Jump to content

Recommended Posts

Started getting Access Denied errors for almost any operation, can't start my antivirus programs (AVG or MalWareBytes). Tried installing MWB in Safe Mode but that did not work either.

 

I accidentally launched RKill (Rkill.txt attached) before running FRST, will that be a problem?

Addition.txt attached

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01

Ran by Philip (administrator) on PJH01 on 29-01-2015 20:02:11
Running from C:\Documents and Settings\Philip\My Documents\Downloads
Loaded Profiles: Philip (Available profiles: Philip & Dad & Mom & UpdatusUser & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG2015\avgcsrvx.exe
(Acronis) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG2015\avgidsagent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Seagate) C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
(Acronis) C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
(Microsoft Corp.) C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
() C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
() C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
() C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe
() C:\Program Files\ASUS\AASP\1.00.91\aaCenter.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Google Inc.) C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DiscWizardMonitor.exe] => C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [1169744 2007-04-19] (Seagate)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe [1945688 2007-04-19] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [149024 2007-04-19] (Acronis)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [116040 2008-07-10] (Apple Inc.)
HKLM\...\Run: [MRT] => "C:\WINDOWS\system32\MRT.exe" /R
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2009-07-23] (Apple Computer, Inc.)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [570664 2008-07-09] (Nero AG)
HKLM\...\Run: [iMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-03] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [Logitech Utility] => C:\WINDOWS\Logi_MwX.Exe [19968 2003-12-17] (Logitech Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [unlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [bing Bar] => C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe [243544 2010-03-24] (Microsoft Corp.)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [274608 2010-12-05] (RealNetworks, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16859648 2008-01-29] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Ai Nap] => C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [1431040 2009-05-25] ()
HKLM\...\Run: [QFan Help] => C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe [598528 2009-04-30] ()
HKLM\...\Run: [CPU Power Monitor] => C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe [627200 2008-01-09] ()
HKLM\...\Run: [ASUS Energy Saving] => C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe [1352704 2009-01-22] ()
HKLM\...\Run: [Cpu Level Up help] => C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [881152 2007-11-30] ()
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1632360 2011-05-04] ()
HKLM\...\Run: [vProt] => "C:\Program Files\AVG Secure Search\vprot.exe"
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG2015\avgui.exe [0 ] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\Run: [steam] => C:\Program Files\Valve\Steam\\Steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\Run: [DW6] => "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-06-24] (Nero AG)
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\Run: [Google Update] => C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-05-21] (Google Inc.)
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\Run: [setMyHomePage] => C:\Documents and Settings\Philip\Application Data\SetMyHomePage\setmyhomepage.exe
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\CurrentVersion\Windows: [Load] C:\WINDOWS\system32\Microsoft.com <===== ATTENTION
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\MountPoints2: D - D:\panel.exe
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\MountPoints2: {1c04fb32-ef46-11de-8870-806d6172696f} - D:\autorun.exe
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\MountPoints2: {2a19b408-eefe-11de-a0da-806d6172696f} - D:\autorun.exe
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\MountPoints2: {3991db60-a0ae-11dc-8f75-806d6172696f} - D:\setup.exe
HKU\S-1-5-18\...\RunOnce: [WindowsUpdate] => C:\WINDOWS\system32\Microsoft.com [339456 2014-04-07] ()
HKU\S-1-5-18\...\CurrentVersion\Windows: [Load] C:\WINDOWS\system32\Microsoft.com <===== ATTENTION
AppInit_DLLs: c:\windows\system32\natapafu.dll => c:\windows\system32\natapafu.dll File Not Found
AppInit_DLLs:  C:\WINDOWS\system32\tetuluyu.dll => C:\WINDOWS\system32\tetuluyu.dll File Not Found
AppInit_DLLs:  dbuemr.dll => dbuemr.dll File Not Found
AppInit_DLLs:  c:\windows\system32\pabinula.dll => c:\windows\system32\pabinula.dll File Not Found
AppInit_DLLs:  c:\windows\system32\, C:\WINDOWS\system32\nikonome.dll => C:\WINDOWS\system32\nikonome.dll File Not Found
IFEO\AAWService.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\AAWTray.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\Ad-AwareAdmin.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\AvastSvc.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\AvastUI.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avcenter.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avconfig.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgchsvx.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgemc.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgnt.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avguard.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avp.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avscan.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\bdagent.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\ccuac.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\ComboFix.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\egui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\hijackthis.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\instup.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\keyscrambler.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\loggingserver.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbam.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbamgui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbampt.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbamscheduler.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbamservice.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\MpCmdRun.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\MSASCui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\MsMpEng.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\msseces.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\rstrui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\spybotsd.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\ToolbarUpdater.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\vprot.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\wireshark.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\zlclient.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
Lsa: [Authentication Packages] msv1_0 relog_ap
Lsa: [Notification Packages] scecli C:\WINDOWS\system32\suduvide.dll C:\WINDOWS\system32\gumakona.dll C:\WINDOWS\system32\tetuluyu.dll C:\WINDOWS\system32\nikonome.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Windows Update.lnk
ShortcutTarget: Microsoft Windows Update.lnk -> C:\Documents and Settings\Philip\Application Data\Microsoft\schost.exe (Oracle Corporation)
ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} =>  No File
BootExecute: autocheck autochk * C:\PROGRA~1\AVG2015\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-839522115-507921405-1343024091-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://terra.im/
HKU\S-1-5-21-839522115-507921405-1343024091-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://terra.im/
HKU\S-1-5-21-839522115-507921405-1343024091-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://terra.im/
URLSearchHook: HKU\S-1-5-21-839522115-507921405-1343024091-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = 
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-839522115-507921405-1343024091-1004 -> DefaultScope {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = http://terra.im/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-839522115-507921405-1343024091-1004 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = http://terra.im/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-839522115-507921405-1343024091-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6DC35883-7579-4889-A170-C63D0EA0670C}&mid=881b997898b6f2b25fa352d5bbcfaa1b-0664d2e18c7e20d85f148e7837320b9bb2a9f558〈=us&ds=AVG&pr=fr&d=2011-12-2518:34:25&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-839522115-507921405-1343024091-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.609 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.609 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.609 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.609 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-839522115-507921405-1343024091-1004: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin HKU\S-1-5-21-839522115-507921405-1343024091-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-839522115-507921405-1343024091-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default\searchplugins\defaultsearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: 1Click Downloader - C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default\Extensions\OneClickDownloader@OneClickDownloader.com.xpi [2012-04-19]
FF Extension: FlashGot - C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-05-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-17]
FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010-08-01]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-08-01]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-12-05]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011-04-12]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.3.0.49
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\40.0.2214.93\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll (Apple Computer, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U23) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\40.0.2214.93\pdf.dll ()
CHR Plugin: (Chrome NaCl) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\40.0.2214.93\gears.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-28]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-05-21]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-28]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-12-05]
CHR HKLM\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files\1ClickDownload\1click10.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation) [File not signed]
R2 AcrSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [411168 2007-04-19] (Acronis)
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2004-08-04] (Microsoft Corporation) [File not signed]
S3 ALG; C:\WINDOWS\System32\alg.exe [44544 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-07-10] (Apple Inc.)
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2004-08-04] (Microsoft Corporation) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG2015\avgidsagent.exe [0 ] (AVG Technologies CZ, s.r.o.) <==== ATTENTION (zero size file/folder)
S2 avgwd; C:\Program Files\AVG2015\avgwdsvc.exe [0 ] (AVG Technologies CZ, s.r.o.) <==== ATTENTION (zero size file/folder)
R2 BITS; C:\WINDOWS\system32\qmgr.dll [382464 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2007-07-24] (Apple Inc.) [File not signed]
S2 Browser; C:\WINDOWS\System32\browser.dll [77312 2004-08-04] (Microsoft Corporation) [File not signed]
S3 cisvc; C:\WINDOWS\system32\cisvc.exe [5632 2004-08-04] (Microsoft Corporation) [File not signed]
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2004-08-04] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [60416 2004-08-04] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [399360 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [111104 2004-08-04] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2004-08-04] (Microsoft Corp., Veritas Software) [File not signed]
S3 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2004-08-04] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2004-08-04] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [134656 2004-08-04] (Microsoft Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38912 2004-08-04] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2004-08-04] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2004-08-04] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150016 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2004-08-04] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-02-02] (Sun Microsystems, Inc.)
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [96768 2004-08-04] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-09] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2004-08-04] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2004-08-04] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\System32\mnmsrvc.exe [32768 2004-08-04] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [6144 2004-08-04] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2005-05-03] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2004-08-04] (Microsoft Corporation) [File not signed]
S2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-24] (NVIDIA Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [86016 2004-08-04] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\WINDOWS\system32\p2psvc.dll [526848 2004-08-04] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\WINDOWS\system32\p2psvc.dll [526848 2004-08-04] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
S3 PNRPSvc; C:\WINDOWS\system32\p2psvc.dll [526848 2004-08-04] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [89088 2004-08-04] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [174080 2004-08-04] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [140800 2004-08-04] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [49152 2001-08-18] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2004-08-04] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [399360 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2001-08-18] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [190976 2004-08-04] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2004-08-04] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [38912 2004-08-04] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2004-08-04] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [134656 2004-08-04] (Microsoft Corporation) [File not signed]
S2 SimpTcp; C:\WINDOWS\System32\tcpsvcs.exe [19456 2001-08-18] (Microsoft Corporation) [File not signed]
S2 SNMP; C:\WINDOWS\System32\snmp.exe [33280 2006-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [8704 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [57856 2004-08-04] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [170496 2004-08-04] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2004-08-04] (Microsoft Corporation) [File not signed]
S3 stisvc; C:\WINDOWS\system32\wiaservc.dll [333312 2004-08-04] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2004-08-04] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [246272 2004-08-04] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [134656 2004-08-04] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90624 2004-08-04] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185344 2004-08-04] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2004-08-04] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2004-08-04] (Microsoft Corporation) [File not signed]
S2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-08] (AVG Secure Search)
R2 W32Time; C:\WINDOWS\system32\w32time.dll [174592 2004-08-04] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [67584 2004-08-04] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2004-08-04] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\System32\mspmsnsv.dll [52224 2004-08-04] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2004-08-04] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [81408 2004-08-04] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2004-08-04] (Microsoft Corporation) [File not signed]
S3 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [359936 2004-08-04] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129536 2004-08-04] (Microsoft Corporation) [File not signed]
S2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2004-08-03] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2001-08-18] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142464 2004-08-04] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138368 2008-08-14] (Microsoft Corporation) [File not signed]
S1 AmdK7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [37376 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2004-08-04] (Microsoft Corporation) [File not signed]
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] ()
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2004-08-03] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [95360 2004-08-03] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2004-08-03] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [192792 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-12-25] (AVG Technologies)
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2001-08-18] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2001-08-18] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2004-08-03] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [49536 2004-08-03] (Microsoft Corporation) [File not signed]
S3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2004-08-03] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2004-08-03] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmio; C:\WINDOWS\system32\Drivers\dmio.sys [153344 2004-08-03] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmload; C:\WINDOWS\system32\Drivers\dmload.sys [5888 2001-08-18] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2004-08-03] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2004-08-04] (Microsoft Corporation) [File not signed]
R4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143360 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2004-08-03] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [34944 2001-08-18] (Microsoft Corporation) [File not signed]
R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2004-08-03] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [124800 2004-08-03] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2001-08-18] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2001-08-18] (Microsoft Corporation) [File not signed]
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2004-08-03] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider) [File not signed]
R3 hidusb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [9600 2001-08-18] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [263552 2009-10-20] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52736 2004-08-03] (Microsoft Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [41856 2004-08-03] (Microsoft Corporation) [File not signed]
R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4725760 2008-01-30] (Realtek Semiconductor Corp.) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36096 2004-08-03] (Microsoft Corporation) [File not signed]
R3 ip6fw; C:\WINDOWS\System32\drivers\ip6fw.sys [29056 2004-08-03] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2001-08-18] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20992 2004-08-03] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [134912 2004-08-03] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [74752 2004-08-03] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2004-08-03] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [35840 2001-08-18] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2004-08-03] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14848 2004-08-03] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [171776 2004-08-04] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92544 2009-06-22] (Microsoft Corporation) [File not signed]
S3 L8042PR2; C:\WINDOWS\System32\Drivers\l8042pr2.sys [51729 2003-12-17] (Logitech, Inc.) [File not signed]
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64512 2011-06-20] (Lavasoft AB)
S3 LHidFlt2; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [25505 2003-12-17] (Logitech, Inc.) [File not signed]
S3 LHidUsb; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [37887 2003-12-17] (Logitech, Inc.) [File not signed]
S3 LMouFlt2; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [70801 2003-12-17] (Logitech, Inc.) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2001-08-18] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2004-08-03] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42240 2004-08-03] (Microsoft Corporation) [File not signed]
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [181248 2004-08-03] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [454016 2010-02-24] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2004-08-04] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2004-08-04] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2004-08-04] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2004-08-04] (Microsoft Corporation) [File not signed]
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] () [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [107904 2004-08-03] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182912 2004-08-03] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [9600 2001-08-18] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [12928 2004-08-04] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91776 2004-08-03] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [38016 2001-08-18] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34560 2004-08-03] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2004-08-03] (Microsoft Corporation) [File not signed]
R3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2004-08-03] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574592 2004-08-03] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2001-08-18] (Microsoft Corporation) [File not signed]
R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [12753664 2011-05-24] (NVIDIA Corporation) [File not signed]
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-07-31] (NVIDIA Corporation) [File not signed]
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [164896 2009-06-30] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-07-31] (NVIDIA Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2001-08-18] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2001-08-18] (Microsoft Corporation) [File not signed]
R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61056 2004-08-03] (Microsoft Corporation) [File not signed]
S3 ousb2hub; C:\WINDOWS\System32\DRIVERS\ousb2hub.sys [56960 2005-06-15] (OrangeWare Corporation) [File not signed]
S2 ousbehci; C:\WINDOWS\System32\Drivers\ousbehci.sys [45440 2005-06-15] (OrangeWare Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [18688 2001-08-18] (Microsoft Corporation) [File not signed]
R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2001-08-18] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2004-08-03] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-18] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [119936 2004-08-03] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2004-08-03] (Microsoft Corporation) [File not signed]
S1 Processor; C:\WINDOWS\System32\DRIVERS\processr.sys [35328 2004-08-04] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2001-08-18] (Parallel Technologies, Inc.) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2001-08-18] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2004-08-03] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2001-08-18] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [176512 2004-08-03] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2001-08-18] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57472 2004-08-03] (Microsoft Corporation) [File not signed]
S3 RTLE8023xp; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [111360 2008-08-07] (Realtek Semiconductor Corporation                           ) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] () [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15488 2004-08-03] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64896 2004-08-03] (Microsoft Corporation) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6400 2004-08-03] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [352640 2009-12-31] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2004-08-04] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [54272 2001-08-18] (Microsoft Corporation) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [360320 2008-06-20] (Microsoft Corporation) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2004-08-04] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2004-08-04] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2004-08-04] (Microsoft Corporation) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [32768 2007-12-03] (Acronis) [File not signed]
R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [392320 2007-12-03] (Acronis) [File not signed]
R3 tunmp; C:\WINDOWS\System32\DRIVERS\tunmp.sys [12416 2004-08-04] (Microsoft Corporation) [File not signed]
S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66176 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [209408 2004-08-03] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [31616 2004-08-03] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [26624 2004-08-03] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [57600 2004-08-03] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\WINDOWS\System32\DRIVERS\usbohci.sys [17024 2004-08-03] (Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26496 2004-08-03] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20480 2004-08-03] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2004-08-03] (Microsoft Corporation) [File not signed]
R0 viaagp; C:\WINDOWS\System32\DRIVERS\viaagp.sys [42240 2004-08-03] (Microsoft Corporation) [File not signed]
R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaide.sys [5376 2004-08-03] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2004-08-03] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [82944 2004-08-04] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
S3 cportclm; \??\C:\DOCUME~1\Philip\LOCALS~1\Temp\cportclm.sys [X]
S3 estream; \??\C:\DOCUME~1\Philip\LOCALS~1\Temp\estream.sys [X]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
S3 rtl8139; System32\DRIVERS\RTL8139.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-03] (Microsoft Corporation) [File not signed]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-29 20:02 - 2015-01-29 20:02 - 00000000 ____D () C:\FRST
2015-01-29 19:48 - 2015-01-29 19:52 - 00313832 _____ () C:\Documents and Settings\Philip\Desktop\Rkill.txt
2015-01-29 19:48 - 2015-01-29 19:48 - 00000000 ____D () C:\Documents and Settings\Philip\Desktop\rkill
2015-01-28 23:16 - 2015-01-28 23:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2015-01-28 22:57 - 2015-01-28 22:57 - 00000000 ____D () C:\Documents and Settings\Philip\Application Data\AVG2015
2015-01-28 22:55 - 2015-01-28 22:55 - 00000000 ____D () C:\Documents and Settings\Philip\Local Settings\Application Data\Avg2015
2015-01-28 22:54 - 2015-01-28 22:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVG2015
2015-01-28 22:53 - 2015-01-28 22:53 - 00000642 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-01-28 22:53 - 2015-01-28 22:53 - 00000000 ___HD () C:\$AVG
2015-01-28 22:53 - 2015-01-28 22:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-01-28 22:53 - 2015-01-28 22:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2015-01-28 22:53 - 2015-01-28 22:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2015-01-28 22:52 - 2015-01-28 22:53 - 00000000 ____D () C:\Program Files\AVG2015
2015-01-28 22:48 - 2015-01-28 22:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2015-01-28 22:48 - 2015-01-28 22:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2015-01-28 22:11 - 2015-01-29 12:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-01-28 22:11 - 2015-01-28 22:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2015
2015-01-28 22:11 - 2015-01-28 22:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2015-01-28 21:55 - 2015-01-28 21:55 - 00020072 _____ () C:\Documents and Settings\UpdatusUser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-28 21:51 - 2015-01-28 21:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-28 21:51 - 2015-01-28 21:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-28 21:51 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-28 21:51 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-28 21:11 - 2015-01-28 21:11 - 00020072 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-28 20:50 - 2015-01-29 18:45 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-01-28 20:50 - 2015-01-28 22:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-01-28 20:50 - 2015-01-28 20:50 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-01-28 20:50 - 2010-06-28 19:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2015-01-28 20:50 - 2009-12-22 13:48 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2015-01-28 20:50 - 2009-12-22 13:48 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2015-01-28 20:50 - 2009-12-22 13:47 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2015-01-28 18:16 - 2015-01-28 23:32 - 00000000 ____D () C:\TEMP
2015-01-25 10:19 - 2015-01-25 10:19 - 00000000 ____D () C:\WINDOWS\system32\Adobe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-29 20:02 - 2007-12-01 23:39 - 00000000 ____D () C:\Documents and Settings\Philip\Local Settings\Temp
2015-01-29 19:57 - 2007-12-01 23:39 - 00000000 ____D () C:\Documents and Settings\Philip
2015-01-29 19:48 - 2011-04-22 00:47 - 00000316 ___SH () C:\WINDOWS\Tasks\okoalmjjj.job
2015-01-29 19:48 - 2011-04-22 00:47 - 00000316 ___SH () C:\WINDOWS\Tasks\Ixsrtjjfv.job
2015-01-29 19:48 - 2011-04-22 00:47 - 00000312 ___SH () C:\WINDOWS\Tasks\QPORHAZNL.job
2015-01-29 19:45 - 2007-12-01 23:59 - 01523271 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-29 19:42 - 2007-12-02 14:04 - 00000000 ____D () C:\Program Files\BitComet
2015-01-29 19:39 - 2012-04-04 02:13 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-29 19:31 - 2011-05-21 12:34 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-507921405-1343024091-1004UA.job
2015-01-29 18:58 - 2011-05-21 12:35 - 00002315 _____ () C:\Documents and Settings\Philip\Desktop\Google Chrome.lnk
2015-01-29 18:56 - 2007-12-01 23:30 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-29 18:41 - 2007-12-01 23:39 - 00000178 ___SH () C:\Documents and Settings\Philip\ntuser.ini
2015-01-29 18:41 - 2007-12-01 23:35 - 00032298 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-29 17:31 - 2011-05-21 12:34 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-507921405-1343024091-1004Core.job
2015-01-28 23:29 - 2009-02-04 00:57 - 00000000 ____D () C:\Documents and Settings\Philip\Start Menu\Programs\PINKBELLSOFTWARE
2015-01-28 23:29 - 2007-12-03 12:02 - 00000000 ____D () C:\Documents and Settings\Philip\Start Menu\Programs\Thief The Dark Theme
2015-01-28 23:25 - 2014-10-06 10:51 - 00000000 __SHD () C:\Program Files\Windows Manager
2015-01-28 23:07 - 2014-05-20 17:46 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-507921405-1343024091-1004.job
2015-01-28 23:07 - 2010-12-05 17:30 - 00000288 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-507921405-1343024091-1004.job
2015-01-28 23:07 - 2001-08-18 04:00 - 00001374 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-28 22:53 - 2009-12-22 13:35 - 01111583 _____ () C:\WINDOWS\setupapi.log
2015-01-28 21:48 - 2011-04-20 19:50 - 00000064 _____ () C:\WINDOWS\system32\rp_stats.dat
2015-01-28 21:48 - 2011-04-20 19:50 - 00000044 _____ () C:\WINDOWS\system32\rp_rules.dat
2015-01-28 21:11 - 2009-10-09 00:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-01-28 20:09 - 2011-05-12 22:53 - 00000178 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini
2015-01-28 17:27 - 2012-04-25 20:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-28 09:26 - 2014-10-14 18:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 10:14 - 2008-03-13 06:30 - 00000000 ____D () C:\Documents and Settings\Philip\Local Settings\Application Data\Adobe
2015-01-25 08:39 - 2012-04-04 02:13 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-25 08:39 - 2011-05-21 12:24 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-23 12:28 - 2008-03-20 20:55 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-01-23 01:33 - 2010-09-22 02:48 - 00000000 ___HD () C:\Documents and Settings\Philip\Application Data\vlc
2015-01-09 03:17 - 2009-12-29 21:03 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2015-01-09 03:17 - 2007-12-02 15:25 - 00045056 _____ () C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-08 15:23 - 2007-12-01 15:21 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2015-01-07 20:41 - 2007-12-01 15:21 - 00000048 _____ () C:\WINDOWS\wiaservc.log
 
==================== Files in the root of some directories =======
 
2013-06-26 04:39 - 2014-01-08 06:33 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2010-03-27 04:48 - 2010-03-27 04:48 - 0000135 ____H () C:\Documents and Settings\Philip\Application Data\default.pls
2011-04-12 22:26 - 2011-04-13 02:27 - 0014688 ___SH () C:\Documents and Settings\Philip\Local Settings\Application Data\1064911305
2011-04-22 22:00 - 2011-04-22 22:50 - 0017738 ___SH () C:\Documents and Settings\Philip\Local Settings\Application Data\b2t5a3uth3e15m2xs3s8l52f31plit8
2007-12-02 15:25 - 2015-01-09 03:17 - 0045056 _____ () C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some content of TEMP:
====================
C:\Documents and Settings\Philip\Local Settings\Temp\stuprt.exe
C:\Documents and Settings\Philip\Local Settings\Temp\_is4.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2004-08-04 00:56] - [2009-02-09 02:20] - 0399360 ____A (Microsoft Corporation) 01095febf33beea00c2a0730b9b3ec28     
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 
 

FRST.txt

Addition.txt

Rkill.txt

Link to post
Share on other sites

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Running Rkill first is not a problem. I am reviewing your logs now and will have a start on the clean up soon.

Can you tell me if you are having any strange audio ads playing in the background or anything similar?

Link to post
Share on other sites

Much work to be done on your system but it is do-able!!! Let's get started, ok??


Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST by double clicking on the FRST.exe file. The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.

Fixlist.txt

Link to post
Share on other sites

Thanks very much for taking this on dbreeze...

 

P2P/Piracy Warning:







Running Rkill first is not a problem. I am reviewing your logs now and will have a start on the clean up soon.

Can you tell me if you are having any strange audio ads playing in the background or anything similar?

 

As this is my son's machine, I'll have to ask him tonight, but he didn't mention any audio weirdness.

 

Much work to be done on your system but it is do-able!!! Let's get started, ok??





Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST by double clicking on the FRST.exe file. The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.

 

We're living on different 'shifts' here (we keep strange hours) so a reply to these tasks will need to wait until I get back from work in about 14 hours; then I can get back on his machine again. Thanks again!

Link to post
Share on other sites

Running FRST it crashed just before restart,relaunched it and restarted.

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Philip at 2015-01-30 22:32:50 Run:2
Running from C:\Documents and Settings\Philip\My Documents\Downloads
Loaded Profiles: Philip (Available profiles: Philip & Dad & Mom & UpdatusUser & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\Run: [setMyHomePage] => C:\Documents and Settings\Philip\Application Data\SetMyHomePage\setmyhomepage.exe
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\CurrentVersion\Windows: [Load] C:\WINDOWS\system32\Microsoft.com <===== ATTENTION
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\MountPoints2: D - D:\panel.exe
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\MountPoints2: {1c04fb32-ef46-11de-8870-806d6172696f} - D:\autorun.exe
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\MountPoints2: {2a19b408-eefe-11de-a0da-806d6172696f} - D:\autorun.exe
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\MountPoints2: {3991db60-a0ae-11dc-8f75-806d6172696f} - D:\setup.exe
HKU\S-1-5-18\...\RunOnce: [WindowsUpdate] => C:\WINDOWS\system32\Microsoft.com [339456 2014-04-07] ()
HKU\S-1-5-18\...\CurrentVersion\Windows: [Load] C:\WINDOWS\system32\Microsoft.com <===== ATTENTION
AppInit_DLLs: c:\windows\system32\natapafu.dll => c:\windows\system32\natapafu.dll File Not Found
AppInit_DLLs:  C:\WINDOWS\system32\tetuluyu.dll => C:\WINDOWS\system32\tetuluyu.dll File Not Found
AppInit_DLLs:  dbuemr.dll => dbuemr.dll File Not Found
AppInit_DLLs:  c:\windows\system32\pabinula.dll => c:\windows\system32\pabinula.dll File Not Found
AppInit_DLLs:  c:\windows\system32\, C:\WINDOWS\system32\nikonome.dll => C:\WINDOWS\system32\nikonome.dll File Not Found
IFEO\AAWService.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\AAWTray.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\Ad-AwareAdmin.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\AvastSvc.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\AvastUI.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avcenter.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avconfig.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgchsvx.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgemc.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgnt.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avguard.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avp.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avscan.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\bdagent.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\ccuac.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\ComboFix.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\egui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\hijackthis.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\instup.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\keyscrambler.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\loggingserver.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbam.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbamgui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbampt.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbamscheduler.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbamservice.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\MpCmdRun.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\MSASCui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\MsMpEng.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\msseces.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\rstrui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\spybotsd.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\ToolbarUpdater.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\vprot.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\wireshark.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\zlclient.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
Lsa: [Notification Packages] scecli C:\WINDOWS\system32\suduvide.dll C:\WINDOWS\system32\gumakona.dll C:\WINDOWS\system32\tetuluyu.dll C:\WINDOWS\system32\nikonome.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Windows Update.lnk
ShortcutTarget: Microsoft Windows Update.lnk -> C:\Documents and Settings\Philip\Application Data\Microsoft\schost.exe (Oracle Corporation)
ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} =>  No File
HKU\S-1-5-21-839522115-507921405-1343024091-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://terra.im/
HKU\S-1-5-21-839522115-507921405-1343024091-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://terra.im/
HKU\S-1-5-21-839522115-507921405-1343024091-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://terra.im/
URLSearchHook: HKU\S-1-5-21-839522115-507921405-1343024091-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = 
SearchScopes: HKU\S-1-5-21-839522115-507921405-1343024091-1004 -> DefaultScope {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = http://terra.im/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-839522115-507921405-1343024091-1004 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = http://terra.im/search?q={searchTerms}
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-839522115-507921405-1343024091-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Plugin HKU\S-1-5-21-839522115-507921405-1343024091-1004: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Extension: FlashGot - C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-05-13]
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\40.0.2214.93\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Chrome NaCl) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\40.0.2214.93\gears.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKLM\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files\1ClickDownload\1click10.crx [Not Found]
S2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [X]
S3 cportclm; \??\C:\DOCUME~1\Philip\LOCALS~1\Temp\cportclm.sys [X]
S3 estream; \??\C:\DOCUME~1\Philip\LOCALS~1\Temp\estream.sys [X]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
S3 rtl8139; System32\DRIVERS\RTL8139.SYS [X]
U1 WS2IFSL; No ImagePath
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll N (the data entry has 6 more characters).
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => ?
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{77BCF0F1-B9C0-4F32-9651-9DE87D586092}.exe
Task: C:\WINDOWS\Tasks\Ixsrtjjfv.job => ?
Task: C:\WINDOWS\Tasks\okoalmjjj.job => ?
Task: C:\WINDOWS\Tasks\QPORHAZNL.job => ?
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""
2015-01-29 19:48 - 2011-04-22 00:47 - 00000316 ___SH () C:\WINDOWS\Tasks\okoalmjjj.job
2015-01-29 19:48 - 2011-04-22 00:47 - 00000316 ___SH () C:\WINDOWS\Tasks\Ixsrtjjfv.job
2015-01-29 19:48 - 2011-04-22 00:47 - 00000312 ___SH () C:\WINDOWS\Tasks\QPORHAZNL.job
2011-04-12 22:26 - 2011-04-13 02:27 - 0014688 ___SH () C:\Documents and Settings\Philip\Local Settings\Application Data\1064911305
2011-04-22 22:00 - 2011-04-22 22:50 - 0017738 ___SH () C:\Documents and Settings\Philip\Local Settings\Application Data\b2t5a3uth3e15m2xs3s8l52f31plit8
2007-12-02 15:25 - 2015-01-09 03:17 - 0045056 _____ () C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Philip\Local Settings\Temp\stuprt.exe
C:\Documents and Settings\Philip\Local Settings\Temp\_is4.exe
C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default\user.js
C:\WINDOWS\system32\suduvide.dll
C:\WINDOWS\system32\gumakona.dll
C:\WINDOWS\system32\tetuluyu.dll
C:\WINDOWS\system32\nikonome.dll
C:\Documents and Settings\Philip\Application Data\Microsoft\schost.exe
C:\WINDOWS\system32\Microsoft.com
C:\windows\system32\pabinula.dll
C:\windows\system32\natapafu.dll
C:\WINDOWS\system32\dbuemr.dll
Reboot:
end
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-839522115-507921405-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SetMyHomePage => Value not found.
HKU\S-1-5-21-839522115-507921405-1343024091-1004\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
HKU\S-1-5-21-839522115-507921405-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D => Key not found. 
HKU\S-1-5-21-839522115-507921405-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c04fb32-ef46-11de-8870-806d6172696f} => Key not found. 
HKCR\CLSID\{1c04fb32-ef46-11de-8870-806d6172696f} => Key not found. 
HKU\S-1-5-21-839522115-507921405-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a19b408-eefe-11de-a0da-806d6172696f} => Key not found. 
HKCR\CLSID\{2a19b408-eefe-11de-a0da-806d6172696f} => Key not found. 
HKU\S-1-5-21-839522115-507921405-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3991db60-a0ae-11dc-8f75-806d6172696f} => Key not found. 
HKCR\CLSID\{3991db60-a0ae-11dc-8f75-806d6172696f} => Key not found. 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WindowsUpdate => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
"c:\windows\system32\natapafu.dll" => Value Data not found.
" C:\WINDOWS\system32\tetuluyu.dll" => Value Data not found.
" dbuemr.dll" => Value Data not found.
" c:\windows\system32\pabinula.dll" => Value Data not found.
" c:\windows\system32\, C:\WINDOWS\system32\nikonome.dll" => Value Data not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AAWService.exe => Key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AAWTray.exe => Key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Ad-AwareAdmin.exe => Key not found. 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe" => Key Deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgchsvx.exe => Key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgemc.exe => Key not found. 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe" => Key Deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\loggingserver.exe => Key not found. 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe" => Key Deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ToolbarUpdater.exe => Key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vprot.exe => Key not found. 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe" => Key Deleted successfully.
HKLM\System\CurrentControlSet\Control\Lsa\\Notification Packages => Value was restored successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Windows Update.lnk not found.
C:\Documents and Settings\Philip\Application Data\Microsoft\schost.exe not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files => Key not found. 
HKCR\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03} => Key not found. 
HKU\S-1-5-21-839522115-507921405-1343024091-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-839522115-507921405-1343024091-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-839522115-507921405-1343024091-1004\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-839522115-507921405-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-839522115-507921405-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} => Key not found. 
HKCR\CLSID\{4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found. 
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKU\S-1-5-21-839522115-507921405-1343024091-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004\Software\MozillaPlugins\@adobe.com/FlashPlayer" => Key deleted successfully.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll not found.
C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi => Moved successfully.
C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\40.0.2214.93\gcswf32.dll not found.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll not found.
C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll not found.
C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\40.0.2214.93\gears.dll not found.
C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh" => Key deleted successfully.
Lavasoft Ad-Aware Service => Service deleted successfully.
cportclm => Service deleted successfully.
estream => Service deleted successfully.
hpt3xx => Service deleted successfully.
IntelIde => Service deleted successfully.
rtl8139 => Service deleted successfully.
WS2IFSL => Service deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully.
"HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => Moved successfully.
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
C:\WINDOWS\Tasks\Ixsrtjjfv.job => Moved successfully.
C:\WINDOWS\Tasks\okoalmjjj.job => Moved successfully.
C:\WINDOWS\Tasks\QPORHAZNL.job => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}" => Key deleted successfully.
"C:\WINDOWS\Tasks\okoalmjjj.job" => File/Directory not found.
"C:\WINDOWS\Tasks\Ixsrtjjfv.job" => File/Directory not found.
"C:\WINDOWS\Tasks\QPORHAZNL.job" => File/Directory not found.
C:\Documents and Settings\Philip\Local Settings\Application Data\1064911305 => Moved successfully.
C:\Documents and Settings\Philip\Local Settings\Application Data\b2t5a3uth3e15m2xs3s8l52f31plit8 => Moved successfully.
C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Documents and Settings\Philip\Local Settings\Temp\stuprt.exe => Moved successfully.
C:\Documents and Settings\Philip\Local Settings\Temp\_is4.exe => Moved successfully.
C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default\user.js => Moved successfully.
"C:\WINDOWS\system32\suduvide.dll" => File/Directory not found.
"C:\WINDOWS\system32\gumakona.dll" => File/Directory not found.
"C:\WINDOWS\system32\tetuluyu.dll" => File/Directory not found.
"C:\WINDOWS\system32\nikonome.dll" => File/Directory not found.
"C:\Documents and Settings\Philip\Application Data\Microsoft\schost.exe" => File/Directory not found.
C:\WINDOWS\system32\Microsoft.com => Moved successfully.
"C:\windows\system32\pabinula.dll" => File/Directory not found.
"C:\windows\system32\natapafu.dll" => File/Directory not found.
"C:\WINDOWS\system32\dbuemr.dll" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 22:32:59 ====
Link to post
Share on other sites

Sorry about this but I really do need to check that what was supposed to be deleted got deleted so, we need to get a fresh scan from FRST.

  • If you still have the Addition.txt file on your desktop, please delete it now.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update.  Allow it do this please.  Otherwise, just wait for the "The tool is ready to use." message.
  • Please check the Addition.txt in the Option Scan section of FRST.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

Also, how is your system running now?

Link to post
Share on other sites

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by Philip (administrator) on PJH01 on 03-02-2015 05:40:57
Running from C:\Documents and Settings\Philip\My Documents\Downloads
Loaded Profiles: Philip (Available profiles: Philip & Dad & Mom & UpdatusUser & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG2015\avgcsrvx.exe
(Acronis) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG2015\avgidsagent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Seagate) C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
(Acronis) C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Microsoft Corp.) C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
() C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
() C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
() C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
() C:\Program Files\ASUS\AASP\1.00.91\aaCenter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DiscWizardMonitor.exe] => C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [1169744 2007-04-19] (Seagate)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe [1945688 2007-04-19] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [149024 2007-04-19] (Acronis)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [116040 2008-07-10] (Apple Inc.)
HKLM\...\Run: [MRT] => "C:\WINDOWS\system32\MRT.exe" /R
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2009-07-23] (Apple Computer, Inc.)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [570664 2008-07-09] (Nero AG)
HKLM\...\Run: [iMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-03] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [Logitech Utility] => C:\WINDOWS\Logi_MwX.Exe [19968 2003-12-17] (Logitech Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [unlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [bing Bar] => C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe [243544 2010-03-24] (Microsoft Corp.)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [274608 2010-12-05] (RealNetworks, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16859648 2008-01-29] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Ai Nap] => C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [1431040 2009-05-25] ()
HKLM\...\Run: [QFan Help] => C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe [598528 2009-04-30] ()
HKLM\...\Run: [CPU Power Monitor] => C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe [627200 2008-01-09] ()
HKLM\...\Run: [ASUS Energy Saving] => C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe [1352704 2009-01-22] ()
HKLM\...\Run: [Cpu Level Up help] => C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [881152 2007-11-30] ()
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1632360 2011-05-04] ()
HKLM\...\Run: [vProt] => "C:\Program Files\AVG Secure Search\vprot.exe"
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG2015\avgui.exe [0 ] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [userFaultCheck] => %systemroot%\system32\dumprep 0 -u
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\Run: [steam] => C:\Program Files\Valve\Steam\\Steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\Run: [DW6] => "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-06-24] (Nero AG)
HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\Run: [Google Update] => C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-05-21] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [WindowsUpdate] => "C:\WINDOWS\system32\Microsoft.com"
Lsa: [Authentication Packages] msv1_0 relog_ap
BootExecute: autocheck autochk * C:\PROGRA~1\AVG2015\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKU\S-1-5-21-839522115-507921405-1343024091-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-839522115-507921405-1343024091-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6DC35883-7579-4889-A170-C63D0EA0670C}&mid=881b997898b6f2b25fa352d5bbcfaa1b-0664d2e18c7e20d85f148e7837320b9bb2a9f558〈=us&ds=AVG&pr=fr&d=2011-12-2518:34:25&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.609 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.609 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.609 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.609 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-839522115-507921405-1343024091-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-839522115-507921405-1343024091-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default\searchplugins\defaultsearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: 1Click Downloader - C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default\Extensions\OneClickDownloader@OneClickDownloader.com.xpi [2012-04-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-17]
FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010-08-01]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-08-01]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-12-05]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011-04-12]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.3.0.49
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\40.0.2214.93\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll (Apple Computer, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U23) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\40.0.2214.93\pdf.dll ()
CHR Plugin: (Chrome NaCl) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\40.0.2214.93\gears.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-28]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-05-21]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-28]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-12-05]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\\ChromeExt\\avg.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation) [File not signed]
R2 AcrSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [411168 2007-04-19] (Acronis)
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2004-08-04] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-07-10] (Apple Inc.)
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2004-08-04] (Microsoft Corporation) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG2015\avgidsagent.exe [0 ] (AVG Technologies CZ, s.r.o.) <==== ATTENTION (zero size file/folder)
S2 avgwd; C:\Program Files\AVG2015\avgwdsvc.exe [0 ] (AVG Technologies CZ, s.r.o.) <==== ATTENTION (zero size file/folder)
R2 BITS; C:\WINDOWS\system32\qmgr.dll [382464 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2007-07-24] (Apple Inc.) [File not signed]
S2 Browser; C:\WINDOWS\System32\browser.dll [77312 2004-08-04] (Microsoft Corporation) [File not signed]
S3 cisvc; C:\WINDOWS\system32\cisvc.exe [5632 2004-08-04] (Microsoft Corporation) [File not signed]
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2004-08-04] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [60416 2004-08-04] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [399360 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [111104 2004-08-04] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2004-08-04] (Microsoft Corp., Veritas Software) [File not signed]
S3 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2004-08-04] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2004-08-04] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [134656 2004-08-04] (Microsoft Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38912 2004-08-04] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2004-08-04] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2004-08-04] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150016 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2004-08-04] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-02-02] (Sun Microsystems, Inc.)
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [96768 2004-08-04] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-09] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2004-08-04] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2004-08-04] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\System32\mnmsrvc.exe [32768 2004-08-04] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [6144 2004-08-04] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2005-05-03] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2004-08-04] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2004-08-04] (Microsoft Corporation) [File not signed]
S2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-24] (NVIDIA Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [86016 2004-08-04] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\WINDOWS\system32\p2psvc.dll [526848 2004-08-04] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\WINDOWS\system32\p2psvc.dll [526848 2004-08-04] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
S3 PNRPSvc; C:\WINDOWS\system32\p2psvc.dll [526848 2004-08-04] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [89088 2004-08-04] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [174080 2004-08-04] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [140800 2004-08-04] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [49152 2001-08-18] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2004-08-04] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [399360 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2001-08-18] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [190976 2004-08-04] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2004-08-04] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [38912 2004-08-04] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2004-08-04] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [134656 2004-08-04] (Microsoft Corporation) [File not signed]
S2 SimpTcp; C:\WINDOWS\System32\tcpsvcs.exe [19456 2001-08-18] (Microsoft Corporation) [File not signed]
S2 SNMP; C:\WINDOWS\System32\snmp.exe [33280 2006-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [8704 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [57856 2004-08-04] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [170496 2004-08-04] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2004-08-04] (Microsoft Corporation) [File not signed]
S3 stisvc; C:\WINDOWS\system32\wiaservc.dll [333312 2004-08-04] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2004-08-04] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [246272 2004-08-04] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [134656 2004-08-04] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90624 2004-08-04] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185344 2004-08-04] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2004-08-04] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2004-08-04] (Microsoft Corporation) [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2015-01-30] (AVG Secure Search)
R2 W32Time; C:\WINDOWS\system32\w32time.dll [174592 2004-08-04] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [67584 2004-08-04] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2004-08-04] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\System32\mspmsnsv.dll [52224 2004-08-04] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2004-08-04] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [81408 2004-08-04] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2004-08-04] (Microsoft Corporation) [File not signed]
S3 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [359936 2004-08-04] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129536 2004-08-04] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2004-08-03] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2001-08-18] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142464 2004-08-04] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138368 2008-08-14] (Microsoft Corporation) [File not signed]
S1 AmdK7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [37376 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2004-08-04] (Microsoft Corporation) [File not signed]
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] ()
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2004-08-03] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [95360 2004-08-03] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2004-08-03] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [192792 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2015-01-30] (AVG Technologies)
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2001-08-18] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2001-08-18] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2004-08-03] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [49536 2004-08-03] (Microsoft Corporation) [File not signed]
S3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2004-08-03] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2004-08-03] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmio; C:\WINDOWS\system32\Drivers\dmio.sys [153344 2004-08-03] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmload; C:\WINDOWS\system32\Drivers\dmload.sys [5888 2001-08-18] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2004-08-03] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2004-08-04] (Microsoft Corporation) [File not signed]
R4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143360 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2004-08-03] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [34944 2001-08-18] (Microsoft Corporation) [File not signed]
R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2004-08-03] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [124800 2004-08-03] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2001-08-18] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2001-08-18] (Microsoft Corporation) [File not signed]
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2004-08-03] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider) [File not signed]
R3 hidusb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [9600 2001-08-18] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [263552 2009-10-20] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52736 2004-08-03] (Microsoft Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [41856 2004-08-03] (Microsoft Corporation) [File not signed]
R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4725760 2008-01-30] (Realtek Semiconductor Corp.) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36096 2004-08-03] (Microsoft Corporation) [File not signed]
R3 ip6fw; C:\WINDOWS\System32\drivers\ip6fw.sys [29056 2004-08-03] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2001-08-18] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20992 2004-08-03] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [134912 2004-08-03] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [74752 2004-08-03] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2004-08-03] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [35840 2001-08-18] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2004-08-03] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14848 2004-08-03] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [171776 2004-08-04] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92544 2009-06-22] (Microsoft Corporation) [File not signed]
S3 L8042PR2; C:\WINDOWS\System32\Drivers\l8042pr2.sys [51729 2003-12-17] (Logitech, Inc.) [File not signed]
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64512 2011-06-20] (Lavasoft AB)
S3 LHidFlt2; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [25505 2003-12-17] (Logitech, Inc.) [File not signed]
S3 LHidUsb; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [37887 2003-12-17] (Logitech, Inc.) [File not signed]
S3 LMouFlt2; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [70801 2003-12-17] (Logitech, Inc.) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2001-08-18] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2004-08-03] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42240 2004-08-03] (Microsoft Corporation) [File not signed]
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [181248 2004-08-03] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [454016 2010-02-24] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2004-08-04] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2004-08-04] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2004-08-04] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2004-08-04] (Microsoft Corporation) [File not signed]
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] () [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [107904 2004-08-03] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182912 2004-08-03] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [9600 2001-08-18] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [12928 2004-08-04] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91776 2004-08-03] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [38016 2001-08-18] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34560 2004-08-03] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2004-08-03] (Microsoft Corporation) [File not signed]
R3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2004-08-03] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574592 2004-08-03] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2001-08-18] (Microsoft Corporation) [File not signed]
R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [12753664 2011-05-24] (NVIDIA Corporation) [File not signed]
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-07-31] (NVIDIA Corporation) [File not signed]
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [164896 2009-06-30] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-07-31] (NVIDIA Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2001-08-18] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2001-08-18] (Microsoft Corporation) [File not signed]
R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61056 2004-08-03] (Microsoft Corporation) [File not signed]
S3 ousb2hub; C:\WINDOWS\System32\DRIVERS\ousb2hub.sys [56960 2005-06-15] (OrangeWare Corporation) [File not signed]
S2 ousbehci; C:\WINDOWS\System32\Drivers\ousbehci.sys [45440 2005-06-15] (OrangeWare Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [18688 2001-08-18] (Microsoft Corporation) [File not signed]
R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2001-08-18] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2004-08-03] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-18] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [119936 2004-08-03] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2004-08-03] (Microsoft Corporation) [File not signed]
S1 Processor; C:\WINDOWS\System32\DRIVERS\processr.sys [35328 2004-08-04] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2001-08-18] (Parallel Technologies, Inc.) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2001-08-18] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2004-08-03] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2001-08-18] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [176512 2004-08-03] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2001-08-18] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57472 2004-08-03] (Microsoft Corporation) [File not signed]
S3 RTLE8023xp; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [111360 2008-08-07] (Realtek Semiconductor Corporation                           ) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] () [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15488 2004-08-03] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64896 2004-08-03] (Microsoft Corporation) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6400 2004-08-03] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [352640 2009-12-31] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2004-08-04] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [54272 2001-08-18] (Microsoft Corporation) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [360320 2008-06-20] (Microsoft Corporation) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2004-08-04] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2004-08-04] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2004-08-04] (Microsoft Corporation) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [32768 2007-12-03] (Acronis) [File not signed]
R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [392320 2007-12-03] (Acronis) [File not signed]
R3 tunmp; C:\WINDOWS\System32\DRIVERS\tunmp.sys [12416 2004-08-04] (Microsoft Corporation) [File not signed]
S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66176 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [209408 2004-08-03] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [31616 2004-08-03] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [26624 2004-08-03] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [57600 2004-08-03] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\WINDOWS\System32\DRIVERS\usbohci.sys [17024 2004-08-03] (Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26496 2004-08-03] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20480 2004-08-03] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2004-08-03] (Microsoft Corporation) [File not signed]
R0 viaagp; C:\WINDOWS\System32\DRIVERS\viaagp.sys [42240 2004-08-03] (Microsoft Corporation) [File not signed]
R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaide.sys [5376 2004-08-03] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2004-08-03] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [82944 2004-08-04] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-03] (Microsoft Corporation) [File not signed]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-03 05:05 - 2015-02-03 05:08 - 00312834 _____ () C:\Documents and Settings\Philip\Desktop\Rkill.txt
2015-02-03 04:58 - 2015-02-03 04:58 - 00000408 _____ () C:\Documents and Settings\Philip\Desktop\Shortcut to Downloads.lnk
2015-01-30 22:36 - 2015-01-30 22:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2015-01-30 22:15 - 2015-02-03 05:03 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2015-01-30 22:15 - 2015-01-31 23:28 - 00001409 _____ () C:\WINDOWS\QTFont.for
2015-01-29 20:02 - 2015-02-03 05:41 - 00000000 ____D () C:\FRST
2015-01-28 23:16 - 2015-01-28 23:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2015-01-28 22:57 - 2015-01-28 22:57 - 00000000 ____D () C:\Documents and Settings\Philip\Application Data\AVG2015
2015-01-28 22:55 - 2015-01-28 22:55 - 00000000 ____D () C:\Documents and Settings\Philip\Local Settings\Application Data\Avg2015
2015-01-28 22:54 - 2015-01-28 22:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVG2015
2015-01-28 22:53 - 2015-01-28 22:53 - 00000642 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-01-28 22:53 - 2015-01-28 22:53 - 00000000 ___HD () C:\$AVG
2015-01-28 22:53 - 2015-01-28 22:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-01-28 22:53 - 2015-01-28 22:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2015-01-28 22:53 - 2015-01-28 22:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2015-01-28 22:52 - 2015-01-28 22:53 - 00000000 ____D () C:\Program Files\AVG2015
2015-01-28 22:48 - 2015-01-28 22:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2015-01-28 22:48 - 2015-01-28 22:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2015-01-28 22:11 - 2015-01-29 12:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-01-28 22:11 - 2015-01-28 22:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2015
2015-01-28 22:11 - 2015-01-28 22:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2015-01-28 21:55 - 2015-01-28 21:55 - 00020072 _____ () C:\Documents and Settings\UpdatusUser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-28 21:51 - 2015-01-28 21:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-28 21:51 - 2015-01-28 21:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-28 21:51 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-28 21:51 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-28 21:11 - 2015-01-28 21:11 - 00020072 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-28 20:50 - 2015-01-29 18:45 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-01-28 20:50 - 2015-01-28 22:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-01-28 20:50 - 2015-01-28 20:50 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-01-28 20:50 - 2010-06-28 19:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2015-01-28 20:50 - 2009-12-22 13:48 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2015-01-28 20:50 - 2009-12-22 13:48 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2015-01-28 20:50 - 2009-12-22 13:47 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2015-01-28 18:16 - 2015-01-28 23:32 - 00000000 ____D () C:\TEMP
2015-01-25 10:19 - 2015-01-25 10:19 - 00000000 ____D () C:\WINDOWS\system32\Adobe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-03 05:41 - 2007-12-01 23:39 - 00000000 ____D () C:\Documents and Settings\Philip\Local Settings\Temp
2015-02-03 05:39 - 2012-04-04 02:13 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-03 05:31 - 2011-05-21 12:34 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-507921405-1343024091-1004UA.job
2015-02-03 05:04 - 2007-12-01 23:59 - 01548285 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-03 05:03 - 2014-05-20 17:46 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-507921405-1343024091-1004.job
2015-02-03 05:03 - 2013-01-24 13:01 - 00000342 _____ () C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
2015-02-03 05:03 - 2007-12-01 23:30 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-03 05:03 - 2001-08-18 04:00 - 00001374 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-02 21:39 - 2007-12-01 23:35 - 00032506 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-02 17:31 - 2011-05-21 12:34 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-507921405-1343024091-1004Core.job
2015-02-01 09:06 - 2007-12-01 23:39 - 00000178 ___SH () C:\Documents and Settings\Philip\ntuser.ini
2015-01-30 23:56 - 2007-12-01 23:39 - 00000000 ____D () C:\Documents and Settings\Philip
2015-01-30 22:36 - 2011-12-25 18:34 - 00000000 ____D () C:\Program Files\AVG Secure Search
2015-01-30 22:35 - 2012-11-08 14:10 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2015-01-30 22:15 - 2014-10-06 10:51 - 00000000 __SHD () C:\Program Files\Windows Manager
2015-01-30 12:28 - 2008-03-20 20:55 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-01-30 02:38 - 2010-09-22 02:48 - 00000000 ___HD () C:\Documents and Settings\Philip\Application Data\vlc
2015-01-29 22:42 - 2010-12-05 17:30 - 00000288 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-507921405-1343024091-1004.job
2015-01-29 19:42 - 2007-12-02 14:04 - 00000000 ____D () C:\Program Files\BitComet
2015-01-29 18:58 - 2011-05-21 12:35 - 00002315 _____ () C:\Documents and Settings\Philip\Desktop\Google Chrome.lnk
2015-01-28 23:29 - 2009-02-04 00:57 - 00000000 ____D () C:\Documents and Settings\Philip\Start Menu\Programs\PINKBELLSOFTWARE
2015-01-28 23:29 - 2007-12-03 12:02 - 00000000 ____D () C:\Documents and Settings\Philip\Start Menu\Programs\Thief The Dark Theme
2015-01-28 22:53 - 2009-12-22 13:35 - 01111583 _____ () C:\WINDOWS\setupapi.log
2015-01-28 21:48 - 2011-04-20 19:50 - 00000064 _____ () C:\WINDOWS\system32\rp_stats.dat
2015-01-28 21:48 - 2011-04-20 19:50 - 00000044 _____ () C:\WINDOWS\system32\rp_rules.dat
2015-01-28 21:11 - 2009-10-09 00:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-01-28 20:09 - 2011-05-12 22:53 - 00000178 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini
2015-01-28 17:27 - 2012-04-25 20:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-28 09:26 - 2014-10-14 18:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 10:14 - 2008-03-13 06:30 - 00000000 ____D () C:\Documents and Settings\Philip\Local Settings\Application Data\Adobe
2015-01-25 08:39 - 2012-04-04 02:13 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-25 08:39 - 2011-05-21 12:24 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-09 03:17 - 2009-12-29 21:03 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2015-01-08 15:23 - 2007-12-01 15:21 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2015-01-07 20:41 - 2007-12-01 15:21 - 00000048 _____ () C:\WINDOWS\wiaservc.log
 
==================== Files in the root of some directories =======
 
2013-06-26 04:39 - 2014-01-08 06:33 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2010-03-27 04:48 - 2010-03-27 04:48 - 0000135 ____H () C:\Documents and Settings\Philip\Application Data\default.pls
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2004-08-04 00:56] - [2009-02-09 02:20] - 0399360 ____A (Microsoft Corporation) 01095febf33beea00c2a0730b9b3ec28     
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
Link to post
Share on other sites

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015
Ran by Philip at 2015-02-03 05:41:40
Running from C:\Documents and Settings\Philip\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus (Disabled - Up to date) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 4.58 beta (HKLM\...\7-Zip) (Version:  - )
Ad-Aware (HKLM\...\{85195381-0426-4715-8D25-E21B9457FC00}) (Version: 9.0.6 - Lavasoft Limited)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
AI Suite (HKLM\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.05.30 - )
ALZip (HKLM\...\ALZip_is1) (Version: 6.1 - ESTsoft Corp.)
Apple Mobile Device Support (HKLM\...\{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}) (Version: 2.0.0.33 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Aquaria (HKLM\...\Aquaria) (Version:  - )
AutoStreamer (HKLM\...\{4218F0E1-CBAF-4D68-B6FE-B3504770829F}) (Version: 1.0.33.1 - Antonis Kaladis)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1363.0 - Microsoft Corporation)
Bing Bar Platform (Version: 5.0.1423.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}) (Version: 1.0.104 - Apple Inc.)
Breath of Death VII  (HKLM\...\Steam App 107300) (Version:  - Zeboyd Games)
Cthulhu Saves the World  (HKLM\...\Steam App 107310) (Version:  - )
Dawn of War - Soulstorm Demo (HKLM\...\{66615AF8-6B17-4224-853D-7F78BEC06A4F}) (Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm Demo (Version: 1.00.0000 - THQ) Hidden
Dawn of War Gold: Winter Assault (HKLM\...\Steam App 9310) (Version:  - Relic)
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
EVGA Precision 1.7.1 (HKLM\...\Precision) (Version: 1.7.1 - EVGA Corporation)
Gemini Rue (HKLM\...\Steam App 80310) (Version:  - Joshua Neurnberger)
Google Chrome (HKU\S-1-5-21-839522115-507921405-1343024091-1004\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Gunpoint (HKLM\...\Steam App 206190) (Version:  - Suspicious Developments)
Half-Life® 2 (HKLM\...\{D45EC259-4A19-4656-B588-C2C360DD18EA}) (Version: 1.0.0.0 - Valve)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Java 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.240 - Oracle)
King's Quest I: Quest for the Crown (4.1c) (HKLM\...\{486CC64F-030A-4C9A-8716-87E26D28FKQ1}_is1) (Version: 4.1 - AGD Interactive, LLC)
Logitech MouseWare 9.79.1  (HKLM\...\{5809E7CF-4DCF-11D4-9875-00105ACE7734}) (Version:  - )
Logitech SetPoint 5.20 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.20 - Logitech)
MechCommander (HKLM\...\MechCommander UnInstall) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Myst Masterpiece Edition (HKLM\...\{7D1CE80E-3EAE-441E-BE97-625F9ABD07D9}) (Version:  - )
Nero 8 Essentials (HKLM\...\{DDDE21AA-A9A0-49DC-93A3-B10C73241033}) (Version: 8.3.570 - Nero AG)
Neverwinter Nights (HKLM\...\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation)
NVIDIA nView 135.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.85 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
Peggle Extreme (HKLM\...\Steam App 3483) (Version:  - PopCap)
Plants vs. Zombies: Game of the Year (HKLM\...\Steam App 3590) (Version:  - PopCap Games, Inc.)
Psychonauts (HKLM\...\Steam App 3830) (Version:  - Double Fine Productions)
QuickTime (HKLM\...\QuickTime) (Version:  - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.17.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5559 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remove Thief The Dark Theme (HKLM\...\Thief The Dark Theme) (Version:  - )
Rhapsody Player Engine (HKLM\...\{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}) (Version: 1.1.0 - RealNetworks)
Riven (HKLM\...\{D9577427-2D9D-4580-BDB3-FFDDE06A9554}) (Version:  - )
ScummVM 0.11.1 (HKLM\...\ScummVM_is1) (Version:  - )
Seagate DiscWizard (HKLM\...\{81A60A13-224D-4637-8203-3EAC03B121A4}) (Version: 10.0.5018 - Seagate)
Source SDK Base 2006 (HKLM\...\Steam App 215) (Version:  - Valve)
Star Wars®: Knights of the Old Republic (HKLM\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Terraria (HKLM\...\Steam App 105600) (Version:  - )
The Cat Lady (HKLM\...\Steam App 253110) (Version:  - Harvester Games)
Thief 2 (HKLM\...\Thief2DeinstallKey) (Version:  - )
Thomas Was Alone (HKLM\...\Steam App 220780) (Version:  - Mike Bithell)
To the Moon (HKLM\...\Steam App 206440) (Version:  - Freebird Games)
Ultima Collection (HKLM\...\Ultima Collection) (Version:  - )
Ultima IX (HKLM\...\Ultima IX) (Version:  - )
Unlocker 1.9.0 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
User's Guides (HKLM\...\{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}) (Version: 1.20.0000 - Logitech)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
Westwood Shared Internet Components (HKLM\...\WOLAPI) (Version:  - )
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\40.0.2214.93\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839522115-507921405-1343024091-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
 
==================== Restore Points  =========================
 
05-11-2014 19:03:06 System Checkpoint
07-11-2014 02:49:34 System Checkpoint
09-11-2014 01:10:59 System Checkpoint
10-11-2014 17:04:53 System Checkpoint
01-11-2014 18:00:49 System Checkpoint
15-11-2014 03:41:34 System Checkpoint
17-11-2014 03:47:30 System Checkpoint
18-11-2014 17:01:31 System Checkpoint
20-11-2014 11:25:48 System Checkpoint
21-11-2014 16:30:10 System Checkpoint
23-11-2014 03:20:42 System Checkpoint
24-11-2014 03:54:04 System Checkpoint
26-11-2014 02:12:01 System Checkpoint
27-11-2014 12:10:05 System Checkpoint
29-11-2014 00:43:06 System Checkpoint
30-11-2014 23:17:59 System Checkpoint
02-12-2014 18:59:03 System Checkpoint
03-12-2014 20:25:09 System Checkpoint
05-12-2014 02:43:15 System Checkpoint
08-12-2014 20:35:50 System Checkpoint
10-12-2014 02:35:26 System Checkpoint
12-12-2014 04:37:57 System Checkpoint
13-12-2014 09:27:17 System Checkpoint
16-12-2014 03:42:27 System Checkpoint
17-12-2014 14:05:04 System Checkpoint
19-12-2014 02:48:45 System Checkpoint
21-12-2014 04:29:26 System Checkpoint
22-12-2014 04:42:09 System Checkpoint
27-12-2014 17:07:45 System Checkpoint
28-12-2014 18:28:13 System Checkpoint
29-12-2014 23:19:33 System Checkpoint
03-01-2015 13:37:13 System Checkpoint
05-01-2015 02:36:25 System Checkpoint
07-01-2015 12:24:59 System Checkpoint
08-01-2015 15:40:42 System Checkpoint
10-01-2015 03:09:37 System Checkpoint
12-01-2015 12:19:54 System Checkpoint
14-01-2015 11:57:07 System Checkpoint
15-01-2015 14:24:21 System Checkpoint
17-01-2015 04:23:31 System Checkpoint
19-01-2015 15:18:51 System Checkpoint
20-01-2015 15:36:49 System Checkpoint
21-01-2015 18:52:22 System Checkpoint
23-01-2015 02:35:15 System Checkpoint
25-01-2015 13:19:25 System Checkpoint
28-01-2015 11:34:59 System Checkpoint
29-01-2015 21:16:41 System Checkpoint
30-01-2015 22:26:38 Restore Point Created by FRST
30-01-2015 22:32:58 Restore Point Created by FRST
01-02-2015 16:36:35 System Checkpoint
03-02-2015 05:24:57 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2011-04-22 23:37 - 2014-02-06 12:26 - 00450735 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-507921405-1343024091-1004Core.job => C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-507921405-1343024091-1004UA.job => C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-507921405-1343024091-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-507921405-1343024091-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerResumeInstall_Philip.job => C:\Documents and Settings\Philip\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-07-04 13:32 - 2010-07-04 13:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2009-12-22 23:18 - 2011-05-04 23:02 - 00355432 _____ () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
2007-04-19 20:15 - 2007-04-19 20:15 - 00050720 _____ () C:\Program Files\Common Files\Seagate\Common\gc.dll
2015-01-30 22:37 - 2015-01-30 22:35 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2015-01-30 22:37 - 2015-01-30 22:35 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2010-07-04 11:51 - 2010-07-04 11:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2011-04-09 16:20 - 2009-05-25 15:45 - 01431040 _____ () C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
2011-04-09 16:20 - 2008-02-25 14:08 - 00208896 _____ () C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.dll
2011-04-09 16:20 - 2008-01-09 09:17 - 00627200 _____ () C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
2011-04-09 16:20 - 2009-01-22 19:43 - 01352704 _____ () C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe
2011-04-09 16:19 - 2009-04-12 18:37 - 00188928 ____R () C:\Program Files\ASUS\AASP\1.00.91\aasp.dll
2011-04-09 16:20 - 2009-01-22 19:43 - 00409088 _____ () C:\Program Files\ASUS\Ai Suite\EnergySaving\AnimationView.dll
2011-04-09 16:19 - 2009-03-18 23:41 - 00623104 ____R () C:\Program Files\ASUS\AASP\1.00.91\aaCenter.exe
2011-04-09 16:19 - 2006-01-10 00:50 - 00024576 ____R () C:\WINDOWS\system32\AsIO.dll
2011-04-09 16:20 - 2005-06-22 01:39 - 00204851 ____R () C:\Program Files\ASUS\AASP\1.00.91\PowerDll.dll
2011-04-09 16:19 - 2008-01-17 00:46 - 00053248 ____R () C:\Program Files\ASUS\AASP\1.00.91\cpuutil.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-839522115-507921405-1343024091-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-839522115-507921405-1343024091-1008 - Limited - Enabled)
Dad (S-1-5-21-839522115-507921405-1343024091-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dad
Guest (S-1-5-21-839522115-507921405-1343024091-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-839522115-507921405-1343024091-1000 - Limited - Disabled)
Mom (S-1-5-21-839522115-507921405-1343024091-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Mom
Philip (S-1-5-21-839522115-507921405-1343024091-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Philip
SUPPORT_388945a0 (S-1-5-21-839522115-507921405-1343024091-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-839522115-507921405-1343024091-1007 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/03/2015 05:07:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 28.1.2015.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/03/2015 05:03:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application daemonu.exe, version 1.3.5.0, faulting module daemonu.exe, version 1.3.5.0, fault address 0x00059c30.
Processing media-specific event for [daemonu.exe!ws!]
 
Error: (02/01/2015 04:19:57 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application daemonu.exe, version 1.3.5.0, faulting module daemonu.exe, version 1.3.5.0, fault address 0x00059c30.
Error in creating result PEAP-TLV in response to received PEAP-TLV (daemonu.exe!ld!)
 
Error: (02/01/2015 04:07:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application daemonu.exe, version 1.3.5.0, faulting module daemonu.exe, version 1.3.5.0, fault address 0x00059c30.
Processing media-specific event for [daemonu.exe!ws!]
 
Error: (01/31/2015 11:26:08 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application daemonu.exe, version 1.3.5.0, faulting module daemonu.exe, version 1.3.5.0, fault address 0x00059c30.
Error in creating result PEAP-TLV in response to received PEAP-TLV (daemonu.exe!ld!)
 
Error: (01/31/2015 11:15:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application daemonu.exe, version 1.3.5.0, faulting module daemonu.exe, version 1.3.5.0, fault address 0x00059c30.
Processing media-specific event for [daemonu.exe!ws!]
 
Error: (01/31/2015 01:30:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmindexstoresvr.exe, version 3.3.8.0, faulting module unknown, version 0.0.0.0, fault address 0x01e9ec08.
Processing media-specific event for [nmindexstoresvr.exe!ws!]
 
Error: (01/31/2015 01:28:16 AM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application daemonu.exe, version 1.3.5.0, faulting module daemonu.exe, version 1.3.5.0, fault address 0x00059c30.
Error in creating result PEAP-TLV in response to received PEAP-TLV (daemonu.exe!ld!)
 
Error: (01/31/2015 01:27:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application daemonu.exe, version 1.3.5.0, faulting module daemonu.exe, version 1.3.5.0, fault address 0x00059c30.
Processing media-specific event for [daemonu.exe!ws!]
 
Error: (01/31/2015 00:08:09 AM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application daemonu.exe, version 1.3.5.0, faulting module daemonu.exe, version 1.3.5.0, fault address 0x00059c30.
Error in creating result PEAP-TLV in response to received PEAP-TLV (daemonu.exe!ld!)
 
 
System errors:
=============
Error: (02/03/2015 05:06:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/03/2015 05:06:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Simple TCP/IP Services service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/03/2015 05:06:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SNMP Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/03/2015 05:06:37 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.
 
Error: (02/03/2015 05:03:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OrangeWare USB Enhanced Host Controller Service service failed to start due to the following error: 
%%1058
 
Error: (02/01/2015 04:08:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/01/2015 04:08:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.
 
Error: (02/01/2015 04:07:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OrangeWare USB Enhanced Host Controller Service service failed to start due to the following error: 
%%1058
 
Error: (01/31/2015 11:16:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/31/2015 11:16:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.
 
 
Microsoft Office Sessions:
=========================
Error: (02/03/2015 05:07:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe28.1.2015.1hungapp0.0.0.000000000
 
Error: (02/03/2015 05:03:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: daemonu.exe1.3.5.0daemonu.exe1.3.5.000059c30
 
Error: (02/01/2015 04:19:57 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: daemonu.exe1.3.5.0daemonu.exe1.3.5.000059c30
 
Error: (02/01/2015 04:07:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: daemonu.exe1.3.5.0daemonu.exe1.3.5.000059c30
 
Error: (01/31/2015 11:26:08 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: daemonu.exe1.3.5.0daemonu.exe1.3.5.000059c30
 
Error: (01/31/2015 11:15:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: daemonu.exe1.3.5.0daemonu.exe1.3.5.000059c30
 
Error: (01/31/2015 01:30:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nmindexstoresvr.exe3.3.8.0unknown0.0.0.001e9ec08
 
Error: (01/31/2015 01:28:16 AM) (Source: Application Error) (EventID: 1004) (User: )
Description: daemonu.exe1.3.5.0daemonu.exe1.3.5.000059c30
 
Error: (01/31/2015 01:27:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: daemonu.exe1.3.5.0daemonu.exe1.3.5.000059c30
 
Error: (01/31/2015 00:08:09 AM) (Source: Application Error) (EventID: 1004) (User: )
Description: daemonu.exe1.3.5.0daemonu.exe1.3.5.000059c30
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 29%
Total physical RAM: 2046.48 MB
Available physical RAM: 1434.63 MB
Total Pagefile: 3938.11 MB
Available Pagefile: 3566.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.52 GB) (Free:19.67 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (KOTOR_1) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
Drive e: (New Volume) (Fixed) (Total:290.31 GB) (Free:9.37 GB) NTFS
Drive g: (WD Passport) (Fixed) (Total:232.83 GB) (Free:13.44 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: 22B422B3)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 0005B0FB)
Partition 1: (Not Active) - (Size=7.8 GB) - (Type=05)
Partition 2: (Not Active) - (Size=290.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 232.9 GB) (Disk ID: 5B6AC646)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=0C)
 
==================== End Of Log ============================
Link to post
Share on other sites

See if you can start Malwarebytes and run a scan with it.
 
Start Malwarebytes' Anti-Malware.

  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).
Link to post
Share on other sites

malware logfile.txt

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/4/2015
Scan Time: 5:46:38 PM
Logfile: malware logfile.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.04.14
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 2
CPU: x86
File System: NTFS
User: Philip
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 1641191
Time Elapsed: 11 hr, 24 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 7
Trojan.Ransom, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WINMGR.EXE, Quarantined, [ab670b0f8901df575e11e8b0fc05ac54], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe, Quarantined, [7d95c8520b7f65d105989bae3dc73ec2], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnsx.exe, Quarantined, [977ba3779eecfa3cebba46036d978b75], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe, Quarantined, [43cfb565068459dda1070742788c0ef2], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe, Quarantined, [43cf2cee98f2a6905b57c287ab592fd1], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe, Quarantined, [47cbd149fb8f34027a3e054448bcc13f], 
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-839522115-507921405-1343024091-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [f31f1604aedccc6af90d2bb8b64edb25], 
 
Registry Values: 3
Backdoor.Agent.WUGen, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|WindowsUpdate, "C:\WINDOWS\system32\Microsoft.com", Quarantined, [f61c52c8e4a6330352fbbf3b2dd739c7]
Backdoor.Agent, HKU\S-1-5-21-839522115-507921405-1343024091-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|load, C:\WINDOWS\system32\Microsoft.com, Quarantined, [81919e7cc7c332048a455366bd469868]
Backdoor.Agent.WUGen, HKU\S-1-5-21-839522115-507921405-1343024091-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|WindowsUpdate, "C:\WINDOWS\system32\Microsoft.com", Quarantined, [fe1442d8aae0270f1538d2280cf8d22e]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 15
PUP.Optional.OneClickDownloader.A, C:\Documents and Settings\Philip\Local Settings\Temp\TfpiACu9.exe.part, Quarantined, [eb275cbe4644a5913ea663d4f011a957], 
PUP.Optional.DomaIQ, C:\Documents and Settings\Philip\Local Settings\Temp\oqsCI_5w.exe.part, Quarantined, [c34feb2f2d5d5fd7e433bca0e41ce21e], 
PUP.Optional.Downloader, C:\Documents and Settings\Philip\Local Settings\Temp\KPlBPWaG.exe.part, Quarantined, [f022d842f39766d01c1523bd25dc649c], 
Trojan.Ransom, C:\Documents and Settings\Philip\Local Settings\Temp\3825, Quarantined, [9c76ac6e800ab77fc6a9831518e949b7], 
PUP.Optional.FriedCookie, C:\Documents and Settings\Philip\Local Settings\Temp\mUr6FNPX.exe.part, Quarantined, [957d55c52a60fa3caaa9782649bc13ed], 
PUP.Optional.Elite, C:\Documents and Settings\Philip\Local Settings\Temp\pttROQ7D.exe.part, Quarantined, [b85a978384063df9cd62afaa6a968b75], 
Trojan.Rupest, C:\FRST\Quarantine\C\Documents and Settings\Philip\Application Data\Microsoft\schost.exe.xBAD, Quarantined, [f61cea302169ef478674cd2043be45bb], 
Trojan.Rupest, C:\FRST\Quarantine\C\Documents and Settings\Philip\Local Settings\Temp\stuprt.exe.xBAD, Quarantined, [5ab8b06ae9a1fd392bcf54990ff2d030], 
Trojan.Ransom, C:\FRST\Quarantine\C\WINDOWS\system32\Microsoft.com.xBAD, Quarantined, [8c8630ea4347e84e521d8e0a768b0af6], 
Trojan.Ransom, C:\Program Files\Windows Manager\winmgr.exe, Quarantined, [ab670b0f8901df575e11e8b0fc05ac54], 
Trojan.Ransom, C:\System Volume Information\_restore{998BAFE5-16AB-4302-9B9F-CFB7F8440BF3}\RP873\A0249896.exe, Quarantined, [cb4779a17b0fdd5956191a7ebd4440c0], 
Trojan.Ransom, C:\System Volume Information\_restore{998BAFE5-16AB-4302-9B9F-CFB7F8440BF3}\RP873\A0252161.exe, Quarantined, [5cb6f525e0aa71c580efa4f4af5227d9], 
Trojan.Ransom, C:\System Volume Information\_restore{998BAFE5-16AB-4302-9B9F-CFB7F8440BF3}\RP874\A0252234.exe, Quarantined, [d141f723e4a67fb72c43f3a5b24fea16], 
Trojan.Rupest, C:\System Volume Information\_restore{998BAFE5-16AB-4302-9B9F-CFB7F8440BF3}\RP875\A0252241.exe, Quarantined, [a270cb4f4c3e1e1894668667ab56f709], 
Trojan.Ransom, C:\System Volume Information\_restore{998BAFE5-16AB-4302-9B9F-CFB7F8440BF3}\RP876\A0252243.com, Quarantined, [7c969a80f99187af7cf36b2d38c9d729], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

FIRST

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[s0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


SECOND


This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps

For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

Getinstallerpopup2_zps65f446a6.png

Double click on the icon on your desktop.

desktopfile_zps98a1ee89.png

Check (accept) the Terms of Use.

TOU_zps4ecd3406.png

Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start
Loadsettings_2014-08-23_zps3f2d0c88.png



ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

Downloadingsignatures_zps36c38587.png


Scanningdisplay_zpsec3aac14.png

When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats.

Threatsfound_zpsfe95fb4e.png

At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Exporttotextfile_zps16cb487f.png

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

UninstallcheckedandFinish_zps6fb26ad8.pn

Attach the saved log file in your next reply please. Thanks.

Link to post
Share on other sites



# AdwCleaner v4.110 - Logfile created 05/02/2015 at 21:29:42

# Updated 05/02/2015 by Xplode

# Database : 2015-02-05.2 [Local]

# Operating system : Microsoft Windows XP Service Pack 2 (x86)

# Username : Philip - PJH01

# Running from : C:\Documents and Settings\Philip\Desktop\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

Service Deleted : vToolbarUpdater18.1.9

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search

[#] Folder Deleted : C:\Program Files\AVG Secure Search

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\Documents and Settings\Dad\Local Settings\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\Mom\Local Settings\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\Mom\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\Philip\Local Settings\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\Philip\Local Settings\Application Data\AVG Security Toolbar

[!] Folder Deleted : C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default\Extensions\OneClickDownloader@OneClickDownloader.com.xpi

File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\SOFTWARE\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v6.0.2900.2180

 

 

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

 

 

-\\ Google Chrome v

 

[C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [6890 bytes] - [05/02/2015 21:26:26]

AdwCleaner[s0].txt - [6967 bytes] - [05/02/2015 21:29:42]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7026  bytes] ##########

 


Link to post
Share on other sites

ESET log file

 

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\Philip\Application Data\DA8C2DD034684A5B33100A4C9F829E0B\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Documents and Settings\Philip\Application Data\DA8C2DD034684A5B33100A4C9F829E0B\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default\prefs.js JS/SecurityDisabler.A.Gen potentially unwanted application
C:\Documents and Settings\Philip\Application Data\Sun\Java\Deployment\cache\6.0\62\29f71afe-741b248b multiple threats
C:\Documents and Settings\Philip\Local Settings\Temp\Vvy9cJeZ.exe.part NSIS/TrojanDownloader.Adload.AA trojan
C:\Documents and Settings\Philip\My Documents\My Fence\AVPg files\JG98.zip a variant of Win32/GameHack.EW potentially unsafe application
C:\System Volume Information\_restore{998BAFE5-16AB-4302-9B9F-CFB7F8440BF3}\RP873\A0252171.exe Win32/PowerReg potentially unsafe application
C:\TEMP\PowerReg Scheduler.exe Win32/PowerReg potentially unsafe application
G:\C Backup\My Documents\My Fence\AVPg files\JG98.zip a variant of Win32/GameHack.EW potentially unsafe application
G:\C Backup\EM\VisualBoyAdvance-1.8.0-beta3\Metroid2ColorPatch.zip Win32/HackTool.Patcher.BN potentially unsafe application
G:\C Backup\EM\VisualBoyAdvance-1.8.0-beta3\Metroid2ColorPatch\Metroid2Color.ips.exe Win32/HackTool.Patcher.BN potentially unsafe application
G:\EM\VisualBoyAdvance-1.8.0-beta3\Metroid2ColorPatch.zip Win32/HackTool.Patcher.BN potentially unsafe application
G:\EM\VisualBoyAdvance-1.8.0-beta3\Metroid2ColorPatch\Metroid2Color.ips.exe Win32/HackTool.Patcher.BN potentially unsafe application
Link to post
Share on other sites

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST by double clicking on the FRST.exe file. The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpslenkmnr9.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.

Fixlist.txt

Link to post
Share on other sites

FRST ran successfully, unfortunately I forgot to delete the Addition.txt so did not get a new version of that file (if there was one).

Also, my bad, I deleted the Metroid2ColorPatch files manually, before I realized that these would be part of the automated fix.

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-02-2015
Ran by Philip at 2015-02-07 11:15:13 Run:3
Running from C:\Documents and Settings\Philip\My Documents\Downloads
Loaded Profiles: Philip (Available profiles: Philip & Dad & Mom & UpdatusUser & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip
C:\Documents and Settings\Philip\Application Data\DA8C2DD034684A5B33100A4C9F829E0B\enemies-names.txt
C:\Documents and Settings\Philip\Application Data\DA8C2DD034684A5B33100A4C9F829E0B\local.ini
C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default\prefs.js
C:\Documents and Settings\Philip\Application Data\Sun\Java\Deployment\cache\6.0\62\29f71afe-741b248b
C:\Documents and Settings\Philip\Local Settings\Temp\Vvy9cJeZ.exe.part
C:\Documents and Settings\Philip\My Documents\My Fence\AVPg files\JG98.zip
C:\System Volume Information\_restore{998BAFE5-16AB-4302-9B9F-CFB7F8440BF3}\RP873\A0252171.exe
C:\TEMP\PowerReg Scheduler.exe
G:\C Backup\My Documents\My Fence\AVPg files\JG98.zip
G:\C Backup\EM\VisualBoyAdvance-1.8.0-beta3\Metroid2ColorPatch.zip
G:\C Backup\EM\VisualBoyAdvance-1.8.0-beta3\Metroid2ColorPatch\Metroid2Color.ips.exe
G:\EM\VisualBoyAdvance-1.8.0-beta3\Metroid2ColorPatch.zip
G:\EM\VisualBoyAdvance-1.8.0-beta3\Metroid2ColorPatch\Metroid2Color.ips.exe
EmptyTemp:
Reboot:
end
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip => Moved successfully.
C:\Documents and Settings\Philip\Application Data\DA8C2DD034684A5B33100A4C9F829E0B\enemies-names.txt => Moved successfully.
C:\Documents and Settings\Philip\Application Data\DA8C2DD034684A5B33100A4C9F829E0B\local.ini => Moved successfully.
C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\i7gk6t8f.default\prefs.js => Moved successfully.
C:\Documents and Settings\Philip\Application Data\Sun\Java\Deployment\cache\6.0\62\29f71afe-741b248b => Moved successfully.
C:\Documents and Settings\Philip\Local Settings\Temp\Vvy9cJeZ.exe.part => Moved successfully.
C:\Documents and Settings\Philip\My Documents\My Fence\AVPg files\JG98.zip => Moved successfully.
C:\System Volume Information\_restore{998BAFE5-16AB-4302-9B9F-CFB7F8440BF3}\RP873\A0252171.exe => Moved successfully.
C:\TEMP\PowerReg Scheduler.exe => Moved successfully.
G:\C Backup\My Documents\My Fence\AVPg files\JG98.zip => Moved successfully.
G:\C Backup\EM\VisualBoyAdvance-1.8.0-beta3\Metroid2ColorPatch.zip => Moved successfully.
G:\C Backup\EM\VisualBoyAdvance-1.8.0-beta3\Metroid2ColorPatch\Metroid2Color.ips.exe => Moved successfully.
"G:\EM\VisualBoyAdvance-1.8.0-beta3\Metroid2ColorPatch.zip" => File/Directory not found.
"G:\EM\VisualBoyAdvance-1.8.0-beta3\Metroid2ColorPatch\Metroid2Color.ips.exe" => File/Directory not found.
EmptyTemp: => Removed 2.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 11:22:54 ====
Link to post
Share on other sites

You did fine on the files; doesn't matter on this point who deletes the files .... :D
 

All right!! :D Your logs are clean and you're good to go now!! :lol: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

  • Download Delfix from here to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):

  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that I recommend is Sumatra PDF.

To update Adobe Reader:

  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.10 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Update Checker from FileHippo.com (you can get the software from here and read more about it on the same page).


You are now done! :D :D :D :D

Now some information on programs to help keep you safe:

Along with Malwarebytes Antimalware, use the following as a base level security:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Emsisoft Online Armor - installs as trialware which converts to freeware in 30 days
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online

_____________________________________________________________________

Please come back and paste the DelFix.txt log when you can. After that, if you have no more questions, you are good to go. Surf safe, my friend!!

Link to post
Share on other sites

DelFix.txt

 

# DelFix v10.8 - Logfile created 08/02/2015 at 11:38:50
# Updated 29/07/2014 by Xplode
# Username : Philip - PJH01
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\rkill.log
Deleted : C:\Documents and Settings\Philip\My Documents\Downloads\AdwCleaner.exe
Deleted : C:\Documents and Settings\Philip\My Documents\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Documents and Settings\Philip\My Documents\Downloads\Fixlog.txt
Deleted : C:\Documents and Settings\Philip\My Documents\Downloads\FRST.exe
Deleted : C:\Documents and Settings\Philip\My Documents\Downloads\FRST.txt
Deleted : C:\Documents and Settings\Philip\My Documents\Downloads\rkill.com
Deleted : C:\Documents and Settings\Philip\My Documents\Downloads\Rkill.txt
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #831 [system Checkpoint | 11/11/2014 01:04:53]
Deleted : RP #832 [system Checkpoint | 11/02/2014 02:00:49]
Deleted : RP #833 [system Checkpoint | 11/15/2014 11:41:34]
Deleted : RP #834 [system Checkpoint | 11/17/2014 11:47:30]
Deleted : RP #835 [system Checkpoint | 11/19/2014 01:01:31]
Deleted : RP #836 [system Checkpoint | 11/20/2014 19:25:48]
Deleted : RP #837 [system Checkpoint | 11/22/2014 00:30:10]
Deleted : RP #838 [system Checkpoint | 11/23/2014 11:20:42]
Deleted : RP #839 [system Checkpoint | 11/24/2014 11:54:04]
Deleted : RP #840 [system Checkpoint | 11/26/2014 10:12:01]
Deleted : RP #841 [system Checkpoint | 11/27/2014 20:10:05]
Deleted : RP #842 [system Checkpoint | 11/29/2014 08:43:06]
Deleted : RP #843 [system Checkpoint | 12/01/2014 07:17:59]
Deleted : RP #844 [system Checkpoint | 12/03/2014 02:59:03]
Deleted : RP #845 [system Checkpoint | 12/04/2014 04:25:09]
Deleted : RP #846 [system Checkpoint | 12/05/2014 10:43:15]
Deleted : RP #847 [system Checkpoint | 12/09/2014 04:35:50]
Deleted : RP #848 [system Checkpoint | 12/10/2014 10:35:26]
Deleted : RP #849 [system Checkpoint | 12/12/2014 12:37:57]
Deleted : RP #850 [system Checkpoint | 12/13/2014 17:27:17]
Deleted : RP #851 [system Checkpoint | 12/16/2014 11:42:27]
Deleted : RP #852 [system Checkpoint | 12/17/2014 22:05:04]
Deleted : RP #853 [system Checkpoint | 12/19/2014 10:48:45]
Deleted : RP #854 [system Checkpoint | 12/21/2014 12:29:26]
Deleted : RP #855 [system Checkpoint | 12/22/2014 12:42:09]
Deleted : RP #856 [system Checkpoint | 12/28/2014 01:07:45]
Deleted : RP #857 [system Checkpoint | 12/29/2014 02:28:13]
Deleted : RP #858 [system Checkpoint | 12/30/2014 07:19:33]
Deleted : RP #859 [system Checkpoint | 01/03/2015 21:37:13]
Deleted : RP #860 [system Checkpoint | 01/05/2015 10:36:25]
Deleted : RP #861 [system Checkpoint | 01/07/2015 20:24:59]
Deleted : RP #862 [system Checkpoint | 01/08/2015 23:40:42]
Deleted : RP #863 [system Checkpoint | 01/10/2015 11:09:37]
Deleted : RP #864 [system Checkpoint | 01/12/2015 20:19:54]
Deleted : RP #865 [system Checkpoint | 01/14/2015 19:57:07]
Deleted : RP #866 [system Checkpoint | 01/15/2015 22:24:21]
Deleted : RP #867 [system Checkpoint | 01/17/2015 12:23:31]
Deleted : RP #868 [system Checkpoint | 01/19/2015 23:18:51]
Deleted : RP #869 [system Checkpoint | 01/20/2015 23:36:49]
Deleted : RP #870 [system Checkpoint | 01/22/2015 02:52:22]
Deleted : RP #871 [system Checkpoint | 01/23/2015 10:35:15]
Deleted : RP #872 [system Checkpoint | 01/25/2015 21:19:25]
Deleted : RP #873 [system Checkpoint | 01/28/2015 19:34:59]
Deleted : RP #874 [system Checkpoint | 01/30/2015 05:16:41]
Deleted : RP #875 [Restore Point Created by FRST | 01/31/2015 06:26:38]
Deleted : RP #876 [Restore Point Created by FRST | 01/31/2015 06:32:58]
Deleted : RP #877 [system Checkpoint | 02/02/2015 00:36:35]
Deleted : RP #878 [system Checkpoint | 02/03/2015 13:24:57]
Deleted : RP #879 [system Checkpoint | 02/05/2015 20:00:11]
Deleted : RP #880 [system Checkpoint | 02/07/2015 06:36:23]
Deleted : RP #881 [Restore Point Created by FRST | 02/07/2015 19:15:22]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.