Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Don't know what to call it, but I have something.


  • This topic is locked This topic is locked
43 replies to this topic

#1 Cyclops62

Cyclops62

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wilmington, NC USA
  • Local time:03:31 PM

Posted 14 November 2014 - 10:13 PM

Attached File  dds.txt   13.42KB   1 downloads

Attached File  dds.txt   13.42KB   1 downloads

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Cyclops62

Cyclops62
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wilmington, NC USA
  • Local time:03:31 PM

Posted 18 November 2014 - 11:46 AM

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.71.2
Run by OWNER at 21:49:05 on 2014-11-14
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1527.575 [GMT -5:00]
.
AV: AVG Internet Security 2015 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
G:\program files\update\realsched.exe
C:\Program Files\KeyScrambler\keyscrambler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\a\1060180\internetport3.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uProxyServer = hxxp=127.0.0.1:8877;https=127.0.0.1:8877;
uProxyOverride = <-loopback>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AVG-Secure-Search-Update_0214c] c:\documents and settings\owner\application data\avg 0214c campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=fa0110e073f447d380f9083759b34047-27ae90f458bc440526a1e0dc406a4c3d6d56d3cc /CMPID=0214c
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [Ashampoo FireWall PRO] "c:\program files\ashampoo\ashampoo firewall pro\FireWall.exe" -TRAY
mRun: [TkBellExe] "g:\program files\update\realsched.exe"  -osboot
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [autoauto] 83645195.bat
mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWQBHAEEANAAtAFAAUABCAFIAOAAtAFcAUQBWADcAQQAtADcAOABVADIAOQAtADgARQBNAEIAUgA"&"inst=NwA2AC0ANQAxADcANAAyADcANgA4ADgALQBYAE8AMwA2ACsAMQAtAEQAMwA4ADEATAArADUALQBQAEwAKwA5AC0ATgAxAEQAKwAxAA"&"prod=52"&"ver=9.0.872
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenote 2007 screen clipper and launcher.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wireless configuration utility.lnk - c:\program files\trendnet\tew-641pc_tew-643pi\WlanCU.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1DDB58F2-9414-4E54-AF7F-A2F49B3F32B1} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{61C627C6-7587-4F7D-AD24-C13F18FE17F5} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\adp3awj1.default\
FF - prefs.js: browser.search.selectedEngine - Webster
FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&ss=1&scc=1&ltmpl=default&ltmplcache=2&hl=en&emr=1&elo=1
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
FF - plugin: g:\program files\netscape6\nppl3260.dll
FF - plugin: g:\program files\netscape6\nprjplug.dll
FF - plugin: g:\program files\netscape6\nprpplugin.dll
FF - plugin: g:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 5
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27416]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2010-5-17 902432]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [2014-6-17 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-7-2 200984]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-5-17 2326920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-11-9 3488784]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-11-9 298080]
R2 FileOpenManagerSvc;FileOpenManagerSvc;c:\documents and settings\all users\application data\fileopen\services\FileOpenManagerSvc32.exe [2011-3-9 212352]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2013-2-17 20480]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-5-17 159168]
R3 DrvFltIp;DrvFltIp;c:\documents and settings\owner\local settings\temp\DrvFltIp [2014-11-1 29184]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-10-15 209016]
R3 RTL819xp;TRENDnet Wireless N PC Card / PCI Adapter NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2013-2-17 519168]
S0 guoc;guoc;c:\windows\system32\drivers\ixxqkg.sys --> c:\windows\system32\drivers\ixxqkg.sys [?]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
S2 WLSVC;WLSVC;c:\program files\trendnet\tew-641pc_tew-643pi\WLSVC.exe [2013-2-17 167936]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [2011-7-10 38528]
S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [2011-7-10 54656]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [2011-7-10 11520]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [2011-7-10 54528]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [2011-7-10 103424]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [2011-7-10 54656]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [2011-7-10 54656]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 7\DfSdkS.exe [2011-7-30 406016]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\overwolf\overwolfupdater.exe --> c:\program files\overwolf\OverwolfUpdater.exe [?]
.
=============== Created Last 30 ================
.
2014-11-10 21:39:02    93808    ----a-w-    c:\program files\mozilla firefox\webapprt-stub.exe
2014-11-10 21:39:02    91032    ----a-w-    c:\program files\mozilla firefox\webapp-uninstaller.exe
2014-11-10 21:39:02    273008    ----a-w-    c:\program files\mozilla firefox\updater.exe
2014-11-10 21:39:02    25401968    ----a-w-    c:\program files\mozilla firefox\xul.dll
2014-11-10 21:39:01    904064    ----a-w-    c:\program files\mozilla firefox\uninstall\helper.exe
2014-11-10 21:39:01    220784    ----a-w-    c:\program files\mozilla firefox\sandboxbroker.dll
2014-11-10 21:39:01    150128    ----a-w-    c:\program files\mozilla firefox\softokn3.dll
2014-11-10 21:39:00    129144    ----a-w-    c:\program files\mozilla firefox\plugins\nprpplugin.dll
2014-11-10 21:39:00    11776    ----a-w-    c:\program files\mozilla firefox\plugins\nprjplug.dll
2014-11-04 21:49:13    --------    d-----w-    c:\documents and settings\owner\local settings\application data\Adobe
2014-10-22 13:30:48    --------    d-----w-    c:\documents and settings\owner\application data\AVG2015
2014-10-22 13:18:08    --------    d-----w-    c:\documents and settings\all users\application data\AVG2015
2014-10-22 03:37:15    --------    d-----w-    c:\documents and settings\owner\local settings\application data\Avg2015
2014-10-18 12:49:05    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-10-18 12:48:42    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2014-11-12 15:19:25    71344    -c--a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 15:19:25    701104    -c--a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-11-01 04:13:14    114904    -c--a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-30 02:35:14    198936    ----a-w-    c:\windows\system32\drivers\avgidsdriverlx.sys
2014-10-10 20:13:58    200984    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2014-10-01 15:11:18    54360    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 15:11:10    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-07 17:01:58    19    ----a-w-    c:\windows\system32\83645195.bat
2014-08-29 02:43:36    192792    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-04-07 11:57:04    439704    -c--a-w-    c:\program files\msgr11us.exe
2013-02-22 16:11:13    4126720    -c--a-w-    c:\program files\GUT12.tmp
.
============= FINISH: 21:50:04.89 ===============



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 PM

Posted 20 November 2014 - 09:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556191 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Cyclops62

Cyclops62
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wilmington, NC USA
  • Local time:03:31 PM

Posted 20 November 2014 - 12:05 PM

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.71.2
Run by OWNER at 11:27:51 on 2014-11-20
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1527.656 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
G:\program files\update\realsched.exe
C:\Program Files\KeyScrambler\keyscrambler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\a\1060180\internetport3.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uProxyServer = hxxp=127.0.0.1:8877;https=127.0.0.1:8877;
uProxyOverride = <-loopback>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AVG-Secure-Search-Update_0214c] c:\documents and settings\owner\application data\avg 0214c campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=fa0110e073f447d380f9083759b34047-27ae90f458bc440526a1e0dc406a4c3d6d56d3cc /CMPID=0214c
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [Ashampoo FireWall PRO] "c:\program files\ashampoo\ashampoo firewall pro\FireWall.exe" -TRAY
mRun: [TkBellExe] "g:\program files\update\realsched.exe"  -osboot
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [autoauto] 83645195.bat
mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWQBHAEEANAAtAFAAUABCAFIAOAAtAFcAUQBWADcAQQAtADcAOABVADIAOQAtADgARQBNAEIAUgA"&"inst=NwA2AC0ANQAxADcANAAyADcANgA4ADgALQBYAE8AMwA2ACsAMQAtAEQAMwA4ADEATAArADUALQBQAEwAKwA5AC0ATgAxAEQAKwAxAA"&"prod=52"&"ver=9.0.872
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenote 2007 screen clipper and launcher.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wireless configuration utility.lnk - c:\program files\trendnet\tew-641pc_tew-643pi\WlanCU.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1DDB58F2-9414-4E54-AF7F-A2F49B3F32B1} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{61C627C6-7587-4F7D-AD24-C13F18FE17F5} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\adp3awj1.default\
FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&ss=1&scc=1&ltmpl=default&ltmplcache=2&hl=en&emr=1&elo=1
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
FF - plugin: g:\program files\netscape6\nppl3260.dll
FF - plugin: g:\program files\netscape6\nprjplug.dll
FF - plugin: g:\program files\netscape6\nprpplugin.dll
FF - plugin: g:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 5
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27416]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2010-5-17 902432]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [2014-6-17 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-7-2 200984]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-5-17 2326920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-11-9 3488784]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-11-9 298080]
R2 FileOpenManagerSvc;FileOpenManagerSvc;c:\documents and settings\all users\application data\fileopen\services\FileOpenManagerSvc32.exe [2011-3-9 212352]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2013-2-17 20480]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-5-17 159168]
R3 DrvFltIp;DrvFltIp;c:\documents and settings\owner\local settings\temp\DrvFltIp [2014-11-18 29184]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-10-15 209016]
R3 RTL819xp;TRENDnet Wireless N PC Card / PCI Adapter NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2013-2-17 519168]
S0 guoc;guoc;c:\windows\system32\drivers\ixxqkg.sys --> c:\windows\system32\drivers\ixxqkg.sys [?]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
S2 WLSVC;WLSVC;c:\program files\trendnet\tew-641pc_tew-643pi\WLSVC.exe [2013-2-17 167936]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [2011-7-10 38528]
S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [2011-7-10 54656]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [2011-7-10 11520]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [2011-7-10 54528]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [2011-7-10 103424]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [2011-7-10 54656]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [2011-7-10 54656]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 7\DfSdkS.exe [2011-7-30 406016]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\overwolf\overwolfupdater.exe --> c:\program files\overwolf\OverwolfUpdater.exe [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-11-18 20:32:39    114904    -c--a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-12 15:19:25    71344    -c--a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 15:19:25    701104    -c--a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-10-30 02:35:14    198936    ----a-w-    c:\windows\system32\drivers\avgidsdriverlx.sys
2014-10-18 12:48:20    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-10-18 12:48:17    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-10-10 20:13:58    200984    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2014-10-01 15:11:18    54360    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 15:11:10    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-07 17:01:58    19    ----a-w-    c:\windows\system32\83645195.bat
2014-08-29 02:43:36    192792    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-04-07 11:57:04    439704    -c--a-w-    c:\program files\msgr11us.exe
2013-02-22 16:11:13    4126720    -c--a-w-    c:\program files\GUT12.tmp
.
============= FINISH: 11:28:43.71 ===============



#5 Cyclops62

Cyclops62
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wilmington, NC USA
  • Local time:03:31 PM

Posted 20 November 2014 - 12:19 PM

  When starting up, a DOS box flashes quickly- C\system32\command. Opening the browser, I cannot get online. The screen says my proxy server is refusing connections. I do not use a proxy. I have a new suspicious folder on my system. It is  C\a. In it is 2 MS-DOS batch files, #'s  47119478 and 87567881, 2 zip files  - 47119478.zip and 1060180.zip, one that says  Loading.gif and Fiddler Core.dll  2.4.5.6. I have opened the 1060180.zip file to get the Fiddler.dll file and  Internetport3.exe. After I doubleclick the Internetport file, I am able to get online. MBAM will remove the Internetport file which leaves me unable to get online so I repeat opening the 1060180 file to get Internetport3 back. 

  AVG (free) has found something called Adware Generic5.CGKS in C\SystemVolumeInformation|_restore{78A41278-3896-4F9C-ECE1BC510662}\RP919\A0655304.exe. It was quarantined. Something else called  C\a\tXVh2mzJRm.exe  also quarantined.

  My PC also seems to be using much more memory than usual. The fan will increase its' speed alot and then it will crash. 

  Any and all help will be greatly appreciated by me.


  I forgot to mention that My firewall has detected the Internetport3.exe file trying to "call home" - so to speak. I ignore it.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,547 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 PM

Posted 21 November 2014 - 10:12 AM

Greetings Cyclops62 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Cyclops62

Cyclops62
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wilmington, NC USA
  • Local time:03:31 PM

Posted 21 November 2014 - 02:33 PM

Greetings from the East Coast! I ran ComboFix. At the end of it, all I had was a blue DOS box that was telling me it was finished and preparing a log for me and the desktop pic. After 3 hrs I tried clicking on the "X" to end it. It had a little yellow rectangle that was blinking that stopped for awhile then continued. More clicking, same thing. So I hard crashed the 'puter.  Deleted/downloaded a new copy and will run it when prompted by you. I do have the Windows Recovery thing installed already. I did shut off the Antivirus. Next?   

Thanks for your time....Ken



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,547 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 PM

Posted 21 November 2014 - 02:51 PM

Hi Ken,

Thanks for all the effort. Try to disable your Antivirus and run Combofix again. You may get a report this time showing the results of a previous run. If you still get hung up look for the following file:

C:\Combofix.txt
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Cyclops62

Cyclops62
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wilmington, NC USA
  • Local time:03:31 PM

Posted 21 November 2014 - 05:04 PM

OK. I reran it (after I disabled AVG free, again) and this time it hung up after Stage 23. I am able to use the 'puter this time...  what now? Reboot to close ComboFix? And run it again?  Kne



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,547 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 PM

Posted 21 November 2014 - 05:13 PM

Reboot and look for the log. Whether or not the Combofix log is there continue on with the other steps.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Cyclops62

Cyclops62
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wilmington, NC USA
  • Local time:03:31 PM

Posted 22 November 2014 - 12:10 AM

  I deleted/downloaded another ComboFix. It hung at preparing log again. Ran the rest no problem. Ran ComboFix again and it hung at Stage 23, again. I have noticed a slight change, for the good, so far. When I open Firefox, it goes straight online, I don't have to run Internetport3.exe anymore. Also, the C\a folder is still there but in a darker (normal) print. It had been faded.

  I do not have a Windows key on this old Packard Bell keyboard so I could not do a System Summary.

Program started at: 11/21/2014 06:43:14 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 11/21/2014 06:44:29 PM
Execution time: 0 hours(s), 1 minute(s), and 14 seconds(s)

 

 

Ran by OWNER (administrator) on HP-05E77DB9975B on 21-11-2014 18:46:18
Running from C:\Documents and Settings\OWNER\Desktop
Loaded Profile: OWNER (Available profiles: OWNER)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileOpen Systems Inc.) C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(adi) C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
() C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
(RealNetworks, Inc.) G:\Program Files\Update\realsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
() C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [357384 2009-09-12] (Acronis)
HKLM\...\Run: [DrvLsnr] => C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe [69632 2003-05-08] (adi)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Ashampoo FireWall PRO] => C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe [3543552 2006-12-21] ()
HKLM\...\Run: [TkBellExe] => G:\program files\update\realsched.exe [296056 2012-05-18] (RealNetworks, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [autoauto] => C:\WINDOWS\system32\83645195.bat [19 2014-09-07] ()
HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [508144 2014-05-30] (QFX Software Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWQBHAEEANAAtAFAAUABCAFIAOAAtAFcAUQBWADcAQQAtADcAOABVADIAOQAtADgARQBNAEIAUgA"&"inst=NwA2AC0ANQAxADcANAAyAD (the data entry has 104 more characters).
HKU\S-1-5-21-1123561945-152049171-1606980848-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1123561945-152049171-1606980848-1003\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Documents and Settings\OWNER\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=fa0110e073f447d380f9083759b34047-27ae90f458bc440526a1e0dc406a4c3d6d56d3cc /CMPID=021 (the data entry has 2 more characters).
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe ()
Startup: C:\Documents and Settings\OWNER\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1123561945-152049171-1606980848-1003] => http=127.0.0.1:8877;https=127.0.0.1:8877;
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1123561945-152049171-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1123561945-152049171-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1123561945-152049171-1606980848-1003 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1123561945-152049171-1606980848-1003 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default
FF Homepage: https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&ss=1&scc=1&ltmpl=default&ltmplcache=2&hl=en&emr=1&elo=1
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> G:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 -> g:\program files\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 -> g:\program files\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 -> g:\program files\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> G:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1123561945-152049171-1606980848-1003: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> G:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1123561945-152049171-1606980848-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\OWNER\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\searchplugins\search-1.xml
FF SearchPlugin: C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\searchplugins\search-2.xml
FF SearchPlugin: C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\searchplugins\webster.xml
FF Extension: HTTPS-Everywhere - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\https-everywhere@eff.org [2014-10-16]
FF Extension: Show Me More - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\showmemore@suskind [2012-01-04]
FF Extension: PrivacyChoice TrackerWatcher - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\trackerwatcher@privacychoice.org [2011-03-16]
FF Extension: ColorfulTabs - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-10-31]
FF Extension: Compact Menu 2 - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4} [2011-10-15]
FF Extension: PhishTank SiteChecker - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{8bc5b5eb-0ec4-46ed-a024-ace8a3032888} [2010-10-15]
FF Extension: DownloadHelper - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: BetterPrivacy - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2012-01-25]
FF Extension: Redirect Remover - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} [2010-10-15]
FF Extension: Disconnect - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\2.0@disconnect.me.xpi [2013-12-23]
FF Extension: Dark Revisited - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\DarkRevisited@bluewebstudios.com.xpi [2012-03-11]
FF Extension: YouTube Video and Audio Downloader - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-05-10]
FF Extension: Ad-blocker for Gmail - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi [2012-05-12]
FF Extension: NASA Night Launch - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\nasanightlaunch@example.com.xpi [2014-01-14]
FF Extension: NoSquint - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\nosquint@urandom.ca.xpi [2013-02-17]
FF Extension: Saved Password Editor - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2012-03-28]
FF Extension: TrackMeNot - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2014-11-19]
FF Extension: Google Translator for Firefox - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\translator@zoli.bod.xpi [2014-06-10]
FF Extension: Flagfox - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: Image Zoom - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2012-06-11]
FF Extension: Unhide Passwords - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2013-03-02]
FF Extension: X-notifier - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-03-17]
FF Extension: Cookie Monster - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2014-04-03]
FF Extension: StumbleUpon - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2014-01-15]
FF Extension: Download YouTube Videos as MP4 - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-01-23]
FF Extension: Adblock Plus - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-10-24]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660520 2009-09-12] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2010-05-17] (Acronis)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 FileOpenManagerSvc; C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe [212352 2011-03-09] (FileOpen Systems Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
S2 WLSVC; C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WLSVC.exe [167936 2009-02-11] () [File not signed]
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2013-02-17] (Cisco Systems, Inc.) [File not signed]
S3 ATMFBUS; C:\WINDOWS\System32\DRIVERS\ATMFBUS.sys [38528 2009-02-02] (DEVGURU Co., LTD.)
S3 ATMFCVsp; C:\WINDOWS\System32\DRIVERS\ATMFCVsp.sys [54656 2009-02-02] (DEVGURU Co., LTD.)
S3 ATMFFLT; C:\WINDOWS\System32\DRIVERS\ATMFFLT.sys [11520 2009-01-05] (DEVGURU Co., LTD.)
S3 ATMFMdm; C:\WINDOWS\System32\DRIVERS\ATMFMdm.sys [54528 2009-02-02] (DEVGURU Co., LTD.)
S3 ATMFNET; C:\WINDOWS\System32\DRIVERS\ATMFNET.sys [103424 2009-02-02] (DEVGURU Co., LTD.)
S3 ATMFNVsp; C:\WINDOWS\System32\DRIVERS\ATMFNVsp.sys [54656 2009-02-02] (DEVGURU Co., LTD.)
S3 ATMFVsp; C:\WINDOWS\System32\DRIVERS\ATMFVsp.sys [54656 2009-02-02] (DEVGURU Co., LTD.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [198936 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [209016 2013-05-31] (QFX Software Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R3 RTL819xp; C:\WINDOWS\System32\DRIVERS\rtl819xp.sys [519168 2009-05-18] (Realtek Semiconductor Corporation                           ) [File not signed]
R0 tdrpman251; C:\WINDOWS\System32\DRIVERS\tdrpm251.sys [902432 2010-05-17] (Acronis)
R2 WLNdis50; C:\WINDOWS\System32\DRIVERS\wlndis50.sys [20480 2008-02-27] () [File not signed]
S3 ASFWHide; \??\C:\Documents and Settings\OWNER\Local Settings\TEMP\ASFWHide [X]
S1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [X]
S3 catchme; \??\C:\DOCUME~1\OWNER\LOCALS~1\Temp\catchme.sys [X]
R3 DrvFltIp; \??\C:\Documents and Settings\OWNER\Local Settings\TEMP\DrvFltIp [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S0 guoc; System32\drivers\ixxqkg.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
U3 TrueSight; \??\ [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 18:46 - 2014-11-21 18:46 - 00022112 _____ () C:\Documents and Settings\OWNER\Desktop\FRST.txt
2014-11-21 18:45 - 2014-11-21 18:46 - 00000000 ____D () C:\FRST
2014-11-21 18:43 - 2014-11-21 18:44 - 00002416 _____ () C:\Documents and Settings\OWNER\Desktop\Rkill.txt
2014-11-21 18:07 - 2014-11-21 18:46 - 00000000 ____D () C:\Documents and Settings\OWNER\Local Settings\temp
2014-11-21 18:07 - 2014-11-21 18:07 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-11-21 18:07 - 2014-11-21 18:07 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-11-21 18:07 - 2014-11-21 18:07 - 00000000 ____D () C:\Documents and Settings\fbwuserFC45\Local Settings\temp
2014-11-21 18:07 - 2014-11-21 18:07 - 00000000 ____D () C:\Documents and Settings\fbwuserBA38\Local Settings\temp
2014-11-21 18:07 - 2014-11-21 18:07 - 00000000 ____D () C:\Documents and Settings\fbwuser0799\Local Settings\temp
2014-11-21 17:58 - 2014-11-21 18:08 - 00000000 ____D () C:\freshcopy
2014-11-21 17:56 - 2014-11-21 17:56 - 05598306 ____R (Swearware) C:\Documents and Settings\OWNER\Desktop\freshcopy.exe
2014-11-21 12:28 - 2014-11-21 12:28 - 00000000 ____D () C:\Qoobox
2014-11-21 12:28 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-11-21 12:28 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-11-21 12:28 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-11-21 12:28 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-11-21 12:28 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-11-21 12:28 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-11-21 12:28 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-11-21 12:28 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-11-21 12:28 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-11-21 12:23 - 2014-11-21 12:23 - 01944824 _____ (Bleeping Computer, LLC) C:\Documents and Settings\OWNER\Desktop\rkill.exe
2014-11-21 12:21 - 2014-11-21 12:21 - 01108992 _____ (Farbar) C:\Documents and Settings\OWNER\Desktop\FRST.exe
2014-11-21 00:19 - 2014-11-21 00:19 - 00090112 _____ () C:\WINDOWS\Minidump\Mini112114-01.dmp
2014-11-20 23:51 - 2014-11-20 23:51 - 00090112 _____ () C:\WINDOWS\Minidump\Mini112014-04.dmp
2014-11-20 22:58 - 2014-11-20 22:58 - 00090112 _____ () C:\WINDOWS\Minidump\Mini112014-03.dmp
2014-11-20 21:33 - 2014-11-20 21:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini112014-02.dmp
2014-11-20 16:19 - 2014-11-20 16:19 - 00090112 _____ () C:\WINDOWS\Minidump\Mini112014-01.dmp
2014-11-20 00:05 - 2014-11-20 10:45 - 00001491 _____ () C:\WINDOWS\setupapi.log
2014-11-19 08:47 - 2014-11-19 08:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111914-01.dmp
2014-11-18 18:05 - 2014-11-18 18:05 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111814-01.dmp
2014-11-16 17:11 - 2014-11-16 17:11 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111614-02.dmp
2014-11-16 17:03 - 2014-11-16 17:03 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111614-01.dmp
2014-11-15 11:17 - 2014-11-15 11:17 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111514-01.dmp
2014-11-14 22:39 - 2014-11-14 22:39 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111414-02.dmp
2014-11-14 15:40 - 2014-11-14 15:40 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111414-01.dmp
2014-11-13 22:55 - 2014-11-13 22:55 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111314-02.dmp
2014-11-13 20:15 - 2014-11-13 20:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111314-01.dmp
2014-11-11 00:11 - 2014-11-11 00:10 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111114-01.dmp
2014-11-10 22:39 - 2014-11-10 22:39 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111014-03.dmp
2014-11-10 17:30 - 2014-11-10 17:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111014-02.dmp
2014-11-10 16:38 - 2014-11-10 16:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-10 01:21 - 2014-11-10 01:21 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111014-01.dmp
2014-11-09 19:36 - 2014-11-09 19:36 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110914-01.dmp
2014-11-06 23:19 - 2014-11-06 23:19 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110614-02.dmp
2014-11-06 09:03 - 2014-11-06 09:03 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110614-01.dmp
2014-11-05 21:44 - 2014-11-05 21:44 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110514-01.dmp
2014-11-04 16:49 - 2014-11-04 16:55 - 00000000 ____D () C:\Documents and Settings\OWNER\Local Settings\Application Data\Adobe
2014-11-04 16:44 - 2014-11-04 16:44 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110414-01.dmp
2014-11-03 15:52 - 2014-11-03 15:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110314-02.dmp
2014-11-03 07:25 - 2014-11-03 07:25 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110314-01.dmp
2014-11-02 22:29 - 2014-11-02 22:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110214-02.dmp
2014-11-02 11:52 - 2014-11-02 11:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110214-01.dmp
2014-11-01 21:10 - 2014-11-01 21:10 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110114-02.dmp
2014-11-01 15:39 - 2014-11-01 15:39 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110114-01.dmp
2014-11-01 08:02 - 2014-11-01 08:02 - 00000050 _____ () C:\Documents and Settings\OWNER\Desktop\not a clue.txt
2014-10-31 18:29 - 2014-10-31 18:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini103114-02.dmp
2014-10-30 23:00 - 2014-10-30 23:00 - 00090112 _____ () C:\WINDOWS\Minidump\Mini103114-01.dmp
2014-10-30 10:11 - 2014-10-30 10:11 - 00090112 _____ () C:\WINDOWS\Minidump\Mini103014-01.dmp
2014-10-29 20:19 - 2014-10-29 20:19 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102914-04.dmp
2014-10-29 17:00 - 2014-10-29 17:00 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102914-03.dmp
2014-10-29 13:30 - 2014-10-29 13:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102914-02.dmp
2014-10-29 11:19 - 2014-10-29 11:19 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102914-01.dmp
2014-10-27 23:19 - 2014-10-27 23:19 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102814-01.dmp
2014-10-26 08:09 - 2014-10-26 08:08 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102614-01.dmp
2014-10-25 09:04 - 2014-10-25 09:04 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102514-01.dmp
2014-10-24 18:57 - 2014-10-24 18:57 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102414-02.dmp
2014-10-24 10:33 - 2014-10-24 10:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102414-01.dmp
2014-10-24 04:10 - 2014-11-18 17:30 - 00000125 _____ () C:\WINDOWS\wininit.ini
2014-10-23 20:46 - 2014-10-23 20:46 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-23 20:23 - 2014-10-23 20:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102314-03.dmp
2014-10-23 19:38 - 2014-10-23 19:38 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102314-02.dmp
2014-10-23 19:00 - 2014-10-23 19:00 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102314-01.dmp
2014-10-22 13:49 - 2014-10-22 13:49 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102214-02.dmp
2014-10-22 13:35 - 2014-10-22 13:35 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102214-01.dmp
2014-10-22 08:30 - 2014-10-22 08:30 - 00000000 ____D () C:\Documents and Settings\OWNER\Application Data\AVG2015
2014-10-22 08:18 - 2014-10-22 08:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 18:40 - 2010-05-16 21:38 - 01544549 ____C () C:\WINDOWS\WindowsUpdate.log
2014-11-21 18:39 - 2014-03-10 20:21 - 00000222 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-21 18:39 - 2011-09-17 00:41 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-152049171-1606980848-1003.job
2014-11-21 18:39 - 2010-11-16 21:23 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-11-21 18:39 - 2010-11-16 21:23 - 00000050 ____C () C:\WINDOWS\wiaservc.log
2014-11-21 18:39 - 2010-05-16 21:45 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-11-21 18:39 - 2004-08-04 15:00 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2014-11-21 18:08 - 2004-08-04 15:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-11-21 17:59 - 2010-05-16 21:44 - 00032498 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-21 14:18 - 2013-03-19 13:59 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-21 12:12 - 2010-10-15 17:32 - 00000000 ____D () C:\Documents and Settings\OWNER\Desktop\Unused
2014-11-21 10:24 - 2013-12-01 17:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-11-21 01:08 - 2010-05-16 21:45 - 00000178 __SHC () C:\Documents and Settings\OWNER\ntuser.ini
2014-11-21 01:08 - 2010-05-16 21:45 - 00000000 ____D () C:\Documents and Settings\OWNER
2014-11-21 00:19 - 2010-12-24 09:08 - 00000000 ____D () C:\WINDOWS\Minidump
2014-11-20 10:45 - 2014-04-29 09:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-11-18 16:29 - 2010-10-15 23:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWMFDist11$
2014-11-18 15:32 - 2014-06-22 23:51 - 00114904 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-16 23:46 - 2011-06-23 17:14 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-152049171-1606980848-1003.job
2014-11-14 23:11 - 2010-09-25 16:55 - 00000163 _____ () C:\Documents and Settings\OWNER\default.pls
2014-11-14 22:41 - 2010-09-25 16:39 - 00000069 ____C () C:\WINDOWS\NeroDigital.ini
2014-11-12 23:28 - 2010-05-16 21:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-11-12 23:23 - 2014-01-15 19:29 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 23:15 - 2010-05-17 10:06 - 100445232 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 15:53 - 2010-09-25 16:39 - 00133120 ____C () C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-12 10:19 - 2012-04-04 10:25 - 00701104 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-12 10:19 - 2011-05-20 13:14 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-11 08:47 - 2013-12-08 13:42 - 00000000 ____D () C:\$AVG
2014-11-08 15:00 - 2014-03-10 20:21 - 00000216 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-11-02 10:50 - 2010-05-16 16:27 - 00514846 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-01 15:38 - 2013-04-10 19:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2808735$
2014-11-01 08:03 - 2014-06-25 21:37 - 00000000 ____D () C:\a
2014-10-29 21:35 - 2014-06-17 15:17 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2014-10-24 02:29 - 2012-03-13 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2647518$
2014-10-23 22:45 - 2013-12-21 20:19 - 00000000 ____D () C:\AdwCleaner
2014-10-23 20:46 - 2014-06-22 23:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-23 20:46 - 2014-06-22 23:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-23 19:41 - 2014-10-21 22:37 - 00000000 ____D () C:\Documents and Settings\OWNER\Local Settings\Application Data\Avg2015
2014-10-22 21:23 - 2014-04-28 09:12 - 00000000 ____D () C:\Documents and Settings\OWNER\Application Data\SystemRequirementsLab
2014-10-22 08:33 - 2013-12-08 13:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-10-22 08:31 - 2013-12-08 13:41 - 00000000 ____D () C:\Program Files\AVG

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Ran by OWNER at 2014-11-21 18:47:44
Running from C:\Documents and Settings\OWNER\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1735.41615 - ABBYY Software House)
Acronis True Image Home (HKLM\...\{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}) (Version: 13.0.5055 - Acronis)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Ashampoo Burning Studio 10 v.10.0.15 (HKLM\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 2010 Advanced 9.25 (HKLM\...\Ashampoo Burning Studio 2010 Advanced_is1) (Version: 3.1.1 - ashampoo GmbH & Co. KG)
Ashampoo ClipFinder HD v.2.18 (HKLM\...\Ashampoo ClipFinder HD_is1) (Version: 2.1.8 - Ashampoo GmbH & Co. KG)
Ashampoo FireWall PRO 1.14 (HKLM\...\Ashampoo FireWall PRO_is1) (Version:  - Ashampoo)
Ashampoo Office 2008 (C:\Program Files\Ashampoo\Ashampoo Office 2008) (HKLM\...\sm-un1.u32) (Version:  - SoftMaker Software GmbH)
Ashampoo Photo Commander 7.60 (HKLM\...\Ashampoo Photo Commander 7_is1) (Version: 7.6.0 - ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 7 v.7.26 (HKLM\...\Ashampoo WinOptimizer 7_is1) (Version: 7.2.6 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4213 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
Canasis Games (Aug 27 2006) (HKLM\...\Canasis Games_is1) (Version: Aug27-2006 - Metamorphosis Productions International)
Covert Front 2 (HKLM\...\Covert Front 2_is1) (Version:  - Mateusz Skutnik)
DAK Time Dodger PRO (HKLM\...\{44DA018D-8AE5-4566-96A4-89E4B4E9C4C0}) (Version: 2.10.0000 - a DAK software prioduct)
DAK Wave MP3 Editor PRO v7.1b (HKLM\...\{0C14B653-ED68-4BA3-B28B-9D84DC824531}) (Version: 7.10.0000 - DAK)
DVD Decoder Pak for Windows XP (HKLM\...\{92C5DB3D-9D6F-4324-BB11-57825F4C2635}) (Version: 1.0.0 - roddy2000@hotbox.ru)
FileOpen Client (HKLM\...\{ABC082A6-A587-493C-83C1-5F2C60A8BAA8}) (Version: 3.0.47.900 - FileOpen Systems, Inc.)
Format Twister PRO (HKLM\...\{0F17B47D-2205-403D-A2BA-7351B41A8D5D}) (Version: 3.00.0000 - DAK)
Free Audio Editor (HKLM\...\Free Audio Editor) (Version:  - FAE Inc.)
Free Video to MP3 Converter version 5.0.37.327 (HKLM\...\Free Video to MP3 Converter_is1) (Version: 5.0.37.327 - DVDVideoSoft Ltd.)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
iTunes (HKLM\...\{FAE36873-1941-4076-A9A5-48812B5EA0B7}) (Version: 10.1.0.56 - Apple Inc.)
IZArc 4.1.6 (HKLM\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.4.0.2 - QFX Software Corporation)
K-Lite Codec Pack 6.6.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.6.0 - )
Ledger (HKLM\...\{0984EA04-EB2C-4AC4-BD0B-94115A48C19E}) (Version: 1.16.0.0 - Responsive Software Limited)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoHelper MergeModules (Version: 1.0.0 - Motorola) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 19.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 11 InfoTool (HKLM\...\{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}) (Version: 11.0.00500 - Nero AG)
Nero 7 Ultra Edition (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.201.0 - Tracker Software Products Ltd)
PFPortChecker 1.0.39 (HKLM\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
plusdeck2 (HKLM\...\plusdeck23.25c) (Version: 3.25c - BTO)
Pretty Good Solitaire version 12.4.0 (HKLM\...\Pretty Good Solitaire_is1) (Version: 12.4.0 - Goodsol Development Inc.)
QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.3620 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Submachine 3 (HKLM\...\Submachine 3_is1) (Version:  - Mateusz Skutnik)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TetrisZone (HKLM\...\{A7125C46-3974-4268-BA37-CCA93DF83D93}) (Version: 1.2.1.0075 - Blue Planet Software)
The Fog Fall 2 (HKLM\...\The Fog Fall 2_is1) (Version:  - Pastel Games)
TRENDnet TEW-641PC/TEW-643PI Wireless Cardbus/PCI Adapter (HKLM\...\{A9A1B8A2-D2EC-4A05-951D-7E337B07B5C3}) (Version: 1.00.0000 - TRENDnet)
Unity Web Player (HKU\S-1-5-21-1123561945-152049171-1606980848-1003\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Xirrus Wi-Fi Inspector (HKLM\...\{14F84065-1316-42C6-B619-1FE1880050E0}) (Version: 1.2.0000 - Xirrus)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\OWNER\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{FB99D700-18B9-11D0-A4CF-00A024C91936}\InprocServer32 -> C:\Program Files\Common Files\Borland Shared\BDE\idsql32.dll ()
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{FB99D710-18B9-11D0-A4CF-00A024C91936}\InprocServer32 -> C:\Program Files\Common Files\Borland Shared\BDE\idapi32.dll ()

==================== Restore Points  =========================

27-09-2014 03:38:55 System Checkpoint
28-09-2014 07:46:19 System Checkpoint
29-09-2014 08:21:06 System Checkpoint
30-09-2014 12:37:41 System Checkpoint
01-10-2014 13:58:29 System Checkpoint
02-10-2014 15:12:25 System Checkpoint
03-10-2014 16:03:15 System Checkpoint
04-10-2014 16:03:55 System Checkpoint
06-10-2014 13:14:32 System Checkpoint
07-10-2014 16:37:19 System Checkpoint
08-10-2014 17:12:39 System Checkpoint
09-10-2014 21:11:22 System Checkpoint
11-10-2014 11:10:14 System Checkpoint
13-10-2014 22:59:21 System Checkpoint
15-10-2014 11:20:55 System Checkpoint
16-10-2014 01:08:20 Software Distribution Service 3.0
16-10-2014 04:20:20 Software Distribution Service 3.0
17-10-2014 04:33:21 System Checkpoint
18-10-2014 12:47:23 Removed Java 7 Update 67
19-10-2014 20:34:54 System Checkpoint
21-10-2014 02:31:19 Restore Operation
21-10-2014 02:41:21 Restore Operation
21-10-2014 02:44:51 Restore Operation
21-10-2014 02:48:27 Restore Operation
21-10-2014 02:51:54 Restore Operation
21-10-2014 12:50:59 Restore Operation
21-10-2014 12:55:06 Restore Operation
21-10-2014 12:59:05 Restore Operation
21-10-2014 13:03:02 Restore Operation
21-10-2014 13:13:59 Restore Operation
21-10-2014 13:31:21 Restore Operation
21-10-2014 13:34:36 Restore Operation
21-10-2014 13:38:28 Restore Operation
22-10-2014 03:55:22 Installed AVG 2015
22-10-2014 13:18:47 Installed AVG 2015
23-10-2014 14:32:12 System Checkpoint
24-10-2014 09:10:48 Spybot-S&D Spyware removal
25-10-2014 13:16:52 System Checkpoint
26-10-2014 16:49:15 System Checkpoint
27-10-2014 19:44:57 System Checkpoint
28-10-2014 20:09:32 System Checkpoint
29-10-2014 23:40:47 System Checkpoint
31-10-2014 00:29:39 System Checkpoint
01-11-2014 00:35:29 System Checkpoint
02-11-2014 03:09:39 System Checkpoint
03-11-2014 22:25:29 System Checkpoint
05-11-2014 04:10:20 System Checkpoint
06-11-2014 22:20:51 System Checkpoint
08-11-2014 18:47:52 System Checkpoint
10-11-2014 20:36:38 System Checkpoint
11-11-2014 22:29:56 System Checkpoint
13-11-2014 04:14:42 Software Distribution Service 3.0
14-11-2014 09:51:17 System Checkpoint
15-11-2014 16:49:37 System Checkpoint
16-11-2014 18:15:45 System Checkpoint
17-11-2014 18:20:15 System Checkpoint
18-11-2014 22:30:07 Spybot-S&D Spyware removal
19-11-2014 23:44:10 System Checkpoint
21-11-2014 17:28:44 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 15:00 - 2014-11-21 12:37 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-152049171-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-152049171-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2010-12-05 12:39 - 2006-11-09 12:40 - 00151040 _____ () C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll
2010-12-05 12:39 - 2006-12-21 02:10 - 03543552 _____ () C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
2013-02-17 14:01 - 2009-12-09 18:00 - 00368640 _____ () C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe
2013-02-17 14:01 - 2009-10-08 12:21 - 00233472 _____ () C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanDll.dll
2013-02-17 14:01 - 2009-01-23 11:58 - 00212992 _____ () C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCtl.dll
2013-02-17 14:01 - 2009-03-24 14:01 - 00233472 _____ () C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanSup.dll
2013-02-17 14:01 - 2009-09-03 10:53 - 00200704 _____ () C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WPSCtrl.dll
2013-02-17 14:01 - 2008-06-27 10:10 - 00118784 _____ () C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanWPS.dll
2013-02-17 14:01 - 2007-12-15 01:30 - 01167360 _____ () C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\acAuth.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\OWNER\Application Data\desktop.ini:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\OWNER\Application Data\desktop.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1123561945-152049171-1606980848-500 - Administrator - Enabled)
Guest (S-1-5-21-1123561945-152049171-1606980848-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1123561945-152049171-1606980848-1000 - Limited - Disabled)
OWNER (S-1-5-21-1123561945-152049171-1606980848-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\OWNER
SUPPORT_388945a0 (S-1-5-21-1123561945-152049171-1606980848-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2014 06:06:08 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 502 (HTTP Response Status)

Error: (11/21/2014 00:35:12 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 502 (HTTP Response Status)

Error: (11/19/2014 00:58:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (11/19/2014 00:58:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (11/19/2014 00:44:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (11/19/2014 00:44:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (11/19/2014 00:44:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (11/19/2014 00:44:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (11/19/2014 00:44:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (11/19/2014 00:44:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong


System errors:
=============
Error: (11/21/2014 06:39:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgtp

Error: (11/21/2014 06:39:48 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer Lexmark 5400 Series failed to initialize because a suitable Lexmark 5400 Series driver could not be found.

Error: (11/21/2014 06:39:48 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer Fax Lexmark 5400 Series failed to initialize because a suitable Fax Lexmark 5400 Series Printer driver could not be found.

Error: (11/21/2014 05:58:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FileOpenManagerSvc service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/21/2014 05:50:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgtp

Error: (11/21/2014 05:50:16 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer Lexmark 5400 Series failed to initialize because a suitable Lexmark 5400 Series driver could not be found.

Error: (11/21/2014 05:50:16 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer Fax Lexmark 5400 Series failed to initialize because a suitable Fax Lexmark 5400 Series Printer driver could not be found.

Error: (11/21/2014 05:50:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NWLink SPX/SPXII Protocol service failed to start due to the following error:
%%2

Error: (11/21/2014 05:44:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FileOpenManagerSvc service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/21/2014 05:41:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgtp


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.06GHz
Percentage of memory in use: 31%
Total physical RAM: 1527.48 MB
Available physical RAM: 1053.34 MB
Total Pagefile: 2135.19 MB
Available Pagefile: 1687.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.27 GB) (Free:19.47 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (Iomega HDD  ) (Fixed) (Total:931.51 GB) (Free:563.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 1D829F28)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 16B8235F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,547 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 PM

Posted 22 November 2014 - 08:20 AM

Glad we are making a little progress.

Don't worry about the System Summary for now. If we need it we will hunt it down.

Can you tell me if this program sounds familiar?

Hotshot Shield by Anchorfree

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-1123561945-152049171-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1123561945-152049171-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [X]
S3 ASFWHide; \??\C:\Documents and Settings\OWNER\Local Settings\TEMP\ASFWHide [X]
S1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [X]
S3 catchme; \??\C:\DOCUME~1\OWNER\LOCALS~1\Temp\catchme.sys [X]
R3 DrvFltIp; \??\C:\Documents and Settings\OWNER\Local Settings\TEMP\DrvFltIp [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S0 guoc; System32\drivers\ixxqkg.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
U3 TrueSight; \??\ [X]
AlternateDataStreams: C:\Documents and Settings\OWNER\Application Data\desktop.ini:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\OWNER\Application Data\desktop.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
EmptyTemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize the Program?
  • Fixlog
  • MiniToolBox log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Cyclops62

Cyclops62
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wilmington, NC USA
  • Local time:03:31 PM

Posted 22 November 2014 - 04:43 PM

Greetings...I have never heard of HotspotShield.

 

 

 

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by OWNER (administrator) on 22-11-2014 at 16:25:16
Running from "C:\Documents and Settings\OWNER\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877;

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

TRENDnet Wireless N PC Card/PCI Adapter = Wireless Network Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : hp-05e77db9975b

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : TRENDnet Wireless N PC Card/PCI Adapter

        Physical Address. . . . . . . . . : D8-EB-97-19-6B-61

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.129

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 192.168.1.1

        NetBIOS over Tcpip. . . . . . . . : Disabled

        Lease Obtained. . . . . . . . . . : Saturday, November 22, 2014 2:39:30 PM

        Lease Expires . . . . . . . . . . : Sunday, November 23, 2014 2:39:30 PM

Server:  unknown
Address:  192.168.1.1

Name:    google.com
Addresses:  173.194.37.35, 173.194.37.34, 173.194.37.38, 173.194.37.39
      173.194.37.37, 173.194.37.41, 173.194.37.36, 173.194.37.33, 173.194.37.40
      173.194.37.32, 173.194.37.46



Pinging google.com [173.194.37.46] with 32 bytes of data:



Reply from 173.194.37.46: bytes=32 time=22ms TTL=54

Reply from 173.194.37.46: bytes=32 time=26ms TTL=54



Ping statistics for 173.194.37.46:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 22ms, Maximum = 26ms, Average = 24ms

Server:  unknown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  206.190.36.45, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=57ms TTL=48

Reply from 98.138.253.109: bytes=32 time=72ms TTL=48



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 57ms, Maximum = 72ms, Average = 64ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...d8 eb 97 19 6b 61 ...... TRENDnet Wireless N PC Card/PCI Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.129      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0    192.168.1.129   192.168.1.129      20
      192.168.1.0    255.255.255.0    192.168.1.129   192.168.1.129      20
    192.168.1.129  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255    192.168.1.129   192.168.1.129      20
        224.0.0.0        240.0.0.0    192.168.1.129   192.168.1.129      20
  255.255.255.255  255.255.255.255    192.168.1.129   192.168.1.129      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 05 C:\WINDOWS\system32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

**** End of log ****

 

 

More to come...



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,547 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 PM

Posted 22 November 2014 - 04:58 PM

Thank you,

Before I provide a fix could you tell me if these look familiar? As far as I can tell they are related to the HotSpot I asked about. I just want to be sure before we delete them.

C:\Documents and Settings\fbwuserFC45\Local Settings\temp
C:\Documents and Settings\fbwuserBA38\Local Settings\temp
C:\Documents and Settings\fbwuser0799\Local Settings\temp
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Cyclops62

Cyclops62
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wilmington, NC USA
  • Local time:03:31 PM

Posted 22 November 2014 - 04:59 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2014 01
Ran by OWNER (administrator) on HP-05E77DB9975B on 22-11-2014 16:43:56
Running from C:\Documents and Settings\OWNER\Desktop
Loaded Profile: OWNER (Available profiles: OWNER & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(adi) C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
() C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
(RealNetworks, Inc.) G:\Program Files\Update\realsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileOpen Systems Inc.) C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [357384 2009-09-12] (Acronis)
HKLM\...\Run: [DrvLsnr] => C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe [69632 2003-05-08] (adi)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Ashampoo FireWall PRO] => C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe [3543552 2006-12-21] ()
HKLM\...\Run: [TkBellExe] => G:\program files\update\realsched.exe [296056 2012-05-18] (RealNetworks, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [autoauto] => C:\WINDOWS\system32\83645195.bat [19 2014-09-07] ()
HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [508144 2014-05-30] (QFX Software Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWQBHAEEANAAtAFAAUABCAFIAOAAtAFcAUQBWADcAQQAtADcAOABVADIAOQAtADgARQBNAEIAUgA"&"inst=NwA2AC0ANQAxADcANAAyAD (the data entry has 104 more characters).
HKU\S-1-5-21-1123561945-152049171-1606980848-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1123561945-152049171-1606980848-1003\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Documents and Settings\OWNER\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=fa0110e073f447d380f9083759b34047-27ae90f458bc440526a1e0dc406a4c3d6d56d3cc /CMPID=021 (the data entry has 2 more characters).
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe ()
Startup: C:\Documents and Settings\OWNER\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1123561945-152049171-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1123561945-152049171-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1123561945-152049171-1606980848-1003 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1123561945-152049171-1606980848-1003 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default
FF DefaultSearchEngine: IMDB
FF SelectedSearchEngine: IMDB
FF Homepage: https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&ss=1&scc=1&ltmpl=default&ltmplcache=2&hl=en&emr=1&elo=1
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> G:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 -> g:\program files\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 -> g:\program files\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 -> g:\program files\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> G:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1123561945-152049171-1606980848-1003: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> G:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1123561945-152049171-1606980848-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\OWNER\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\searchplugins\search-1.xml
FF SearchPlugin: C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\searchplugins\search-2.xml
FF SearchPlugin: C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\searchplugins\webster.xml
FF Extension: HTTPS-Everywhere - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\https-everywhere@eff.org [2014-10-16]
FF Extension: Show Me More - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\showmemore@suskind [2012-01-04]
FF Extension: PrivacyChoice TrackerWatcher - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\trackerwatcher@privacychoice.org [2011-03-16]
FF Extension: ColorfulTabs - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-10-31]
FF Extension: Compact Menu 2 - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4} [2011-10-15]
FF Extension: PhishTank SiteChecker - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{8bc5b5eb-0ec4-46ed-a024-ace8a3032888} [2010-10-15]
FF Extension: DownloadHelper - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: BetterPrivacy - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2012-01-25]
FF Extension: Redirect Remover - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} [2010-10-15]
FF Extension: Disconnect - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\2.0@disconnect.me.xpi [2013-12-23]
FF Extension: Dark Revisited - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\DarkRevisited@bluewebstudios.com.xpi [2012-03-11]
FF Extension: YouTube Video and Audio Downloader - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-05-10]
FF Extension: Ad-blocker for Gmail - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi [2012-05-12]
FF Extension: NASA Night Launch - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\nasanightlaunch@example.com.xpi [2014-01-14]
FF Extension: NoSquint - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\nosquint@urandom.ca.xpi [2013-02-17]
FF Extension: Saved Password Editor - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2012-03-28]
FF Extension: TrackMeNot - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2014-11-19]
FF Extension: Google Translator for Firefox - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\translator@zoli.bod.xpi [2014-06-10]
FF Extension: Flagfox - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: Image Zoom - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2012-06-11]
FF Extension: Unhide Passwords - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2013-03-02]
FF Extension: X-notifier - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-03-17]
FF Extension: Cookie Monster - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2014-04-03]
FF Extension: StumbleUpon - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2014-01-15]
FF Extension: Download YouTube Videos as MP4 - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-01-23]
FF Extension: Adblock Plus - C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\adp3awj1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-10-24]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660520 2009-09-12] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2010-05-17] (Acronis)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 FileOpenManagerSvc; C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe [212352 2011-03-09] (FileOpen Systems Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
S2 WLSVC; C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WLSVC.exe [167936 2009-02-11] () [File not signed]
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2013-02-17] (Cisco Systems, Inc.) [File not signed]
S3 ATMFBUS; C:\WINDOWS\System32\DRIVERS\ATMFBUS.sys [38528 2009-02-02] (DEVGURU Co., LTD.)
S3 ATMFCVsp; C:\WINDOWS\System32\DRIVERS\ATMFCVsp.sys [54656 2009-02-02] (DEVGURU Co., LTD.)
S3 ATMFFLT; C:\WINDOWS\System32\DRIVERS\ATMFFLT.sys [11520 2009-01-05] (DEVGURU Co., LTD.)
S3 ATMFMdm; C:\WINDOWS\System32\DRIVERS\ATMFMdm.sys [54528 2009-02-02] (DEVGURU Co., LTD.)
S3 ATMFNET; C:\WINDOWS\System32\DRIVERS\ATMFNET.sys [103424 2009-02-02] (DEVGURU Co., LTD.)
S3 ATMFNVsp; C:\WINDOWS\System32\DRIVERS\ATMFNVsp.sys [54656 2009-02-02] (DEVGURU Co., LTD.)
S3 ATMFVsp; C:\WINDOWS\System32\DRIVERS\ATMFVsp.sys [54656 2009-02-02] (DEVGURU Co., LTD.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [198936 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [209016 2013-05-31] (QFX Software Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R3 RTL819xp; C:\WINDOWS\System32\DRIVERS\rtl819xp.sys [519168 2009-05-18] (Realtek Semiconductor Corporation                           ) [File not signed]
R0 tdrpman251; C:\WINDOWS\System32\DRIVERS\tdrpm251.sys [902432 2010-05-17] (Acronis)
R2 WLNdis50; C:\WINDOWS\System32\DRIVERS\wlndis50.sys [20480 2008-02-27] () [File not signed]
S3 ASFWHide; \??\C:\Documents and Settings\OWNER\Local Settings\TEMP\ASFWHide [X]
S1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [X]
S3 catchme; \??\C:\DOCUME~1\OWNER\LOCALS~1\Temp\catchme.sys [X]
R3 DrvFltIp; \??\C:\Documents and Settings\OWNER\Local Settings\TEMP\DrvFltIp [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S0 guoc; System32\drivers\ixxqkg.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
U3 TrueSight; \??\ [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 16:25 - 2014-11-22 16:25 - 00007753 _____ () C:\Documents and Settings\OWNER\Desktop\Result.txt
2014-11-22 16:24 - 2014-11-22 16:44 - 00022153 _____ () C:\Documents and Settings\OWNER\Desktop\FRST.txt
2014-11-22 16:13 - 2014-11-22 16:13 - 00000000 ____D () C:\Documents and Settings\OWNER\Desktop\FRST-OlderVersion
2014-11-22 14:45 - 2014-11-22 14:45 - 00401920 _____ (Farbar) C:\Documents and Settings\OWNER\Desktop\MiniToolBox.exe
2014-11-21 23:09 - 2014-11-21 23:10 - 00004116 _____ () C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-11-21 22:23 - 2014-11-21 22:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2015
2014-11-21 22:22 - 2014-11-21 22:22 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-11-21 22:21 - 2014-11-21 23:14 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-11-21 22:21 - 2014-11-21 22:22 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-21 22:21 - 2013-12-11 15:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-11-21 22:21 - 2012-03-17 23:22 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-11-21 22:21 - 2010-09-22 13:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-11-21 22:21 - 2010-05-16 21:39 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-11-21 22:21 - 2010-05-16 16:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-11-21 18:51 - 2014-11-21 18:58 - 00000000 ___SD () C:\freshcopy
2014-11-21 18:47 - 2014-11-21 18:48 - 00025953 _____ () C:\Documents and Settings\OWNER\Desktop\Addition1.txt
2014-11-21 18:46 - 2014-11-22 16:21 - 00035917 _____ () C:\Documents and Settings\OWNER\Desktop\FRST1.txt
2014-11-21 18:45 - 2014-11-22 16:44 - 00000000 ____D () C:\FRST
2014-11-21 18:43 - 2014-11-21 18:44 - 00002416 _____ () C:\Documents and Settings\OWNER\Desktop\Rkill.txt
2014-11-21 18:07 - 2014-11-22 16:44 - 00000000 ____D () C:\Documents and Settings\OWNER\Local Settings\temp
2014-11-21 18:07 - 2014-11-21 18:07 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-11-21 18:07 - 2014-11-21 18:07 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-11-21 18:07 - 2014-11-21 18:07 - 00000000 ____D () C:\Documents and Settings\fbwuserFC45\Local Settings\temp
2014-11-21 18:07 - 2014-11-21 18:07 - 00000000 ____D () C:\Documents and Settings\fbwuserBA38\Local Settings\temp
2014-11-21 18:07 - 2014-11-21 18:07 - 00000000 ____D () C:\Documents and Settings\fbwuser0799\Local Settings\temp
2014-11-21 17:56 - 2014-11-21 17:56 - 05598306 ____R (Swearware) C:\Documents and Settings\OWNER\Desktop\freshcopy.exe
2014-11-21 12:28 - 2014-11-21 12:28 - 00000000 ____D () C:\Qoobox
2014-11-21 12:28 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-11-21 12:28 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-11-21 12:28 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-11-21 12:28 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-11-21 12:28 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-11-21 12:28 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-11-21 12:28 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-11-21 12:28 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-11-21 12:28 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-11-21 12:23 - 2014-11-21 12:23 - 01944824 _____ (Bleeping Computer, LLC) C:\Documents and Settings\OWNER\Desktop\rkill.exe
2014-11-21 12:21 - 2014-11-22 16:17 - 01109504 _____ (Farbar) C:\Documents and Settings\OWNER\Desktop\FRST.exe
2014-11-21 00:19 - 2014-11-21 00:19 - 00090112 _____ () C:\WINDOWS\Minidump\Mini112114-01.dmp
2014-11-20 23:51 - 2014-11-20 23:51 - 00090112 _____ () C:\WINDOWS\Minidump\Mini112014-04.dmp
2014-11-20 22:58 - 2014-11-20 22:58 - 00090112 _____ () C:\WINDOWS\Minidump\Mini112014-03.dmp
2014-11-20 21:33 - 2014-11-20 21:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini112014-02.dmp
2014-11-20 16:19 - 2014-11-20 16:19 - 00090112 _____ () C:\WINDOWS\Minidump\Mini112014-01.dmp
2014-11-20 00:05 - 2014-11-20 10:45 - 00001491 _____ () C:\WINDOWS\setupapi.log
2014-11-19 08:47 - 2014-11-19 08:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111914-01.dmp
2014-11-18 18:05 - 2014-11-18 18:05 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111814-01.dmp
2014-11-16 17:11 - 2014-11-16 17:11 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111614-02.dmp
2014-11-16 17:03 - 2014-11-16 17:03 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111614-01.dmp
2014-11-15 11:17 - 2014-11-15 11:17 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111514-01.dmp
2014-11-14 22:39 - 2014-11-14 22:39 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111414-02.dmp
2014-11-14 15:40 - 2014-11-14 15:40 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111414-01.dmp
2014-11-13 22:55 - 2014-11-13 22:55 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111314-02.dmp
2014-11-13 20:15 - 2014-11-13 20:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111314-01.dmp
2014-11-11 00:11 - 2014-11-11 00:10 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111114-01.dmp
2014-11-10 22:39 - 2014-11-10 22:39 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111014-03.dmp
2014-11-10 17:30 - 2014-11-10 17:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111014-02.dmp
2014-11-10 16:38 - 2014-11-10 16:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-10 01:21 - 2014-11-10 01:21 - 00090112 _____ () C:\WINDOWS\Minidump\Mini111014-01.dmp
2014-11-09 19:36 - 2014-11-09 19:36 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110914-01.dmp
2014-11-06 23:19 - 2014-11-06 23:19 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110614-02.dmp
2014-11-06 09:03 - 2014-11-06 09:03 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110614-01.dmp
2014-11-05 21:44 - 2014-11-05 21:44 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110514-01.dmp
2014-11-04 16:49 - 2014-11-04 16:55 - 00000000 ____D () C:\Documents and Settings\OWNER\Local Settings\Application Data\Adobe
2014-11-04 16:44 - 2014-11-04 16:44 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110414-01.dmp
2014-11-03 15:52 - 2014-11-03 15:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110314-02.dmp
2014-11-03 07:25 - 2014-11-03 07:25 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110314-01.dmp
2014-11-02 22:29 - 2014-11-02 22:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110214-02.dmp
2014-11-02 11:52 - 2014-11-02 11:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110214-01.dmp
2014-11-01 21:10 - 2014-11-01 21:10 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110114-02.dmp
2014-11-01 15:39 - 2014-11-01 15:39 - 00090112 _____ () C:\WINDOWS\Minidump\Mini110114-01.dmp
2014-11-01 08:02 - 2014-11-01 08:02 - 00000050 _____ () C:\Documents and Settings\OWNER\Desktop\not a clue.txt
2014-10-31 18:29 - 2014-10-31 18:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini103114-02.dmp
2014-10-30 23:00 - 2014-10-30 23:00 - 00090112 _____ () C:\WINDOWS\Minidump\Mini103114-01.dmp
2014-10-30 10:11 - 2014-10-30 10:11 - 00090112 _____ () C:\WINDOWS\Minidump\Mini103014-01.dmp
2014-10-29 20:19 - 2014-10-29 20:19 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102914-04.dmp
2014-10-29 17:00 - 2014-10-29 17:00 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102914-03.dmp
2014-10-29 13:30 - 2014-10-29 13:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102914-02.dmp
2014-10-29 11:19 - 2014-10-29 11:19 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102914-01.dmp
2014-10-27 23:19 - 2014-10-27 23:19 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102814-01.dmp
2014-10-26 08:09 - 2014-10-26 08:08 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102614-01.dmp
2014-10-25 09:04 - 2014-10-25 09:04 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102514-01.dmp
2014-10-24 18:57 - 2014-10-24 18:57 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102414-02.dmp
2014-10-24 10:33 - 2014-10-24 10:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102414-01.dmp
2014-10-24 04:10 - 2014-11-18 17:30 - 00000125 _____ () C:\WINDOWS\wininit.ini
2014-10-23 20:46 - 2014-10-23 20:46 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-23 20:23 - 2014-10-23 20:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102314-03.dmp
2014-10-23 19:38 - 2014-10-23 19:38 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102314-02.dmp
2014-10-23 19:00 - 2014-10-23 19:00 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102314-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 16:18 - 2013-03-19 13:59 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-22 14:45 - 2013-12-01 17:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-11-22 14:44 - 2010-05-16 21:38 - 01581927 ____C () C:\WINDOWS\WindowsUpdate.log
2014-11-22 14:40 - 2004-08-04 15:00 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2014-11-22 14:39 - 2014-03-10 20:21 - 00000222 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-22 14:39 - 2011-09-17 00:41 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-152049171-1606980848-1003.job
2014-11-22 14:39 - 2010-11-16 21:23 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-11-22 14:39 - 2010-11-16 21:23 - 00000050 ____C () C:\WINDOWS\wiaservc.log
2014-11-22 14:39 - 2010-05-16 21:45 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-11-22 00:47 - 2010-05-16 21:44 - 00032498 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-22 00:46 - 2010-05-16 21:45 - 00000178 __SHC () C:\Documents and Settings\OWNER\ntuser.ini
2014-11-22 00:46 - 2010-05-16 21:45 - 00000000 ____D () C:\Documents and Settings\OWNER
2014-11-21 22:59 - 2010-09-25 16:55 - 00000086 _____ () C:\Documents and Settings\OWNER\default.pls
2014-11-21 22:32 - 2010-09-25 16:39 - 00000069 ____C () C:\WINDOWS\NeroDigital.ini
2014-11-21 18:08 - 2004-08-04 15:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-11-21 12:12 - 2010-10-15 17:32 - 00000000 ____D () C:\Documents and Settings\OWNER\Desktop\Unused
2014-11-21 00:19 - 2010-12-24 09:08 - 00000000 ____D () C:\WINDOWS\Minidump
2014-11-20 10:45 - 2014-04-29 09:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-11-18 16:29 - 2010-10-15 23:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWMFDist11$
2014-11-18 15:32 - 2014-06-22 23:51 - 00114904 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-16 23:46 - 2011-06-23 17:14 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-152049171-1606980848-1003.job
2014-11-12 23:28 - 2010-05-16 21:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-11-12 23:23 - 2014-01-15 19:29 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 23:15 - 2010-05-17 10:06 - 100445232 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 15:53 - 2010-09-25 16:39 - 00133120 ____C () C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-12 10:19 - 2012-04-04 10:25 - 00701104 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-12 10:19 - 2011-05-20 13:14 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-11 08:47 - 2013-12-08 13:42 - 00000000 ____D () C:\$AVG
2014-11-08 15:00 - 2014-03-10 20:21 - 00000216 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-11-02 10:50 - 2010-05-16 16:27 - 00514846 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-01 15:38 - 2013-04-10 19:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2808735$
2014-11-01 08:03 - 2014-06-25 21:37 - 00000000 ____D () C:\a
2014-10-29 21:35 - 2014-06-17 15:17 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2014-10-24 02:29 - 2012-03-13 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2647518$
2014-10-23 22:45 - 2013-12-21 20:19 - 00000000 ____D () C:\AdwCleaner
2014-10-23 20:46 - 2014-06-22 23:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-23 20:46 - 2014-06-22 23:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-23 19:41 - 2014-10-21 22:37 - 00000000 ____D () C:\Documents and Settings\OWNER\Local Settings\Application Data\Avg2015

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log =

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-11-2014 01
Ran by OWNER at 2014-11-22 16:45:10
Running from C:\Documents and Settings\OWNER\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1735.41615 - ABBYY Software House)
Acronis True Image Home (HKLM\...\{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}) (Version: 13.0.5055 - Acronis)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Ashampoo Burning Studio 10 v.10.0.15 (HKLM\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 2010 Advanced 9.25 (HKLM\...\Ashampoo Burning Studio 2010 Advanced_is1) (Version: 3.1.1 - ashampoo GmbH & Co. KG)
Ashampoo ClipFinder HD v.2.18 (HKLM\...\Ashampoo ClipFinder HD_is1) (Version: 2.1.8 - Ashampoo GmbH & Co. KG)
Ashampoo FireWall PRO 1.14 (HKLM\...\Ashampoo FireWall PRO_is1) (Version:  - Ashampoo)
Ashampoo Office 2008 (C:\Program Files\Ashampoo\Ashampoo Office 2008) (HKLM\...\sm-un1.u32) (Version:  - SoftMaker Software GmbH)
Ashampoo Photo Commander 7.60 (HKLM\...\Ashampoo Photo Commander 7_is1) (Version: 7.6.0 - ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 7 v.7.26 (HKLM\...\Ashampoo WinOptimizer 7_is1) (Version: 7.2.6 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4223 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
Canasis Games (Aug 27 2006) (HKLM\...\Canasis Games_is1) (Version: Aug27-2006 - Metamorphosis Productions International)
Covert Front 2 (HKLM\...\Covert Front 2_is1) (Version:  - Mateusz Skutnik)
DAK Time Dodger PRO (HKLM\...\{44DA018D-8AE5-4566-96A4-89E4B4E9C4C0}) (Version: 2.10.0000 - a DAK software prioduct)
DAK Wave MP3 Editor PRO v7.1b (HKLM\...\{0C14B653-ED68-4BA3-B28B-9D84DC824531}) (Version: 7.10.0000 - DAK)
DVD Decoder Pak for Windows XP (HKLM\...\{92C5DB3D-9D6F-4324-BB11-57825F4C2635}) (Version: 1.0.0 - roddy2000@hotbox.ru)
FileOpen Client (HKLM\...\{ABC082A6-A587-493C-83C1-5F2C60A8BAA8}) (Version: 3.0.47.900 - FileOpen Systems, Inc.)
Format Twister PRO (HKLM\...\{0F17B47D-2205-403D-A2BA-7351B41A8D5D}) (Version: 3.00.0000 - DAK)
Free Audio Editor (HKLM\...\Free Audio Editor) (Version:  - FAE Inc.)
Free Video to MP3 Converter version 5.0.37.327 (HKLM\...\Free Video to MP3 Converter_is1) (Version: 5.0.37.327 - DVDVideoSoft Ltd.)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
iTunes (HKLM\...\{FAE36873-1941-4076-A9A5-48812B5EA0B7}) (Version: 10.1.0.56 - Apple Inc.)
IZArc 4.1.6 (HKLM\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.4.0.2 - QFX Software Corporation)
K-Lite Codec Pack 6.6.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.6.0 - )
Ledger (HKLM\...\{0984EA04-EB2C-4AC4-BD0B-94115A48C19E}) (Version: 1.16.0.0 - Responsive Software Limited)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoHelper MergeModules (Version: 1.0.0 - Motorola) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 19.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 11 InfoTool (HKLM\...\{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}) (Version: 11.0.00500 - Nero AG)
Nero 7 Ultra Edition (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.201.0 - Tracker Software Products Ltd)
PFPortChecker 1.0.39 (HKLM\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
plusdeck2 (HKLM\...\plusdeck23.25c) (Version: 3.25c - BTO)
Pretty Good Solitaire version 12.4.0 (HKLM\...\Pretty Good Solitaire_is1) (Version: 12.4.0 - Goodsol Development Inc.)
QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.3620 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Submachine 3 (HKLM\...\Submachine 3_is1) (Version:  - Mateusz Skutnik)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TetrisZone (HKLM\...\{A7125C46-3974-4268-BA37-CCA93DF83D93}) (Version: 1.2.1.0075 - Blue Planet Software)
The Fog Fall 2 (HKLM\...\The Fog Fall 2_is1) (Version:  - Pastel Games)
TRENDnet TEW-641PC/TEW-643PI Wireless Cardbus/PCI Adapter (HKLM\...\{A9A1B8A2-D2EC-4A05-951D-7E337B07B5C3}) (Version: 1.00.0000 - TRENDnet)
Unity Web Player (HKU\S-1-5-21-1123561945-152049171-1606980848-1003\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Xirrus Wi-Fi Inspector (HKLM\...\{14F84065-1316-42C6-B619-1FE1880050E0}) (Version: 1.2.0000 - Xirrus)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\OWNER\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{FB99D700-18B9-11D0-A4CF-00A024C91936}\InprocServer32 -> C:\Program Files\Common Files\Borland Shared\BDE\idsql32.dll ()
CustomCLSID: HKU\S-1-5-21-1123561945-152049171-1606980848-1003_Classes\CLSID\{FB99D710-18B9-11D0-A4CF-00A024C91936}\InprocServer32 -> C:\Program Files\Common Files\Borland Shared\BDE\idapi32.dll ()

==================== Restore Points  =========================

27-09-2014 03:38:55 System Checkpoint
28-09-2014 07:46:19 System Checkpoint
29-09-2014 08:21:06 System Checkpoint
30-09-2014 12:37:41 System Checkpoint
01-10-2014 13:58:29 System Checkpoint
02-10-2014 15:12:25 System Checkpoint
03-10-2014 16:03:15 System Checkpoint
04-10-2014 16:03:55 System Checkpoint
06-10-2014 13:14:32 System Checkpoint
07-10-2014 16:37:19 System Checkpoint
08-10-2014 17:12:39 System Checkpoint
09-10-2014 21:11:22 System Checkpoint
11-10-2014 11:10:14 System Checkpoint
13-10-2014 22:59:21 System Checkpoint
15-10-2014 11:20:55 System Checkpoint
16-10-2014 01:08:20 Software Distribution Service 3.0
16-10-2014 04:20:20 Software Distribution Service 3.0
17-10-2014 04:33:21 System Checkpoint
18-10-2014 12:47:23 Removed Java 7 Update 67
19-10-2014 20:34:54 System Checkpoint
21-10-2014 02:31:19 Restore Operation
21-10-2014 02:41:21 Restore Operation
21-10-2014 02:44:51 Restore Operation
21-10-2014 02:48:27 Restore Operation
21-10-2014 02:51:54 Restore Operation
21-10-2014 12:50:59 Restore Operation
21-10-2014 12:55:06 Restore Operation
21-10-2014 12:59:05 Restore Operation
21-10-2014 13:03:02 Restore Operation
21-10-2014 13:13:59 Restore Operation
21-10-2014 13:31:21 Restore Operation
21-10-2014 13:34:36 Restore Operation
21-10-2014 13:38:28 Restore Operation
22-10-2014 03:55:22 Installed AVG 2015
22-10-2014 13:18:47 Installed AVG 2015
23-10-2014 14:32:12 System Checkpoint
24-10-2014 09:10:48 Spybot-S&D Spyware removal
25-10-2014 13:16:52 System Checkpoint
26-10-2014 16:49:15 System Checkpoint
27-10-2014 19:44:57 System Checkpoint
28-10-2014 20:09:32 System Checkpoint
29-10-2014 23:40:47 System Checkpoint
31-10-2014 00:29:39 System Checkpoint
01-11-2014 00:35:29 System Checkpoint
02-11-2014 03:09:39 System Checkpoint
03-11-2014 22:25:29 System Checkpoint
05-11-2014 04:10:20 System Checkpoint
06-11-2014 22:20:51 System Checkpoint
08-11-2014 18:47:52 System Checkpoint
10-11-2014 20:36:38 System Checkpoint
11-11-2014 22:29:56 System Checkpoint
13-11-2014 04:14:42 Software Distribution Service 3.0
14-11-2014 09:51:17 System Checkpoint
15-11-2014 16:49:37 System Checkpoint
16-11-2014 18:15:45 System Checkpoint
17-11-2014 18:20:15 System Checkpoint
18-11-2014 22:30:07 Spybot-S&D Spyware removal
19-11-2014 23:44:10 System Checkpoint
21-11-2014 17:28:44 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 15:00 - 2014-11-21 12:37 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-152049171-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-152049171-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2010-12-05 12:39 - 2006-11-09 12:40 - 00151040 _____ () C:\Program Files\Ashampoo\Ashampoo FireWall PRO\MD5.dll
2011-09-21 08:52 - 2011-02-28 20:42 - 00652800 ____C () G:\Program Files\IZArc\IZArcCM.dll
2010-12-05 12:39 - 2006-12-21 02:10 - 03543552 _____ () C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
2013-02-17 14:01 - 2009-12-09 18:00 - 00368640 _____ () C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe
2013-02-17 14:01 - 2009-10-08 12:21 - 00233472 _____ () C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanDll.dll
2013-02-17 14:01 - 2009-01-23 11:58 - 00212992 _____ () C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCtl.dll
2013-02-17 14:01 - 2009-03-24 14:01 - 00233472 _____ () C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanSup.dll
2013-02-17 14:01 - 2009-09-03 10:53 - 00200704 _____ () C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WPSCtrl.dll
2013-02-17 14:01 - 2008-06-27 10:10 - 00118784 _____ () C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanWPS.dll
2013-02-17 14:01 - 2007-12-15 01:30 - 01167360 _____ () C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\acAuth.dll
2014-11-10 16:38 - 2014-11-10 16:39 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\OWNER\Desktop\FRST.exe:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\OWNER\Desktop\FRST.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\OWNER\Application Data\desktop.ini:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\OWNER\Application Data\desktop.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1123561945-152049171-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1123561945-152049171-1606980848-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1123561945-152049171-1606980848-1000 - Limited - Disabled)
OWNER (S-1-5-21-1123561945-152049171-1606980848-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\OWNER
SUPPORT_388945a0 (S-1-5-21-1123561945-152049171-1606980848-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2014 06:06:08 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 502 (HTTP Response Status)

Error: (11/21/2014 00:35:12 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 502 (HTTP Response Status)

Error: (11/19/2014 00:58:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (11/19/2014 00:58:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (11/19/2014 00:44:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (11/19/2014 00:44:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (11/19/2014 00:44:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (11/19/2014 00:44:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (11/19/2014 00:44:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (11/19/2014 00:44:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong


System errors:
=============
Error: (11/22/2014 02:40:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgtp

Error: (11/22/2014 02:39:57 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer Lexmark 5400 Series failed to initialize because a suitable Lexmark 5400 Series driver could not be found.

Error: (11/22/2014 02:39:57 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer Fax Lexmark 5400 Series failed to initialize because a suitable Fax Lexmark 5400 Series Printer driver could not be found.

Error: (11/21/2014 11:16:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgtp

Error: (11/21/2014 11:16:45 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer Lexmark 5400 Series failed to initialize because a suitable Lexmark 5400 Series driver could not be found.

Error: (11/21/2014 11:16:45 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer Fax Lexmark 5400 Series failed to initialize because a suitable Fax Lexmark 5400 Series Printer driver could not be found.

Error: (11/21/2014 11:14:21 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/21/2014 11:08:44 PM) (Source: DCOM) (EventID: 10005) (User: HP-05E77DB9975B)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/21/2014 11:07:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Avgdiskx
AVGIDSDriverl
AVGIDSShim
Avgldx86
Avgtdix
avgtp
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
WS2IFSL

Error: (11/21/2014 11:07:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.06GHz
Percentage of memory in use: 35%
Total physical RAM: 1527.48 MB
Available physical RAM: 988.43 MB
Total Pagefile: 2135.19 MB
Available Pagefile: 1494.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.27 GB) (Free:19.35 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (Iomega HDD  ) (Fixed) (Total:931.51 GB) (Free:563.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 1D829F28)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 16B8235F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ===============

 

 

  Excuse me..Hotshot Shield..stlii never heard of it. 'Puter seems to be running better. Still have the C\a folder with everything in it. The Bookmarks Toolbar had been , ummm, fluttering at times. Seems to be over that.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users