	2.5
RAS# To CAS#	3
RAS# Precharge	3
tRAS	7
Voltage	2.500 V
JEDEC #2
Frequency	200.0 MHz
CAS# Latency	3.0
RAS# To CAS#	3
RAS# Precharge	3
tRAS	8
Voltage	2.500 V
Motherboard
Manufacturer	Hewlett-Packard
Model	085Ch (XU1 PROCESSOR)
Chipset Vendor	Intel
Chipset Model	i865P/PE/G/i848P
Chipset Revision	A2
Southbridge Vendor	Intel
Southbridge Model	82801EB (ICH5)
Southbridge Revision	02
System Temperature	71 °C
BIOS
Brand	Hewlett-Packard
Version	786B2 v2.18
Date	1/15/2004
Voltage
CPU CORE	1.482 V
ATX +3.3V	3.281 V
ATX +5V	5.070 V
ATX +12V	3.325 V
PCI Data
Slot AGP 8X
Slot Type	AGP 8X
Slot Usage	Available
Bus Width	32 bit
Slot Designation	AGP
Characteristics	3.3V
Slot Number	0
Slot PCI
Slot Type	PCI
Slot Usage	Available
Bus Width	32 bit
Slot Designation	PCI Slot 1
Characteristics	5V, 3.3V, PME, SMBus
Slot Number	1
Slot PCI
Slot Type	PCI
Slot Usage	Available
Bus Width	32 bit
Slot Designation	PCI Slot 2
Characteristics	5V, 3.3V, PME, SMBus
Slot Number	2
Slot PCI
Slot Type	PCI
Slot Usage	Available
Bus Width	32 bit
Slot Designation	PCI Slot 3
Characteristics	5V, 3.3V, PME, SMBus
Slot Number	3
Graphics
Monitor
Name	DELL E177FP on Intel 82865G Graphics Controller
Current Resolution	1152x864 pixels
Work Resolution	1152x834 pixels
State	Enabled, Primary, Output devices support
Monitor Width	1152
Monitor Height	864
Monitor BPP	32 bits per pixel
Monitor Frequency	60 Hz
Device	\\.\DISPLAY1\Monitor0
Intel 82865G Graphics Controller
Manufacturer	Intel
Model	82865G Graphics Controller
Device ID	8086-2572
Revision	3
Subvendor	HP (103C)
Current Performance Level	Level 0
Driver version	6.14.10.4396
Count of performance levels : 1
Level 1 - "Perf Level 0"
Storage
Hard drives
Maxtor 6Y080L0
Manufacturer	Maxtor
Heads	16
Cylinders	10,587
Tracks	2,540,880
Sectors	160,075,440
Device type	Fixed
ATA Standard	ATA/ATAPI-7
Serial Number	Y2B208VC
Firmware Version Number	YAR41BW0
LBA Size	28bit LBA
Power On Count	1677 times
Power On Time	14.4 days
Features	S.M.A.R.T., APM, AAM
Max. Transfer Mode	Ultra DMA/133
Used Transfer Mode	Ultra DMA/66
Interface	ATA
Capacity	76 GB
Real size	81,964,302,336 bytes
RAID Type	None
S.M.A.R.T
Status	Good
Temperature	25 °C
Temperature Range	OK (less than 50 °C)
S.M.A.R.T attributes
03
Attribute*name	Spin-Up Time
Real value	8054 ms
Current	227
Worst	225
Threshold	63
Raw Value	0000001F76
Status	Good
04
Attribute*name	Start/Stop Count
Real value	1,323
Current	253
Worst	253
Threshold	0
Raw Value	000000052B
Status	Good
05
Attribute*name	Reallocated Sectors Count
Real value	0
Current	253
Worst	253
Threshold	63
Raw Value	0000000000
Status	Good
06
Attribute*name	Read Channel Margin
Real value	0
Current	253
Worst	253
Threshold	100
Raw Value	0000000000
Status	Good
07
Attribute*name	Seek Error Rate
Real value	0
Current	253
Worst	252
Threshold	0
Raw Value	0000000000
Status	Good
08
Attribute*name	Seek Time Performance
Real value	53,688
Current	253
Worst	247
Threshold	187
Raw Value	000000D1B8
Status	Good
09
Attribute*name	Power-On Hours (POH)
Real value	14d 10h
Current	183
Worst	183
Threshold	0
Raw Value	000000513A
Status	Good
0A
Attribute*name	Spin Retry Count
Real value	0
Current	253
Worst	252
Threshold	157
Raw Value	0000000000
Status	Good
0B
Attribute*name	Recalibration Retries
Real value	0
Current	253
Worst	252
Threshold	223
Raw Value	0000000000
Status	Good
0C
Attribute*name	Device Power Cycle Count
Real value	1,677
Current	249
Worst	249
Threshold	0
Raw Value	000000068D
Status	Good
C0
Attribute*name	Power-off Retract Count
Real value	0
Current	253
Worst	253
Threshold	0
Raw Value	0000000000
Status	Good
C1
Attribute*name	Load/Unload Cycle Count
Real value	0
Current	253
Worst	253
Threshold	0
Raw Value	0000000000
Status	Good
C2
Attribute*name	Temperature
Real value	26 °C
Current	253
Worst	253
Threshold	0
Raw Value	000000001A
Status	Good
C3
Attribute*name	Hardware ECC Recovered
Real value	0
Current	253
Worst	252
Threshold	0
Raw Value	0000000487
Status	Good
C4
Attribute*name	Reallocation Event Count
Real value	0
Current	253
Worst	253
Threshold	0
Raw Value	0000000000
Status	Good
C5
Attribute*name	Current Pending Sector Count
Real value	0
Current	253
Worst	253
Threshold	0
Raw Value	0000000000
Status	Good
C6
Attribute*name	Uncorrectable Sector Count
Real value	0
Current	253
Worst	253
Threshold	0
Raw Value	0000000000
Status	Good
C7
Attribute*name	UltraDMA CRC Error Count
Real value	0
Current	199
Worst	199
Threshold	0
Raw Value	0000000000
Status	Good
C8
Attribute*name	Write Error Rate / Multi-Zone Error Rate
Real value	0
Current	253
Worst	252
Threshold	0
Raw Value	0000000000
Status	Good
C9
Attribute*name	Soft Read Error Rate
Real value	1
Current	253
Worst	251
Threshold	0
Raw Value	0000000001
Status	Good
CA
Attribute*name	Data Address Mark errors
Real value	0
Current	253
Worst	252
Threshold	0
Raw Value	0000000000
Status	Good
CB
Attribute*name	Run Out Cancel
Real value	0
Current	253
Worst	252
Threshold	180
Raw Value	0000000000
Status	Good
CC
Attribute*name	Soft ECC Correction
Real value	0
Current	253
Worst	252
Threshold	0
 Raw Value	0000000000
Status	Good
CD
Attribute*name	Thermal Asperity Rate (TAR)
Real value	0
Current	253
Worst	252
Threshold	0
Raw Value	0000000000
Status	Good
CF
Attribute*name	Spin High Current
Real value	0
Current	253
Worst	252
Threshold	0
Raw Value	0000000000
Status	Good
D0
Attribute*name	Spin Buzz
Real value	0
Current	253
Worst	252
Threshold	0
Raw Value	0000000000
Status	Good
D1
Attribute*name	Offline Seek Performance
Real value	0
Current	191
Worst	189
Threshold	0
Raw Value	0000000000
Status	Good
63
Attribute*name	Average Flying Height control
Real value	0
Current	253
Worst	253
Threshold	0
Raw Value	0000000000
Status	Good
64
Attribute*name	Erase/Program Cycles
Real value	0
Current	253
Worst	253
Threshold	0
Raw Value	0000000000
Status	Good
65
Attribute*name	Maximum Flying Height control
Real value	0
Current	253
Worst	253
Threshold	0
Raw Value	0000000000
Status	Good
Partition 0
Partition ID	Disk #0, Partition #0
Disk Letter	D:
File System	NTFS
Volume Serial Number	84A6EF20
Size	60 GB
Used Space	14.6 GB (24%)
Free Space	45 GB (76%)
Partition 1
Partition ID	Disk #0, Partition #1
Size	1.76 GB
Partition 2
Partition ID	Disk #0, Partition #2
Size	14.3 GB
ST340014AS
Manufacturer	Seagate
Form Factor	3.5"
Heads	16
Cylinders	5,166
Tracks	1,239,840
Sectors	78,109,920
SATA type	SATA-I 1.5Gb/s
Device type	Fixed
ATA Standard	ATA/ATAPI-6
Serial Number	5MQ1XGKX
Firmware Version Number	8.12
LBA Size	48-bit LBA
Power On Count	1193 times
Power On Time	1888.3 days
Features	S.M.A.R.T., AAM, NCQ
Max. Transfer Mode	SATA I 1.5Gb/s
Used Transfer Mode	SATA I 1.5Gb/s
Interface	SATA
Capacity	37.3 GB
Real size	40,000,000,000 bytes
RAID Type	None
S.M.A.R.T
Status	Good
Temperature	27 °C
Temperature Range	OK (less than 50 °C)
S.M.A.R.T attributes
01
Attribute*name	Read Error Rate
Real value	0
Current	58
Worst	49
Threshold	6
Raw Value	0005EF0CBD
Status	Good
03
Attribute*name	Spin-Up Time
Real value	0 ms
Current	98
Worst	98
Threshold	0
Raw Value	0000000000
Status	Good
04
Attribute*name	Start/Stop Count
Real value	1,132
Current	99
Worst	99
Threshold	20
Raw Value	000000046C
Status	Good
05
Attribute*name	Reallocated Sectors Count
Real value	0
Current	100
Worst	100
Threshold	36
Raw Value	0000000000
Status	Good
07
Attribute*name	Seek Error Rate
Real value	0
Current	79
Worst	60
Threshold	30
Raw Value	000531FD6A
Status	Good
09
Attribute*name	Power-On Hours (POH)
Real value	1888d 7h
Current	49
Worst	49
Threshold	0
Raw Value	000000B107
Status	Good
0A
Attribute*name	Spin Retry Count
Real value	0
Current	100
Worst	100
Threshold	97
Raw Value	0000000000
Status	Good
0C
Attribute*name	Device Power Cycle Count
Real value	1,193
Current	99
Worst	99
Threshold	20
Raw Value	00000004A9
Status	Good
C2
Attribute*name	Temperature
Real value	26 °C
Current	26
Worst	47
Threshold	0
Raw Value	000000001A
Status	Good
C3
Attribute*name	Hardware ECC Recovered
Real value	0
Current	58
Worst	49
Threshold	0
Raw Value	0005EF0CBD
Status	Good
C5
Attribute*name	Current Pending Sector Count
Real value	0
Current	100
Worst	100
Threshold	0
Raw Value	0000000000
Status	Good
C6
Attribute*name	Uncorrectable Sector Count
Real value	0
Current	100
Worst	100
Threshold	0
Raw Value	0000000000
Status	Good
C7
Attribute*name	UltraDMA CRC Error Count
Real value	0
Current	200
Worst	200
Threshold	0
Raw Value	0000000000
Status	Good
C8
Attribute*name	Write Error Rate / Multi-Zone Error Rate
Real value	0
Current	100
Worst	253
Threshold	0
Raw Value	0000000000
Status	Good
 CA
Attribute*name	Data Address Mark errors
Real value	0
Current	100
Worst	253
Threshold	0
Raw Value	0000000000
Status	Good
Partition 0
Partition ID	Disk #1, Partition #0
Disk Letter	C:
File System	NTFS
Volume Serial Number	F00B2ED2
Size	24.4 GB
Used Space	15.1 GB (61%)
Free Space	9.33 GB (39%)
Partition 1
Partition ID	Disk #1, Partition #1
Size	12.8 GB
Partition 2
Partition ID	Disk #1, Partition #2
Size	7.38 MB
Optical Drives
TSSTcorp DVD-ROM TS-H352C
Media Type	DVD Reader
Name	TSSTcorp DVD-ROM TS-H352C
Availability	Running/Full Power
Capabilities	Random Access, Supports Removable Media
Read capabilities	CD-R, CD-RW, CD-ROM, DVD-RAM, DVD-ROM, DVD-R, DVD+R, DVD+RW, DVD+R DL
Config Manager Error Code	Device is working properly
Config Manager User Config	FALSE
Drive	E:
Media Loaded	FALSE
SCSI Bus	0
SCSI Logical Unit	0
SCSI Port	0
SCSI Target Id	0
Status	OK
Audio
Sound Card
SoundMAX Integrated Digital Audio
Playback Device
SoundMAX Digital Audio
Recording Device
SoundMAX Digital Audio
Peripherals
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device Kind	Keyboard
Device Name	Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Vendor	(Standard keyboards)
Location	plugged into keyboard port
Driver
Date	7-1-2001
Version	5.1.2600.0
File	C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File	C:\WINDOWS\system32\DRIVERS\kbdclass.sys
PS/2 Compatible Mouse
Device Kind	Mouse
Device Name	PS/2 Compatible Mouse
Vendor	Microsoft
Location	plugged into PS/2 mouse port
Driver
Date	7-1-2001
Version	5.1.2600.0
File	C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File	C:\WINDOWS\system32\DRIVERS\mouclass.sys
Printers
Foxit Reader PDF Printer (Default Printer)
Printer Port	FOXIT_Reader:
Print Processor	WinPrint
Availability	Always
Priority	1
Duplex	None
Print Quality	600 * 600 dpi Color
Status	Unknown
Driver
Driver Name	Foxit Reader PDF Printer Driver (v4.01)
Driver Path	C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\frdvpr_drv.dll
Microsoft XPS Document Writer
Printer Port	XPSPort:
Print Processor	WinPrint
Availability	Always
Priority	1
Duplex	None
Print Quality	600 * 600 dpi Color
Status	Unknown
Driver
Driver Name	Microsoft XPS Document Writer (v6.00)
Driver Path	C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Network
You are connected to the internet
Connected through	Broadcom NetXtreme Gigabit Ethernet
IP Address	192.168.1.72
Subnet mask	255.255.255.0
Gateway server	192.168.1.254
Preferred DNS server	192.168.1.254
DHCP	Enabled
DHCP server	192.168.1.254
External IP Address	84.92.137.74
Adapter Type	Ethernet
NetBIOS over TCP/IP	Enabled via DHCP
NETBIOS Node Type	Unknown node type
Link Speed	0 Bps
Computer Name
NetBIOS Name	SIMON1
DNS Name	simon1
Membership	Part of workgroup
Workgroup	WORKGROUP
Remote Desktop
Disabled
Console
State	Active
Domain	SIMON1
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Wi-Fi not enabled
WinHTTPInfo
WinHTTPSessionProxyType	No proxy
Session Proxy
Session Proxy Bypass
Connect Retries	5
Connect Timeout (ms)	60,000
HTTP Version	HTTP 1.1
Max Connects Per 1.0 Servers	INFINITE
Max Connects Per Servers	INFINITE
Max HTTP automatic redirects	10
Max HTTP status continue	10
Send Timeout (ms)	30,000
IEProxy Auto Detect	No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type	No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
File and printer sharing service	Enabled
Simple File Sharing	Enabled
Administrative Shares	Enabled
Network access: Sharing and security model for local accounts	Guest only - local users authenticate as Guest
Adapters List
Enabled
Broadcom NetXtreme Gigabit Ethernet
Connection-specific DNS Suffix	lan
Connection Name	Local Area Connection
NetBIOS over TCPIP	No
DHCP enabled	Yes
MAC Address	00-0F-20-72-59-71
IP Address	192.168.1.72
Subnet mask	255.255.255.0
Gateway server	192.168.1.254
DHCP	192.168.1.254
DNS Server	192.168.1.254
Network Shares
No network shares
Current TCP Connections
alg.exe (1048)
Local 127.0.0.1:1043	LISTEN
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1144)
Local 192.168.1.72:2152	ESTABLISHED Remote 77.234.44.61:80 (Querying... ) (HTTP)
Local 127.0.0.1:12025	LISTEN
Local 127.0.0.1:12110	LISTEN
Local 127.0.0.1:12119	LISTEN
Local 127.0.0.1:12143	LISTEN
Local 127.0.0.1:12465	LISTEN
Local 127.0.0.1:12993	LISTEN
Local 127.0.0.1:12995	LISTEN
Local 127.0.0.1:12563	LISTEN
Local 192.168.1.72:2129	CLOSE-WAIT Remote 5.45.58.149:80 (Querying... ) (HTTP)
Local 127.0.0.1:27275	LISTEN
C:\Program Files\AVAST Software\Avast\AvastUI.exe (1772)
Local 192.168.1.72:1127	CLOSE-WAIT Remote 77.234.40.87:443 (Querying... ) (HTTPS)
C:\Program Files\Dropbox\Client\Dropbox.exe (1832)
Local 0.0.0.0:17500	LISTEN
Local 127.0.0.1:17600	LISTEN
Local 127.0.0.1:17603	LISTEN
Local 127.0.0.1:19872	ESTABLISHED Remote 127.0.0.1:1101 (Querying... )
Local 127.0.0.1:1101	ESTABLISHED Remote 127.0.0.1:19872 (Querying... )
Local 127.0.0.1:1107	ESTABLISHED Remote 127.0.0.1:1108 (Querying... )
Local 192.168.1.72:2133	CLOSE-WAIT Remote 54.192.3.126:443 (Querying... ) (HTTPS)
Local 192.168.1.72:2134	ESTABLISHED Remote 108.160.169.48:443 (Querying... ) (HTTPS)
Local 127.0.0.1:1108	ESTABLISHED Remote 127.0.0.1:1107 (Querying... )
Local 192.168.1.72:2130	CLOSE-WAIT Remote 54.192.3.126:443 (Querying... ) (HTTPS)
Local 192.168.1.72:1102	CLOSE-WAIT Remote 54.192.3.125:443 (Querying... ) (HTTPS)
Local 192.168.1.72:1103	CLOSE-WAIT Remote 54.192.3.125:443 (Querying... ) (HTTPS)
Local 192.168.1.72:1312	CLOSE-WAIT Remote 54.192.3.128:443 (Querying... ) (HTTPS)
C:\Program Files\Opera\30.0.1835.125\opera.exe (2064)
Local 192.168.1.72:2336	ESTABLISHED Remote 72.247.145.43:80 (Querying... ) (HTTP)
Local 192.168.1.72:2337	ESTABLISHED Remote 72.247.145.43:80 (Querying... ) (HTTP)
Local 192.168.1.72:2338	ESTABLISHED Remote 216.58.208.46:443 (Querying... ) (HTTPS)
Local 192.168.1.72:2340	ESTABLISHED Remote 74.125.24.106:80 (Querying... ) (HTTP)
Local 192.168.1.72:2341	ESTABLISHED Remote 64.233.184.95:80 (Querying... ) (HTTP)
Local 192.168.1.72:2342	ESTABLISHED Remote 212.56.73.48:80 (Querying... ) (HTTP)
Local 192.168.1.72:2347	ESTABLISHED Remote 185.31.19.175:80 (Querying... ) (HTTP)
Local 192.168.1.72:2361	ESTABLISHED Remote 23.39.117.153:80 (Querying... ) (HTTP)
Local 192.168.1.72:2362	ESTABLISHED Remote 216.58.208.46:80 (Querying... ) (HTTP)
Local 192.168.1.72:2363	ESTABLISHED Remote 185.45.5.50:443 (Querying... ) (HTTPS)
Local 192.168.1.72:2416	ESTABLISHED Remote 72.52.204.213:80 (Querying... ) (HTTP)
Local 192.168.1.72:2323	ESTABLISHED Remote 176.34.135.166:443 (Querying... ) (HTTPS)
Local 192.168.1.72:2322	ESTABLISHED Remote 216.58.210.35:443 (Querying... ) (HTTPS)
Local 192.168.1.72:2321	ESTABLISHED Remote 82.145.215.41:443 (Querying... ) (HTTPS)
Local 192.168.1.72:2275	ESTABLISHED Remote 104.66.236.236:443 (Querying... ) (HTTPS)
Local 192.168.1.72:2269	ESTABLISHED Remote 185.31.19.64:80 (Querying... ) (HTTP)
Local 192.168.1.72:2248	ESTABLISHED Remote 2.18.77.160:80 (Querying... ) (HTTP)
Local 192.168.1.72:2334	ESTABLISHED Remote 72.247.145.43:80 (Querying... ) (HTTP)
Local 192.168.1.72:2238	ESTABLISHED Remote 185.31.19.64:80 (Querying... ) (HTTP)
Local 192.168.1.72:2237	ESTABLISHED Remote 185.31.19.64:80 (Querying... ) (HTTP)
Local 192.168.1.72:2223	ESTABLISHED Remote 216.58.208.46:80 (Querying... ) (HTTP)
Local 192.168.1.72:2210	ESTABLISHED Remote 216.58.208.74:80 (Querying... ) (HTTP)
Local 192.168.1.72:2203	ESTABLISHED Remote 82.145.215.41:80 (Querying... ) (HTTP)
Local 192.168.1.72:2333	ESTABLISHED Remote 72.247.145.43:80 (Querying... ) (HTTP)
Local 192.168.1.72:2131	ESTABLISHED Remote 74.125.24.94:443 (Querying... ) (HTTPS)
Local 192.168.1.72:2335	ESTABLISHED Remote 72.247.145.43:80 (Querying... ) (HTTP)
Local 192.168.1.72:2331	ESTABLISHED Remote 72.247.145.43:80 (Querying... ) (HTTP)
svchost.exe (1088)
Local 0.0.0.0:2869	LISTEN
svchost.exe (780)
Local 0.0.0.0:135 (DCE)	LISTEN
System Process
Local 192.168.1.72:2397	TIME-WAIT Remote 212.56.73.123:80 (Querying... ) (HTTP)
Local 192.168.1.72:2371	TIME-WAIT Remote 199.96.57.6:443 (Querying... ) (HTTPS)
Local 192.168.1.72:2393	TIME-WAIT Remote 212.56.73.123:80 (Querying... ) (HTTP)
Local 192.168.1.72:2392	TIME-WAIT Remote 212.56.73.123:80 (Querying... ) (HTTP)
Local 192.168.1.72:2391	TIME-WAIT Remote 212.56.73.123:80 (Querying... ) (HTTP)
Local 192.168.1.72:2387	TIME-WAIT Remote 2.18.72.138:80 (Querying... ) (HTTP)
Local 192.168.1.72:2406	TIME-WAIT Remote 207.244.66.66:80 (Querying... ) (HTTP)
Local 192.168.1.72:2385	TIME-WAIT Remote 5.45.58.175:80 (Querying... ) (HTTP)
Local 192.168.1.72:2370	TIME-WAIT Remote 199.96.57.6:443 (Querying... ) (HTTPS)
Local 192.168.1.72:2365	TIME-WAIT Remote 199.96.57.8:443 (Querying... ) (HTTPS)
Local 192.168.1.72:2364	TIME-WAIT Remote 199.96.57.8:443 (Querying... ) (HTTPS)
Local 192.168.1.72:2348	TIME-WAIT Remote 185.31.19.175:80 (Querying... ) (HTTP)
Local 192.168.1.72:2345	TIME-WAIT Remote 216.58.208.33:80 (Querying... ) (HTTP)
Local 192.168.1.72:2344	TIME-WAIT Remote 216.58.208.33:80 (Querying... ) (HTTP)
Local 192.168.1.72:2399	TIME-WAIT Remote 212.56.73.123:80 (Querying... ) (HTTP)
Local 192.168.1.72:2398	TIME-WAIT Remote 212.56.73.123:80 (Querying... ) (HTTP)
System Process
Local 192.168.1.72:2869	CLOSE-WAIT Remote 192.168.1.254:25412 (Querying... )
Local 192.168.1.72:139 (NetBIOS session service)	LISTEN
Generated with Speccy v1.28.709


----------



## Pearguy (May 14, 2011)

Quick update: fan has just stopped after about two hours of constant overwork. I've done nothing different, not closed a program or anything like that. Strange.


----------



## kevinf80 (Mar 21, 2006)

Thanks for the log/update. This service is running *Fast User Switching Compatibility* unless your sytem has multiple accounts/logons that service needs to be stopped...

Select start > run > in the run box type *services.msc*

The services window will open, scroll to *Fast User Switching Compatibility* right click on that entry and seclect *Properties*.

In the properties window stop that service, also change the start up type to manual....

Does that make any difference? Regarding the fan, the windows repair tool should not have had an impact on anything to do with the fan.
Looking at the temps from Speccy one is certainly higher than expected:

*Motherboard
Hewlett-Packard 085Ch (XU1 PROCESSOR) 71 °C*

Mine is only showing at 35*C...

There is a strong possibility that the heatsinc on top of the CPU is clogged with dust etc.... is that a job you would do yourself? 
It would be whorthwhile having a look inside the PC to check that out....

Cheers,

Kevin


----------



## Pearguy (May 14, 2011)

Ok, I've stopped Fast User Switching Compatibility. Start up was already set to manual.
I missed the 71°C log entry. I'll attempt to get inside the pc and investigate the dust situation. 
However I'm very happy to report that, since the fan suddenly and inexplicably died down last night, overall performance has greatly improved. I left the system hibernating and this morning's 'wake up' was much quicker. No noisy fan, no mouse response lag. There are still occasional CPU and Interrupts spikes, and when these occurr the fan gets noisy again, but so far such episodes are fewer and much shorter. 
Fingers crossed; I'll monitor the performance and update later.

Thanks as always.


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, good to hear progress of sorts maybe happening. Regarding Fast User Switching Compatibility, can you go back into services and set the startup type to *Disabled*... my mistake...oops.

We will need to clean up at some point, remove tools etc.....

Thanks,

Kevin...


----------



## Pearguy (May 14, 2011)

I've cleaned out the inside of the PC. Once I'd worked out how to get the tower casing off it was easy to vacuum out. There was quite a bit of dust, it'll be interesting to see if there's now any difference to the fan and the temperature. I just ran Speccy again and that 71°C reading is now down to 35°C, although the Seagate reading is up from 27 to 39..

One minor problem was that, after cleaning out the dust and plugging all the leads back in, it was a bit of a mission to get the mouse and keyboard working. Seemed to be a connection issue and I wondered if perhaps it could be linked with the high Interrupts. Those episodes still occur along with maxed out CPU but are remaining briefer and less frequent than before. Yes, a definite all round improvement. 

Fast User Switching Compatibility startup type is now set to 'disabled'.


----------



## kevinf80 (Mar 21, 2006)

The seagate reading is ok, nothing to worry about there. Maybe the mouse/keyboard drivers need updating, i`m really not sure if windows will do that as XP is no longer supperted..

Select start, right click on "My Computer" and select "Manage" under system tools select "Device Manager" From the device manager list expand each of the following:

Keyboards, Mice and other pointing devices, probably also worthwhile expanding Universal Serial Bus controllers....

Do any of those expanded entries have question or exclamation marks against them? Once expanded right click on each entry, then select "Update Driver Software" 
That will produce two options, select the one where windows will search your "Computer" and "Online" for updated versions, it may return that the best driovers are already loaded....
See if that makes any difference?

Kevin...


----------



## Pearguy (May 14, 2011)

No question or exclamation marks. 
Two of the four 'USB Host Controllers' were updated, no better drivers could be found for the mouse or keyboard or USB hubs. I'll keep watching the interrupts spikes to see if the Host Controller updates make a difference - they're currently still happening though not as frequently.
Thanks again.


----------



## kevinf80 (Mar 21, 2006)

I`m out of ideas if the interrupts issue continues, personally I would have backed up what I needed and went straight for format and reinstall of the OS... 

Let me know how things pan out...

Cheers,

Kevin


----------



## Pearguy (May 14, 2011)

Kevin, you've set my mind at ease re infection which was my main worry. It's an old pc and hardly top of the range so performance, from what I've read, is never likely to be *perfect* but after following your instructions it's noticeably improved and I'm grateful for all your help. 

At some point I'll try to get to grips with backing up and formatting, reinstalling etc - I've much to learn - but that's for another time. For now I once again have use of my pc and, as I say, I'm very grateful. 

You mentioned a clean-up, uninstalling the tools etc, are we ready to 'Mark Solved'?


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, yep to clean up is more or less straightforward...

Download *"Delfix by Xplode"* and save it to your desktop.

Or use the following if first link is down:

*"Delfix link mirror"*

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


 Remove disinfection tools
 Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
 Reset system settings

Now click on "*Run*" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted

Next,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry2316629

Unless there are any other questions you can hit the "Mark Solved" tab at the top of the thread...

Thanks,

Kevin...


----------



## Pearguy (May 14, 2011)

Clean-up done, thanks for the links. 
As for other questions, I have a list somewhere(!) but none are urgent or malware related and you have already been very generous with your time. I'll try doing my own research via the archives, library etc, if I get stuck I'll post again in a relevant forum. 

Once again my sincere thanks for all your time and help, and to everyone else at TSG for providing such a valuable and supportive resource. 

Best wishes

Simon


----------



## kevinf80 (Mar 21, 2006)

You`re very welcome Simon, comeback anytime....


----------

