Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cidox-A removal assistance needed...please.


  • This topic is locked This topic is locked
24 replies to this topic

#1 mlester47

mlester47

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 PM

Posted 19 November 2014 - 02:36 PM

Toshiba Sat55 w/ XP SP3  Intel 1.73Ghz "my clunker"

 

I really need this to go away... willing to 'donate' to "party fund". :thumbup2:

 

Any assistance is already appreciated.

 

Kind Regards,

Lester

 

PS: I kinda know the drill from reading other threads, but would like to follow instructors specific instructions.

 

Edit for attachments as follows:

 

[attachment=158307:attach.zip]

[attachment=158308:dds.txt]


Edited by mlester47, 20 November 2014 - 02:35 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:09 PM

Posted 24 November 2014 - 02:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556830 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 mlester47

mlester47
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 PM

Posted 25 November 2014 - 02:01 PM

Response to instructions:

 

 
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 PM

Posted 26 November 2014 - 09:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Please download AdwCleaner by Xplode onto your Desktop.
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
 
IMPORTANT
  •  
  • If you click the Clean button all items listed in the report will be removed.
 
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
 
===
 
Download the version of this tool for your operating system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===
 
Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.
 
How is the computer running?
Wait for further instructions.


#5 mlester47

mlester47
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 PM

Posted 26 November 2014 - 11:17 PM

Thank you for your assistance.

 

I am out of town with my daughter in Georgia and will be unable to respond with the information you have requested until the 30th - Sunday.

 

Please don't throw me away.

 

Happy Thanksgiving.

 

Lester



#6 mlester47

mlester47
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 PM

Posted 30 November 2014 - 12:29 AM

Hello nasdaq,

 

I downloaded AdwCleaner - scan - attached report file.

 

I do not know what to uncheck before running CLEAN. I recognized Registry Mechanic as a keeper, but will need your input on other "false positives" (?) to uncheck before running CLEAN - then I can continue with the last instructions on scanning again with AdwCleaner after CLEAN and submitting that report.

 

I have FRST.exe downloaded, but have not run that yet...needed to see your response to above action first.

 

Thanks for helping me and waiting until Holiday was over.

 

Lester

 

[attachment=158702:AdwCleanerR0.txt]


Edited by mlester47, 30 November 2014 - 12:34 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 PM

Posted 30 November 2014 - 09:46 AM

Yes you can keep the Registry Mechanic.

Clean all the other items.

#8 mlester47

mlester47
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 PM

Posted 30 November 2014 - 05:29 PM

[attachment=158729:AdwCleanerS0.txt]      After 1st Clean

 

[attachment=158730:AdwCleanerS1.txt]      After 2nd Clean

 

 

I am unable to 'paste'  FRST.txt    I am able to 'attach' it - not what instruction reads.

 

[attachment=158731:Addition.txt]  as instructed

 

Please advise.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 PM

Posted 01 December 2014 - 08:24 AM

I am unable to 'paste' FRST.txt I am able to 'attach' it - not what instruction reads.

Try to paste the FRST.txt log in your next post.

Attach it if you need to.

#10 mlester47

mlester47
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 PM

Posted 01 December 2014 - 08:49 AM

I can right-click and 'copy' the FRST.txt file on my desktop, but a right-click on this reply section fails to give a 'paste' option... so...
 
 
"Attach it if you need to."
 
 
[attachment=158757:FRST.txt]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by HPLA (administrator) on TOSHIBA-SAT55 on 30-11-2014 16:01:42
Running from C:\Documents and Settings\HPLA\Desktop
Loaded Profile: HPLA (Available profiles: HPLA & ADMINISTRATOR-2 & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
(Agere Systems) C:\WINDOWS\agrsmmsg.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe
(COMPAL ELECTRONIC INC.) C:\Program Files\Toshiba\TouchPad\TPTray.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Tvs\TvsTray.exe
(TOSHIBA) C:\WINDOWS\system32\TCtrlIOHook.exe
(Atheros Communications, Inc.) C:\Program Files\Atheros\ACU.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe
(TOSHIBA Corporation) C:\TOSHIBA\IVP\ISM\pinger.exe
(Nektra S.A.) C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [385024 2004-10-15] (Intel Corporation)
HKLM\...\Run: [TFncKy] => TFncKy.exe
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [196608 2004-03-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88358 2005-04-12] (Agere Systems)
HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [28672 2005-04-20] (TOSHIBA CO.,LTD.)
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [65536 2005-02-25] (TOSHIBA)
HKLM\...\Run: [TPSMain] => C:\WINDOWS\system32\TPSMain.exe [270336 2004-12-28] (TOSHIBA Corporation)
HKLM\...\Run: [TPNF] => C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [53248 2004-11-29] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [Tvs] => C:\Program Files\Toshiba\Tvs\TvsTray.exe [73728 2005-04-05] (TOSHIBA Corporation)
HKLM\...\Run: [TCtryIOHook] => C:\WINDOWS\system32\TCtrlIOHook.exe [28672 2004-05-01] (TOSHIBA)
HKLM\...\Run: [ACU] => C:\Program Files\Atheros\ACU.exe [290816 2005-03-28] (Atheros Communications, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [EOUApp] => C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [356352 2004-10-15] (Intel Corporation)
HKLM\...\Run: [InCD] => C:\Program Files\Ahead\InCD\InCD.exe [1450096 2004-08-26] (Ahead Software AG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PINGER] => C:\TOSHIBA\IVP\ISM\pinger.exe [151552 2005-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [Nektra OEAPI] => C:\Program Files\Common Files\PC Tools\Outlook Express API\Launcher.exe [86016 2008-07-21] (Nektra S.A.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-25] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\IntelWireless: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3516338271-79847034-268398124-1008\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
HKU\S-1-5-21-3516338271-79847034-268398124-1008\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
HKU\S-1-5-21-3516338271-79847034-268398124-1008\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
HKU\S-1-5-21-3516338271-79847034-268398124-1008\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-3516338271-79847034-268398124-1008 -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: MCIEPlugIn Class -> {C09C9904-FD44-11D6-A711-00105AC8F168} -> No File
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3516338271-79847034-268398124-1008 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3516338271-79847034-268398124-1008 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3516338271-79847034-268398124-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: MCOEShellHook Class - {B9E618A2-A4FE-11D4-83C2-005004636C96} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HPLA\Application Data\Mozilla\Firefox\Profiles\q3uhp685.default-1414332840406
FF Homepage: about:privatebrowsing
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( )
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-02]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2013-05-14]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2013-05-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-26]
FF HKLM\...\Thunderbird\Extensions: [astoolbar@pctools.com] - C:\Program Files\Spyware Doctor\SpamMonitor\PCTools Email Toolbars\Thunderbird
FF Extension: PC Tools Anti-Spam Toolbar - C:\Program Files\Spyware Doctor\SpamMonitor\PCTools Email Toolbars\Thunderbird [2014-04-18]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-25] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-25] (AVAST Software)
S3 BITS; C:\WINDOWS\System32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation) [File not signed]
R2 BthServ; C:\WINDOWS\System32\bthserv.dll [30208 2008-04-13] (Microsoft Corporation) [File not signed]
S4 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S3 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [86016 2004-10-15] (Intel Corporation) [File not signed]
S4 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S4 gupdate1c9ad97b995accd; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation) [File not signed]
S2 HidServ; C:\WINDOWS\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation) [File not signed]
S4 InCDsrv; C:\Program Files\Ahead\InCD\InCDsrv.exe [1192050 2004-08-27] (Ahead Software AG) [File not signed]
S4 InCDsrvR; C:\Program Files\Ahead\InCD\InCDsrv.exe [1192050 2004-08-27] (Ahead Software AG) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-14] (Oracle Corporation)
S3 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
S4 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation) [File not signed]
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-13] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation) [File not signed]
R2 OwnershipProtocol; C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe [98304 2004-10-15] (Intel Corporation) [File not signed]
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [139264 2004-10-15] (Intel Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [360521 2004-10-15] (Intel Corporation ) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S4 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation) [File not signed]
S4 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation) [File not signed]
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
S4 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation) [File not signed]
R2 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ACPIEC; C:\WINDOWS\System32\DRIVERS\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 AgereSoftModem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [1066278 2005-04-12] (Agere Systems) [File not signed]
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2317504 2005-04-19] (Realtek Semiconductor Corp.)
S3 ApfiltrService; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [101874 2004-11-15] (Alps Electric Co., Ltd.) [File not signed]
S3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-25] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-11-25] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-25] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-04-26] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [253640 2014-11-25] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-25] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-25] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-25] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-25] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-25] ()
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
S3 BthEnum; C:\WINDOWS\System32\DRIVERS\BthEnum.sys [17024 2008-04-13] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\DRIVERS\bthmodem.sys [37888 2008-04-13] (Microsoft Corporation) [File not signed]
S3 BthPan; C:\WINDOWS\System32\DRIVERS\bthpan.sys [101120 2008-04-13] (Microsoft Corporation) [File not signed]
S3 BTHPORT; C:\WINDOWS\System32\Drivers\BTHport.sys [272128 2008-06-13] (Microsoft Corporation) [File not signed]
S3 BTHUSB; C:\WINDOWS\System32\Drivers\BTHUSB.sys [18944 2008-04-13] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2004-08-04] (Microsoft Corporation) [File not signed]
S3 CBTNDIS5; C:\WINDOWS\system32\CBTNDIS5.SYS [17142 2003-07-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S4 CdaC15BA; C:\WINDOWS\system32\drivers\CDAC15BA.SYS [8864 2009-06-10] () [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Compbatt; C:\WINDOWS\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation) [File not signed]
S4 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
S4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Fdc; C:\WINDOWS\system32\Drivers\Fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Flpydisk; C:\WINDOWS\system32\Drivers\Flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
R4 InCDfs; C:\WINDOWS\system32\Drivers\InCDfs.sys [92928 2004-08-27] (Ahead Software AG) [File not signed]
R1 InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [28672 2004-08-27] (Ahead Software AG) [File not signed]
U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [7680 2004-08-27] (Ahead Software AG) [File not signed]
R1 incdrm; C:\WINDOWS\system32\Drivers\incdrm.sys [27648 2004-08-26] (Ahead Software AG) [File not signed]
R0 IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
S3 ivusb; C:\WINDOWS\System32\DRIVERS\ivusb.sys [25112 2010-07-28] (Initio Corporation)
R3 IWCA; C:\WINDOWS\System32\DRIVERS\iwca.sys [234496 2004-08-12] (Intel Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
S3 KMWDFILTER; C:\WINDOWS\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2014-10-01] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\WINDOWS\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation) [File not signed]
S3 odysseyIM4; C:\WINDOWS\System32\DRIVERS\odysseyIM4.sys [173056 2004-09-24] (Funk Software, Inc.) [File not signed]
R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\WINDOWS\system32\Drivers\Parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
R0 Pcmcia; C:\WINDOWS\System32\DRIVERS\pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.) [File not signed]
S3 Point32; C:\WINDOWS\System32\DRIVERS\point32.sys [21760 2005-12-01] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
S1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RFCOMM; C:\WINDOWS\System32\DRIVERS\rfcomm.sys [59136 2008-04-13] (Microsoft Corporation) [File not signed]
S3 ROOTMODEM; C:\WINDOWS\System32\Drivers\RootMdm.sys [5888 2004-08-04] (Microsoft Corporation) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11354 2004-10-15] (Intel Corporation) [File not signed]
R3 sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [79232 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S2 Serial; C:\WINDOWS\system32\Drivers\Serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
R1 SerTVOutCtlr; C:\WINDOWS\System32\drivers\EPIOMngr.sys [6400 2004-07-30] (COMPAL ELECTRONIC INC.) [File not signed]
S3 sffdisk; C:\WINDOWS\System32\DRIVERS\sffdisk.sys [11904 2008-04-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\WINDOWS\System32\DRIVERS\sffp_sd.sys [11008 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Sfloppy; C:\WINDOWS\System32\DRIVERS\sfloppy.sys [11392 2008-04-13] (Microsoft Corporation) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
S4 sr; C:\WINDOWS\system32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R1 SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [6400 2005-04-20] (COMPAL ELECTRONIC INC.) [File not signed]
R1 SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [6400 2005-04-20] (COMPAL ELECTRONIC INC.) [File not signed]
S3 StillCam; C:\WINDOWS\System32\DRIVERS\serscan.sys [6784 2001-08-17] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R2 TBiosDrv; C:\WINDOWS\system32\drivers\TBiosDrv.sys [6867 2003-06-11] () [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-13] (Microsoft Corporation) [File not signed]
R3 tifm21; C:\WINDOWS\System32\drivers\tifm21.sys [162560 2005-11-30] (Texas Instruments) [File not signed]
R1 TPwSav; C:\WINDOWS\System32\Drivers\TPwSav.sys [8704 2005-02-25] (TOSHIBA ) [File not signed]
R3 Tvs; C:\WINDOWS\System32\DRIVERS\Tvs.sys [29056 2005-04-15] (TOSHIBA Corporation) [File not signed]
S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32128 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [3222784 2004-10-29] (Intel® Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed]
S4 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2004-08-04] (Microsoft Corporation) [File not signed]
R0 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [230400 2005-03-30] (Marvell)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [14208 2008-04-13] (Microsoft Corporation) [File not signed]
S4 portD; system32\DRIVERS\portd2k.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
S4 StickyMesger; \??\C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys [X]
S4 TfFsMon; system32\drivers\TfFsMon.sys [X]
S4 TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [X]
S4 TFSysMon; system32\drivers\TfSysMon.sys [X]
S4 wanatw; system32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 16:01 - 2014-11-30 16:02 - 00043914 _____ () C:\Documents and Settings\HPLA\Desktop\FRST.txt
2014-11-30 16:01 - 2014-11-30 16:01 - 00000000 ____D () C:\FRST
2014-11-30 15:58 - 2014-11-30 15:58 - 01109504 _____ (Farbar) C:\Documents and Settings\HPLA\Desktop\FRST.exe
2014-11-29 22:54 - 2014-11-30 15:49 - 00000000 ____D () C:\AdwCleaner
2014-11-29 22:44 - 2014-11-29 22:44 - 02148864 _____ () C:\Documents and Settings\HPLA\Desktop\adwcleaner_4.102.exe
2014-11-25 12:14 - 2014-11-25 12:14 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-11-25 12:14 - 2014-11-25 12:14 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-11-25 12:00 - 2014-11-25 12:00 - 00000000 ____H () C:\Documents and Settings\Administrator\S-1-5-21-3516338271-79847034-268398124-500.rrr.LOG
2014-11-22 11:40 - 2014-11-22 11:40 - 01452676 _____ () C:\Documents and Settings\HPLA\My Documents\AutoRuns.arn
2014-11-21 13:28 - 2014-11-21 13:28 - 00512646 _____ () C:\Documents and Settings\HPLA\My Documents\metal building.bmp
2014-11-21 00:59 - 2014-11-21 01:00 - 00000000 ____D () C:\Documents and Settings\HPLA\My Documents\3_C H A R T S
2014-11-20 22:37 - 2014-11-20 22:38 - 00000000 ____D () C:\Documents and Settings\HPLA\My Documents\Bookmark Backup
2014-11-20 13:52 - 2014-11-20 14:43 - 00000000 ____D () C:\Documents and Settings\HPLA\Desktop\mbar
2014-11-19 03:00 - 2014-11-30 15:17 - 00060742 _____ () C:\WINDOWS\system32\AppLog.log
2014-11-18 18:29 - 2014-11-18 18:29 - 00000059 _____ () C:\Documents and Settings\HPLA\Desktop\Bleeping Computer - Technical Support and Computer Help.URL
2014-11-18 16:47 - 2014-11-18 16:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-18 15:50 - 2014-11-18 15:51 - 00788728 _____ (Emsisoft GmbH) C:\Documents and Settings\HPLA\Desktop\mbrmastr.exe
2014-11-18 14:41 - 2014-11-25 12:00 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-18 14:41 - 2014-11-18 15:24 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-11-18 14:41 - 2010-03-06 15:43 - 00000775 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-11-18 14:41 - 2009-05-17 02:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-11-18 14:41 - 2008-11-24 16:36 - 00001607 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-11-18 14:41 - 2008-11-23 01:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AOL
2014-11-18 14:41 - 2008-11-23 00:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Intel
2014-11-18 14:41 - 2005-05-23 15:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Intuit
2014-11-18 14:41 - 2005-05-23 15:24 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\My eBooks
2014-11-18 14:41 - 2005-05-23 15:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\InterTrust
2014-11-18 14:41 - 2005-05-23 15:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-11-18 14:41 - 2005-05-23 15:01 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\toshiba
2014-11-18 14:41 - 2005-05-23 14:45 - 00000000 ____D () C:\Documents and Settings\Administrator\WINDOWS
2014-11-18 14:41 - 2005-05-23 10:59 - 00000746 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-11-18 14:41 - 2005-05-23 10:59 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-11-15 08:18 - 2014-11-22 11:36 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-15 08:18 - 2014-11-22 11:36 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 12:40 - 2014-11-30 15:19 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-13 14:08 - 2014-11-13 14:08 - 00000859 _____ () C:\Documents and Settings\HPLA\Desktop\PayPal.URL
2014-11-12 20:29 - 2014-11-12 20:29 - 00000000 ____D () C:\Documents and Settings\HPLA\Application Data\Ahead
2014-11-06 07:45 - 2014-11-30 15:17 - 00000254 _____ () C:\WINDOWS\Tasks\RMSchedule.job
2014-11-06 07:38 - 2014-11-30 15:52 - 00000252 _____ () C:\WINDOWS\Tasks\RMAutoUpdate.job
2014-11-01 19:34 - 2014-11-01 19:34 - 04184008 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\HPLA\Desktop\tdsskiller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 15:58 - 2014-04-26 09:36 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-11-30 15:54 - 2013-03-20 12:41 - 00609926 _____ () C:\WINDOWS\setupapi.log
2014-11-30 15:52 - 2014-05-06 03:08 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-30 15:52 - 2010-03-06 18:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-11-30 15:52 - 2005-05-23 10:53 - 01168319 ____C () C:\WINDOWS\WindowsUpdate.log
2014-11-30 15:51 - 2010-04-29 18:56 - 00000000 ____D () C:\Program Files\Registry Mechanic
2014-11-30 15:51 - 2005-05-23 10:58 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-11-30 15:51 - 2005-05-23 03:49 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-11-30 15:51 - 2005-05-23 03:49 - 00000050 ____C () C:\WINDOWS\wiaservc.log
2014-11-30 15:49 - 2012-05-07 10:48 - 00000278 __SHC () C:\Documents and Settings\HPLA\ntuser.ini
2014-11-30 15:49 - 2005-05-23 10:58 - 00032584 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-29 22:39 - 2009-04-14 14:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\pdf995
2014-11-25 23:29 - 2013-06-08 09:58 - 00000000 ____D () C:\Documents and Settings\HPLA\Application Data\vlc
2014-11-25 21:19 - 2012-04-20 08:05 - 00701104 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-25 21:19 - 2011-06-27 01:52 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-25 12:15 - 2014-04-26 09:36 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-11-25 12:15 - 2014-04-26 09:36 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-11-25 12:14 - 2014-04-26 09:36 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-11-25 12:14 - 2014-04-26 09:36 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-11-25 12:14 - 2014-04-26 09:36 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-11-25 12:14 - 2014-04-26 09:36 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-11-25 12:14 - 2014-04-26 09:36 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-11-25 12:14 - 2014-04-26 09:36 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-11-25 12:12 - 2014-04-26 09:36 - 00026136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2014-11-25 12:11 - 2014-04-26 09:36 - 00253640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2014-11-25 12:01 - 2005-05-23 03:45 - 44564480 _____ () C:\WINDOWS\system32\config\software.rmbak
2014-11-25 12:00 - 2014-05-24 10:25 - 00360448 _____ () C:\WINDOWS\system32\config\default.rrr
2014-11-25 12:00 - 2013-12-28 09:56 - 01146880 _____ () C:\Documents and Settings\ADMINISTRATOR-2\s-1-5-21-3516338271-79847034-268398124-1009.rrr
2014-11-25 12:00 - 2013-10-10 11:02 - 00000000 ____D () C:\Documents and Settings\ADMINISTRATOR-2
2014-11-25 12:00 - 2012-05-07 10:48 - 00000000 ____D () C:\Documents and Settings\HPLA
2014-11-25 12:00 - 2011-02-21 12:43 - 00155648 _____ () C:\Documents and Settings\NetworkService\s-1-5-20.rrr
2014-11-25 12:00 - 2005-05-23 10:58 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-23 22:29 - 2013-08-25 13:16 - 00000000 ____D () C:\Documents and Settings\HPLA\My Documents\Download Confirmations
2014-11-20 14:43 - 2014-10-28 12:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-11-18 19:21 - 2012-04-26 01:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-18 13:21 - 2005-05-23 03:41 - 00000000 ____D () C:\WINDOWS\Media
2014-11-17 17:36 - 2008-12-01 21:33 - 00002487 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2014-11-15 23:33 - 2014-09-16 13:07 - 00000000 ____D () C:\Documents and Settings\HPLA\My Documents\D O W N L O A D S
2014-11-13 15:27 - 2008-11-24 16:29 - 00000000 ____D () C:\Program Files\Hardcopy
2014-11-12 23:17 - 2013-06-08 09:41 - 00000000 ____D () C:\Documents and Settings\HPLA\My Documents\2_B O A T
2014-11-12 20:34 - 2013-06-08 09:44 - 00000000 ____D () C:\Documents and Settings\HPLA\My Documents\Motorcycle Trips
2014-11-12 20:19 - 2013-06-08 09:44 - 00000000 ____D () C:\Documents and Settings\HPLA\My Documents\My Pics
2014-11-12 20:01 - 2014-01-13 17:03 - 00000000 ____D () C:\Documents and Settings\HPLA\My Documents\Download Tax Info
2014-11-12 19:57 - 2013-06-08 09:43 - 00000000 ____D () C:\Documents and Settings\HPLA\My Documents\Land
2014-11-09 21:36 - 2009-12-22 13:09 - 00000790 ____C () C:\WINDOWS\pstudio.ini
2014-11-07 17:41 - 2005-05-23 03:46 - 00074632 ____C () C:\WINDOWS\system32\PerfStringBackup.INI

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Edited by nasdaq, 01 December 2014 - 11:19 AM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 PM

Posted 01 December 2014 - 11:32 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

HKLM\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
BHO: MCIEPlugIn Class -> {C09C9904-FD44-11D6-A711-00105AC8F168} -> No File
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File
Toolbar: HKU\S-1-5-21-3516338271-79847034-268398124-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
ShellExecuteHooks: MCOEShellHook Class - {B9E618A2-A4FE-11D4-83C2-005004636C96} - No File [ ]
S4 gupdate1c9ad97b995accd; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
S4 portD; system32\DRIVERS\portd2k.sys [X]
S4 StickyMesger; \??\C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys [X]
S4 TfFsMon; system32\drivers\TfFsMon.sys [X]
S4 TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [X]
S4 TFSysMon; system32\drivers\TfSysMon.sys [X]
S4 wanatw; system32\DRIVERS\wanatw4.sys [X]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#12 mlester47

mlester47
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 PM

Posted 01 December 2014 - 05:51 PM

[attachment=158777:Fixlog.txt]
 
[attachment=158780:checkup.txt]
 
 
Results of screen317's Security Check version 0.99.91
Windows XP Service Pack 3 x86 (UAC is disabled!)
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 2.0.3.1025
Java 7 Update 71
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 15.0.0.239
Adobe Reader 9
Adobe Reader XI
Mozilla Firefox (33.1.1)
Mozilla Thunderbird (24.6.0)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


Infection still present...

Edited by nasdaq, 02 December 2014 - 08:08 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 PM

Posted 02 December 2014 - 08:11 AM


Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please let me know what exactly is the problem with this computer.

#14 mlester47

mlester47
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 PM

Posted 02 December 2014 - 04:42 PM

1. Click on "Report" and copy/paste the content of the Notepad into your next reply

2. Please let me know what exactly is the problem with this computer.

 

 

 

1. Well, i'm not sure you understood me earlier when I informed you that there appears to be no way to 'copy/paste' to a reply on this site. I can't open a text file from my desktop, copy it, come to the reply section of this topic, right-click and find a 'paste' option.

 

so I have decided to attach it instead.    [attachment=158811:RKreport_DEL_12022014_134638.log]

 

2. Every time Avast runs a 'quick' or 'full' scan of my computer, detection is as follows:

 

       File Name;  MBR:\\ \PHYSICALDRIVE0\Partition1    THREAT: CIDOX-A (rtk)

    

       I'm almost sure that's the heading for this topic.

 

Now I have a question for you. Is there anything you can instruct me to do that will remove this infection OR are we going to continue to just 'pull the pants down' on my computer? Hmmmmm?



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 PM

Posted 03 December 2014 - 09:35 AM


I can't open a text file from my desktop, copy it, come to the reply section of this topic


Download GetOpenClipboardWindow.zip from here:
http://windowsxp.mvps.org/temp/GetOpenClipboardWindow.zip

Follow the instructions on this page.

http://www.howtofixcomputers.com/bb/ftopic140408.html
===


2. Every time Avast runs a 'quick' or 'full' scan of my computer, detection is as follows:

File Name; MBR:\\ \PHYSICALDRIVE0\Partition1 THREAT: CIDOX-A (rtk)


Possibly your MBR is infected.

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users