Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FB Password Reset virus


  • This topic is locked This topic is locked
71 replies to this topic

#1 Geogbuff

Geogbuff

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 17 December 2014 - 05:22 PM

Hello. Two days ago I downloaded something called "FB Password Reset Form" after I received an email message that said "someone requested a new password for your Facebook account." My computer then shut down and restarted. Realizing that it was spam and a virus, I did a scan though Malwarebytes and it found 7 things and quarantined them. McAfee also found one thing and got rid of it. Today I noticed that my computer now runs very slowly. Also, I still have Windows XP and I know that it is no longer supported but I do intend to upgrade to Windows 7 or 8 soon. Please help me fix my problem.



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 AM

Posted 22 December 2014 - 05:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560192 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Geogbuff

Geogbuff
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 23 December 2014 - 01:04 AM

I'm sorry, I do not have my original Windows CD available.
Geogbuff

Attached Files


Edited by Geogbuff, 23 December 2014 - 01:19 AM.


#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:11:54 PM

Posted 23 December 2014 - 06:34 PM

:welcome:

 

Sorry for the delay, lets run a couple of tools that will show us more than DDS will

 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  •  
  • Right click the aswMBR icon and select Run as Administrator
  • XP users just Double Click it to run
  • If it says that this computer supports VIRTUALIZATION TECHNOLOGY do you want to use it say Yes
  • Click the Scan button to start scan.
  • Select Quickscan on the dropdown list
  • If you are asked to update the Avast Virus database please allow it to do so.
  • The scan could take 20 minutes or more , please be patient and let it finish
  • It will say Scan Finished when its done.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything
 
============================================================================
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check
*List BCD
*Drivers MD5
*Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 

 


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#5 Geogbuff

Geogbuff
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 24 December 2014 - 10:02 PM

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-24 21:30:34
-----------------------------
21:30:34.703    OS Version: Windows 5.1.2600 Service Pack 3
21:30:34.703    Number of processors: 2 586 0x409
21:30:34.703    ComputerName: TRENT  UserName: Tre
21:31:34.125    Initialize success
21:31:37.562    VM: initialized successfully
21:31:37.718    VM: Intel CPU virtualization not supported 
21:49:04.953    AVAST engine defs: 14122401
21:58:55.843    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16
21:58:55.875    Disk 0 Vendor: ST3200826A 3.03 Size: 190782MB BusType: 3
21:58:56.875    Disk 0 MBR read successfully
21:58:56.906    Disk 0 MBR scan
21:58:57.093    Disk 0 unknown MBR code
21:58:57.125    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       186277 MB offset 9221310
21:58:57.265    Disk 0 unknown boot code
21:58:57.406    Disk 0 Partition 2 00     0B        FAT32 RECOVERY     4502 MB offset 63
21:58:57.718    Disk 0 statistics 287/0/0 @ 0.20 MB/s
21:58:57.781    Scan finished successfully
22:00:19.406    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tre\My Documents\MBR.dat"
22:00:19.578    The log file has been saved successfully to "C:\Documents and Settings\Tre\My Documents\aswMBR.txt"
 
___________________________________________________________________
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-12-2014
Ran by Tre (administrator) on TRENT on 24-12-2014 22:32:13
Running from C:\Documents and Settings\Tre\My Documents\Downloads
Loaded Profile: Tre (Available profiles: Owner & Tre & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgfws.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Fun4Trent\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Fun4Trent\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBK370backup.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Malwarebytes Corporation) C:\Program Files\Fun4Trent\mbam.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk Live\PDWebWmi.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 2300 Series\ezprint.exe
(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
( ) C:\WINDOWS\system32\lxcgcoms.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Google Inc.) C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [lxcgmon.exe] => C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [200704 2005-07-21] (Lexmark International, Inc.)
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 2300 Series\ezprint.exe [94208 2005-08-01] (Lexmark International Inc.)
HKLM\...\Run: [LXCGCATS] => rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16                                                                                                                         (the data entry has 59 more characters).
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-14] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [Reminder] => C:\WINDOWS\Creator\Remind_XP.exe [966656 2005-02-25] (SoftThinks)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-03-01] (RealNetworks, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [15797248 2005-12-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Run: [DW7] => "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Run: [Messenger (Yahoo!)] => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Run: [Google Update] => C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Run: [ProPCCleaner] => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe true
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Run: [ihecewib] => "C:\Documents and Settings\Tre\Local Settings\Application Data\bcfomhsk.exe"
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\RunOnce: [SWHelper] => C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe [53248 2010-08-25] ()
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Royal Sands Casino.lnk
ShortcutTarget: Royal Sands Casino.lnk -> C:\Program Files\Royal Sands Casino\casino.exe (No File)
ShellIconOverlayIdentifiers: [MOBK370] -> {bff4e73d-267c-bcf4-4da5-d1acf704e06f} => C:\Program Files\McAfee Online Backup\MOBK370shell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3702] -> {79f9dbf4-54df-187d-6044-a5a7749063fc} => C:\Program Files\McAfee Online Backup\MOBK370shell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3703] -> {967bbfb6-5c39-7f69-f270-ff9bb7956f30} => C:\Program Files\McAfee Online Backup\MOBK370shell.dll (McAfee, Inc.)
BootExecute: PDBoot.exeautocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8074
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5062E
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} -  No File
SearchScopes: HKLM -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 -> {362269bd-c93c-460f-9255-3bd667eb7f0a} URL = 
SearchScopes: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = 
SearchScopes: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 -> {E06F1D74-4C02-41ED-9FFA-E2C9FAB54E54} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 -> No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} http://www.riverbelle.com/download_helper/Nyoko.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} http://simcity.ea.com/play/classic/SimCityX.cab
DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} http://chat.yahoo.com/cab/yvwrctl.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/controls/msnchat45.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Tre\Application Data\Mozilla\Firefox\Profiles\pg6c1h6a.default-1393101600734
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/npracplug;version=1.0.0.0 -> C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3550008426-1246109893-1517987788-1008: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3550008426-1246109893-1517987788-1008: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Shopop Widget - C:\Documents and Settings\Tre\Application Data\Mozilla\Firefox\Profiles\pg6c1h6a.default-1393101600734\Extensions\{0a1b923c-19f5-0e97-e99a-707f48578297} [2014-11-22]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} [2014-11-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG10\Firefox
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox [2010-11-06]
FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF Extension: AVG Security Toolbar - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2012-03-31]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-03]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-02-13]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-01]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-02-13]
FF Extension: No Name - {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-27]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-02-13]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S4 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [517448 2010-10-06] ()
R2 avgfws; C:\Program Files\AVG\AVG10\avgfws.exe [3210176 2010-09-10] (AVG Technologies CZ, s.r.o.)
S4 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6104656 2010-10-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [265400 2010-09-10] (AVG Technologies CZ, s.r.o.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [352248 2012-08-03] (Verizon) [File not signed]
S2 iWonIEService; C:\Program Files\iWonIE\bar\1.bin\idbarsvc.exe [28766 2011-02-24] (iWon) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-26] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
R3 lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [491520 2005-07-25] ( )
R2 MBAMScheduler; C:\Program Files\Fun4Trent\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Fun4Trent\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
U2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MOBK370backup; C:\Program Files\McAfee Online Backup\MOBK370backup.exe [216888 2010-11-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation)
R2 PDWebWmi; C:\Program Files\Raxco\PerfectDisk Live\PDWebWmi.exe [210448 2005-07-20] (Raxco Software, Inc.)
S3 PDWEngine; C:\Program Files\Raxco\PerfectDisk Live\PDWEngine.exe [591376 2005-07-20] (Raxco Software, Inc.)
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2006-02-16] (New Boundary Technologies, Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30432 2010-07-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30432 2010-07-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [249424 2010-09-07] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [34384 2010-09-07] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [9072 2012-07-11] (Sonic Solutions)
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [9200 2012-07-11] (Sonic Solutions)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R2 Defrag32; C:\WINDOWS\system32\Drivers\Defrag32.sys [61920 2005-06-28] (Raxco Software, Inc.)
R0 Defrag32b; C:\WINDOWS\system32\Drivers\Defrag32b.sys [61920 2005-06-28] (Raxco Software, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1033600 2005-03-17] (Conexant Systems, Inc.)
S3 JL2005C; C:\WINDOWS\System32\Drivers\jl2005c.sys [69098 2009-05-25] (Windows ® 2000 DDK provider) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-24] (Malwarebytes Corporation)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [66296 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.)
R1 MOBK370Filter; C:\WINDOWS\System32\DRIVERS\MOBK370.sys [54776 2010-11-29] (Mozy, Inc.)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [70144 2004-04-13] (Realtek Semiconductor Corporation                           )
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 AVGIDSDriver; system32\DRIVERS\AVGIDSDriver.Sys [X]
S4 AVGIDSEH; system32\DRIVERS\AVGIDSEH.Sys [X]
S4 AVGIDSFilter; system32\DRIVERS\AVGIDSFilter.Sys [X]
S4 AVGIDSShim; system32\DRIVERS\AVGIDSShim.Sys [X]
S0 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]
S4 Avgtdix; system32\DRIVERS\avgtdix.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 F-Secure Standalone Minifilter; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [X]
U0 mfewfpk; No ImagePath
S0 nkflkhfw; System32\drivers\njxq.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
U3 aswMBR; \??\C:\DOCUME~1\Tre\LOCALS~1\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\DOCUME~1\Tre\LOCALS~1\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-24 22:07 - 2014-12-24 22:33 - 00000000 ____D () C:\FRST
2014-12-24 22:00 - 2014-12-24 22:00 - 00001313 _____ () C:\Documents and Settings\Tre\My Documents\aswMBR.txt
2014-12-24 22:00 - 2014-12-24 22:00 - 00000512 _____ () C:\Documents and Settings\Tre\My Documents\MBR.dat
2014-12-21 05:09 - 2014-12-21 05:10 - 00286378 _____ () C:\avenger.txt
2014-12-21 05:09 - 2014-12-21 05:09 - 00000000 ____D () C:\Avenger
2014-12-20 14:46 - 2014-12-20 14:46 - 00000000 __SHD () C:\found.003
2014-12-17 11:01 - 2014-12-17 11:01 - 00000000 __SHD () C:\found.002
2014-12-16 08:09 - 2014-12-16 08:09 - 00000664 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\d3d9caps.tmp
2014-12-09 02:01 - 2014-12-09 02:01 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-12-09 02:01 - 2014-12-09 02:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-12-09 02:00 - 2014-12-09 02:01 - 00000000 ____D () C:\Program Files\iTunes
2014-12-09 02:00 - 2014-12-09 02:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-09 02:00 - 2014-12-09 02:00 - 00000000 ____D () C:\Program Files\iPod
2014-11-29 14:35 - 2014-11-29 14:35 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-29 14:30 - 2014-11-29 14:30 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2014-11-29 14:30 - 2014-11-29 14:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-11-29 14:29 - 2014-11-29 14:30 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-29 14:22 - 2014-11-29 14:22 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-29 14:19 - 2014-11-29 14:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-24 22:40 - 2012-05-13 16:47 - 00000000 ____D () C:\Documents and Settings\Tre\Local Settings\temp
2014-12-24 22:40 - 2010-06-24 09:29 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{074A025A-C5E4-4E06-BC59-FC3E671B395E}.job
2014-12-24 22:00 - 2012-07-06 08:13 - 00000340 _____ () C:\WINDOWS\Tasks\CandyUpdater.job
2014-12-24 21:55 - 2004-08-26 13:02 - 01540258 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-24 21:52 - 2010-04-04 14:00 - 00000970 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3550008426-1246109893-1517987788-1008UA.job
2014-12-24 21:42 - 2010-04-30 09:30 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-24 21:41 - 2012-11-10 18:07 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-24 21:24 - 2014-11-20 15:36 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-24 21:21 - 2014-02-13 04:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-12-24 21:11 - 2014-02-13 04:26 - 00000000 __RSD () C:\Documents and Settings\Tre\My Documents\McAfee Vaults
2014-12-24 21:06 - 2012-02-13 00:04 - 00054421 _____ () C:\lxcg.log
2014-12-24 21:00 - 2006-02-16 07:44 - 00000000 ____D () C:\WINDOWS\system32\Lang
2014-12-24 20:59 - 2012-02-12 08:41 - 00323576 _____ () C:\lxcgscan.log
2014-12-24 20:58 - 2004-08-26 05:58 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-12-24 20:58 - 2004-08-26 05:58 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-24 20:57 - 2014-11-14 11:45 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0002a55ff289a.job
2014-12-24 20:57 - 2014-10-25 23:43 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cff0d77418983c.job
2014-12-24 20:57 - 2014-03-16 17:27 - 00000296 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job
2014-12-24 20:57 - 2014-03-16 17:23 - 00000300 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job
2014-12-24 20:57 - 2014-03-16 17:15 - 00000274 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job
2014-12-24 20:57 - 2014-03-02 14:04 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job
2014-12-24 20:57 - 2011-01-02 17:23 - 00000270 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1013.job
2014-12-24 20:57 - 2010-12-25 10:39 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job
2014-12-24 20:57 - 2010-12-24 04:25 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job
2014-12-24 20:57 - 2010-04-30 09:30 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-24 20:55 - 2004-08-26 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-23 17:46 - 2004-08-26 13:08 - 00032506 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-23 17:45 - 2014-11-20 13:49 - 00000296 _____ () C:\WINDOWS\Tasks\ProPCCleaner_Popup.job
2014-12-23 17:30 - 2012-05-13 16:47 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\temp
2014-12-23 16:56 - 2014-11-14 16:51 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3550008426-1246109893-1517987788-1008Core1d000552cfff91c.job
2014-12-23 16:56 - 2014-10-25 18:51 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3550008426-1246109893-1517987788-1008Core1cff0aea4259b5c.job
2014-12-23 16:45 - 2014-02-13 04:20 - 00000000 __RSD () C:\Documents and Settings\Owner\My Documents\McAfee Vaults
2014-12-23 01:50 - 2009-12-20 23:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-12-23 00:46 - 2004-08-26 05:45 - 00000000 ____D () C:\WINDOWS\Help
2014-12-22 23:35 - 2004-08-26 11:12 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-21 05:07 - 2006-09-03 13:22 - 00000278 ___SH () C:\Documents and Settings\Tre\ntuser.ini
2014-12-21 05:04 - 2009-09-30 01:46 - 00000000 __HDC () C:\WINDOWS\ie8
2014-12-21 04:56 - 2012-08-17 17:13 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-12-17 22:30 - 2012-07-10 08:57 - 00000664 _____ () C:\Documents and Settings\Tre\Local Settings\Application Data\d3d9caps.dat
2014-12-17 11:10 - 2010-12-15 07:40 - 00000000 ____D () C:\Program Files\McAfee
2014-12-16 21:12 - 2004-08-26 13:09 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-12-16 19:56 - 2010-04-04 14:00 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3550008426-1246109893-1517987788-1008Core.job
2014-12-16 08:42 - 2014-03-05 08:07 - 00000664 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\d3d9caps.dat
2014-12-16 07:55 - 2006-05-17 16:53 - 00000000 ____D () C:\Program Files\Lx_cats
2014-12-15 02:18 - 2014-02-02 08:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-12-15 00:37 - 2014-11-20 15:34 - 00000665 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-15 00:37 - 2014-11-20 15:34 - 00000000 ____D () C:\Program Files\Fun4Trent
2014-12-15 00:37 - 2014-11-20 15:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Fun4Trent
2014-12-14 19:41 - 2010-11-11 23:09 - 00322462 _____ () C:\WINDOWS\wmsetup.log
2014-12-14 17:26 - 2011-01-02 17:23 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1013.job
2014-12-14 14:33 - 2010-11-11 19:29 - 00693591 _____ () C:\WINDOWS\setupapi.log
2014-12-13 15:56 - 2014-02-02 08:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 15:39 - 2006-05-19 09:40 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-13 12:08 - 2014-03-08 23:09 - 00002268 _____ () C:\Documents and Settings\Tre\Desktop\Google Chrome.lnk
2014-12-13 12:00 - 2010-02-14 04:17 - 00000000 ____D () C:\Documents and Settings\Tre\Application Data\Apple Computer
2014-12-09 16:24 - 2012-10-26 18:18 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-12-09 16:24 - 2012-06-08 10:24 - 00014848 _____ () C:\Documents and Settings\Owner\My Documents\AsstManager.wps
2014-12-09 16:24 - 2006-08-22 10:32 - 00032990 _____ () C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2014-12-09 02:00 - 2010-12-04 15:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-09 01:59 - 2014-03-08 14:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-12-09 01:53 - 2006-02-16 07:10 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-12-08 21:05 - 2010-12-24 04:25 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job
2014-12-08 10:46 - 2010-12-25 10:39 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job
2014-12-06 15:49 - 2014-11-10 11:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-06 15:49 - 2014-01-26 21:09 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-06 15:49 - 2014-01-26 21:09 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-12-06 15:49 - 2014-01-26 21:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-06 15:46 - 2014-04-26 19:30 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-12-06 15:46 - 2007-04-20 11:34 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-12-06 13:04 - 2014-03-16 18:13 - 00001750 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2014-12-06 13:02 - 2014-03-25 21:23 - 00002199 _____ () C:\Documents and Settings\Tre\Desktop\QuickTime Player.lnk
2014-12-04 21:40 - 2014-03-02 14:04 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job
2014-11-29 14:38 - 2014-05-01 23:54 - 00012937 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-11-29 14:38 - 2014-04-19 19:32 - 00018479 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-11-29 14:34 - 2007-01-19 16:25 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-29 14:32 - 2012-05-07 07:13 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-29 14:32 - 2011-05-15 11:28 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-29 14:19 - 2006-02-16 07:17 - 00000000 ____D () C:\Program Files\Java
2014-11-29 11:49 - 2010-11-19 07:25 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-29 11:49 - 2006-09-03 13:22 - 00000000 ____D () C:\Documents and Settings\Tre
2014-11-29 11:49 - 2004-08-26 13:09 - 00000000 ____D () C:\Documents and Settings\Owner
2014-11-29 11:49 - 2004-08-26 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-29 11:49 - 2004-08-26 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-11-29 11:49 - 2004-08-26 13:01 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-29 11:39 - 2012-05-13 16:47 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
 
Files to move or delete:
====================
C:\Documents and Settings\Owner\GoToAssist_chat2way__317_en.exe
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite12396.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite14652.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite27111.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite28625.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite48809.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite53478.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite61369.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite62985.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite64975.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite82250.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite95361.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite99710.dll
C:\Documents and Settings\Tre\Local Settings\temp\APNSetup.exe
C:\Documents and Settings\Tre\Local Settings\temp\bcicabebjbjf.exe
C:\Documents and Settings\Tre\Local Settings\temp\fixutil.exe
C:\Documents and Settings\Tre\Local Settings\temp\GUR1.exe
C:\Documents and Settings\Tre\Local Settings\temp\lowproc.exe
C:\Documents and Settings\Tre\Local Settings\temp\stubhelper.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite11995.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite18009.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite21040.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite31408.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite31887.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite33460.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite36516.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite40033.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite44225.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite46257.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite49148.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite50124.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite54354.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite56950.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite59670.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite76613.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite81683.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite83021.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite83584.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite96699.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite99123.dll
C:\Documents and Settings\Tre\Local Settings\temp\vcredist_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
 

Edited by Geogbuff, 24 December 2014 - 10:59 PM.


#6 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:11:54 PM

Posted 25 December 2014 - 06:51 AM

Goos Morning,

 

When you ran FRST you did not post the Additions log, I need to see that also but hold off on it for a bit, lets do some other things first

 

Download MiniToolBox and save it to your desktop,  right click on it and select RUN AS ADMINISTRATOR
 
Checkmark the following boxes:
  •  
  • Flush DNS 
  • Reset IE Proxy Settings 
 
 
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
 
 
 
=================================================================================
 
 

-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
 
===============================================================================
 
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  •  
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
 
===============================================================================
 
Download Malwarebytes' Anti-Malware  to your desktop. 
 
  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
 
 
MBAM203_zps0a230260.jpg
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished click on VIEW DETAILED LOG
  • When it opens click on COPY TO CLIPBOARD
  • Then paste the log back into this thread for review
  • Exit Malwarebytes
 

 


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#7 Geogbuff

Geogbuff
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 25 December 2014 - 05:53 PM

MiniToolBox by Farbar  Version: 30-11-2014Ran by Tre (administrator) on 25-12-2014 at 11:04:45Running from "C:\Documents and Settings\Tre\My Documents\Downloads"Microsoft Windows XP Home Edition Service Pack 3 (X86)Boot Mode: Normal***************************************************************************
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
 
Successfully flushed the DNS Resolver Cache.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
**** End of log ****


#8 Geogbuff

Geogbuff
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 25 December 2014 - 05:56 PM

# AdwCleaner v4.106 - Report created 25/12/2014 at 11:30:38
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Tre - TRENT
# Running from : C:\Documents and Settings\Tre\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : AVG Security Toolbar Service
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Free Ride Games
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ytd video downloader
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\ytd video downloader
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Celebrity Toolbar
Folder Deleted : C:\Program Files\LPT
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\YouTube Downloader Toolbar
Folder Deleted : C:\Program Files\YTD Toolbar
Folder Deleted : C:\Program Files\AVG\AVG10\Toolbar
Folder Deleted : C:\Program Files\Common Files\Viewpoint
Folder Deleted : C:\DOCUME~1\Tre\LOCALS~1\Temp\apn
Folder Deleted : C:\DOCUME~1\Tre\LOCALS~1\Temp\Smartbar
Folder Deleted : C:\DOCUME~1\Tre\LOCALS~1\Temp\snipsmart
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\apn
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\visi_coupon
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Ask.com
Folder Deleted : C:\Documents and Settings\Owner\Application Data\iWin
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Owner\Application Data\verizontb
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Owner\Start Menu\Programs\Free Ride Games
Folder Deleted : C:\Documents and Settings\Tre\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Tre\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Tre\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\Tre\Local Settings\Application Data\Slick Savings
Folder Deleted : C:\Documents and Settings\Tre\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Tre\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Tre\Application Data\toolbar2
Folder Deleted : C:\Documents and Settings\Tre\Application Data\Viewpoint
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : ProPCCleaner_Popup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1320680
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F8D96645-337C-419B-8792-B6C126145811}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-4300-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8D96645-337C-419B-8792-B6C126145811}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-4300-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8D96645-337C-419B-8792-B6C126145811}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-4300-76A7-7A786E7484D7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{27CE306B-9ECF-439D-8F44-71E344D5CE1F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{362269bd-c93c-460f-9255-3bd667eb7f0a}
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Viewpoint
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\PlaySushi
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\iWon
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v
 
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=HySvBWtDi.LHlTyZ1CQXcA&url=hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=sb&searchfor={searchTerms}&n=77ce7e8d
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=HySvBWtDi.LHlTyZ1CQXcA&url=hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=sb&searchfor={searchTerms}&n=77ce7e8d
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=ct1320680
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=ct1320680
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=PSI&o=15116&locale=en_US&apn_uid=11413326-1b40-4e9a-8e44-1d15ab88f479&apn_ptnrs=L6&apn_sauid=BC18847E-8DF2-425F-9514-A8B2E0E4FD6A&apn_dtid=YYYYYYYYUS&q={searchTerms}
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=PSI&o=15116&locale=en_US&apn_uid=11413326-1b40-4e9a-8e44-1d15ab88f479&apn_ptnrs=L6&apn_sauid=BC18847E-8DF2-425F-9514-A8B2E0E4FD6A&apn_dtid=YYYYYYYYUS&q={searchTerms}
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=6&gct=sb&qsrc=2869
[C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.nydailynews.com/search-results/search-results-7.113?q={searchTerms}&selecturl=site
[C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [15750 octets] - [25/12/2014 11:14:54]
AdwCleaner[S0].txt - [14965 octets] - [25/12/2014 11:30:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15026 octets] ##########


#9 Geogbuff

Geogbuff
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 25 December 2014 - 05:59 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/25/2014
Scan Time: 12:53:17 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.25.10
Rootkit Database: v2014.12.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Tre
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 445757
Time Elapsed: 3 hr, 38 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
PUM.Bad.Proxy, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8074, , [ec22481fa1db21156641a0271de645bb]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Kovter, c:\documents and settings\tre\local settings\temp\fixutil.exe, , [67a7d0970e6e1a1ca2ea8c70b64bea16], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 Geogbuff

Geogbuff
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 25 December 2014 - 06:13 PM

A log from the Junkware Removal Tool did not open after I downloaded and ran it.

 

I tried to post the Additions log from FRST but I had difficulty doing so, but I'm going to try again.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-12-2014

Ran by Tre at 2014-12-24 22:41:18
Running from C:\Documents and Settings\Tre\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1153 - AVG Technologies)
AVG 2011 (Version: 10.0.1153 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.424 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cake Mania 3 (Version: 3.6.1.4 - Sandlot) Hidden
CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Coby Media Manager (HKLM\...\{6EC0BE33-4BDF-419B-AFC3-40E06BCEA536}) (Version: 1.0.2623 - Coby)
DVD Solution (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version:  - )
Encyclopaedia Britannica CD Installer (HKLM\...\Encyclopaedia Britannica CD Installer) (Version: 2006.0.0.0 - Encyclopaedia Britannica, Inc.)
ESSBrwr (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Google Chrome (HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
Hoyle Casino 2006 (remove only) (HKLM\...\HCS10DL) (Version:  - )
Hoyle Friday Night Poker (HKLM\...\{A17FD8C6-1AC2-46E7-AD0A-70C602C3504D}) (Version: 2.0.0.0 - Encore, Inc.)
Hoyle Kids Games 2 (HKLM\...\{6E2061C5-D96D-4358-9657-CDC4A5C8F191}) (Version: 1.0.0.0 - Encore, Inc.)
IHA_MessageCenter (HKLM\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
InterActual Player (HKLM\...\InterActual Player) (Version:  - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
Lexmark 2300 Series (HKLM\...\Lexmark 2300 Series) (Version:  - )
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Online Backup (Version:  - McAfee, Inc.) Hidden
McAfee Online Backup (Version: 1.16.6.1 - McAfee, Inc.) Hidden
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
McAfee Total Protection (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Digital Image Starter Edition 2006 (HKLM\...\PictureItSuiteTrial_v11) (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) 

Edited by Geogbuff, 25 December 2014 - 06:14 PM.


#11 Geogbuff

Geogbuff
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 25 December 2014 - 06:17 PM

(Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 Trial (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
MostFun.com Games - Cake Mania 3 (remove only) (HKLM\...\MostFun.com Games - Cake Mania 3) (Version: 3.6.1.4 - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Move Networks Player - IE) (Version:  - )
Move Networks Player for Internet Explorer (HKLM\...\Move Networks Player_is1) (Version:  - Move Networks)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
Napster (HKLM\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 3.0.3.7 - Napster)
Napster Burn Engine (Version: 2.5.0000 - Roxio) Hidden
netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
OfotoXMI (Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden
PerfectDisk Live (HKLM\...\{318EA6FA-B534-4C9D-945D-DCE9C14AC947}) (Version: 7.00.047 - RAXCO)
Power2Go 4.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - CyberLink Corporation)
PreVisor Simulation Player 2.0e Update (HKLM\...\{78006003-D0E7-4031-A89B-C9833B59E6D0}) (Version: 1.00.0000 - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.02 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Software Suite Gateway (HKLM\...\{15377C3E-9655-400F-B441-E69F0A6BEAFE}) (Version: 1.00.0000 - Gateway)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
SFR (Version: 7.01.0000.0003 - Eastman Kodak Company) Hidden
SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Shopop (HKLM\...\{84A3EF68-78BA-4D9B-80B3-0B9F70FC3CA9}) (Version: 11.119.68.19926 - My Pop Shop Ltd.) <==== ATTENTION
SimCity 4 Deluxe (HKLM\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
skin0001 (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1) (Version:  - )
staticcr (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Apprentice 2 - Los Angeles (remove only) (HKLM\...\The Apprentice 2 - Los Angeles) (Version: 3.3.9.11 - )
The Apprentice 2 - Los Angeles (Version: 3.3.9.11 - Yahoo) Hidden
The Sims™ 2 Double Deluxe (HKLM\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version:  - Electronic Arts)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vivitar Experience Image Manager (HKLM\...\Vivitar Experience Image Manager) (Version:  - )
VPRINTOL (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Web CEO 6.5 (HKLM\...\WebCEO55_is1) (Version: 6.5 - Web CEO Ltd.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WIRELESS (Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden
YTD Toolbar v8.7 (HKLM\...\{A91FB65F-4C84-4693-8FE1-71FE9D3169D9}) (Version: 8.7 - Spigot, Inc.) <==== ATTENTION
YTD Video Downloader 4.8.7 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.7 - GreenTree Applications SRL) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{013F891C-58A8-42F1-BA17-A3954DDED562}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{073258F7-8BC6-4a64-A4E7-919E4D32DC63}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXACWMA.dll (Roxio, Inc.)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{12897008-A82D-4267-92A3-04D22450D565}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXAudioCodec.dll (Roxio, Inc.)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{1C6E0E46-4E5F-492D-B946-44291B931361}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{2000AA1D-2E7C-4EBA-9893-DAE4EF5E1FE5}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{403BD5FD-724C-4D96-86ED-B9E3A2ACBD8E}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{616A7D2A-A222-4083-8FF2-363141AFBC56}\InprocServer32 -> C:\WINDOWS\system32\CDDBUIRoxio.dll (Gracenote)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll No (the data entry has 5 more characters).


#12 Geogbuff

Geogbuff
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 25 December 2014 - 06:18 PM

CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{8917825A-AFBC-40C1-BC8A-CD0DC7F7A6E2}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{A0A0888B-8977-45b5-B884-57CC3A164650}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXACMP3CTD.dll (Roxio, Inc.)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{AF7C0A6A-3D7C-46DC-AF54-BF1E1C2DDD50}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{C955DD8E-0167-440B-BE27-DAC0A2E03233}\InprocServer32 -> C:\WINDOWS\system32\CDDBUIRoxio.dll (Gracenote)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{D07DC324-55D5-4DBE-8A41-1F2E13E8D933}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{D48915E5-268D-4C2A-9146-EE042C6A7CCE}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{D806C170-3B96-4A54-AD9F-B546E3C21408}\InprocServer32 -> C:\WINDOWS\system32\CDDBUIRoxio.dll (Gracenote)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{DF525519-639E-47AF-9576-330DF39B29FE}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\Tre\Application Data\Move Networks\ie_bin\qsp2ie07051001.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\Tre\Application Data\Move Networks\ie_bin\qsp2ie07051001.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{FB07A580-07A7-46EE-82A1-EDE5C3AEEC68}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008_Classes\CLSID\{FF866659-937C-4EFF-9416-BD79B72C7BA1}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
 
==================== Restore Points  =========================
 
28-10-2014 13:39:27 System Checkpoint
02-11-2014 11:42:42 System Checkpoint
05-11-2014 02:42:31 Software Distribution Service 3.0
08-11-2014 11:42:17 System Checkpoint
14-11-2014 22:51:06 Software Distribution Service 3.0
19-11-2014 13:33:43 System Checkpoint
20-11-2014 14:32:41 Revo Uninstaller's restore point - Search Protect
20-11-2014 14:36:26 Revo Uninstaller's restore point - Search Protect
20-11-2014 14:36:43 Revo Uninstaller's restore point - “RocketTab”
20-11-2014 14:47:00 Revo Uninstaller's restore point - Pro PC Cleaner
20-11-2014 14:47:51 Removed Pro PC Cleaner
20-11-2014 14:56:40 Revo Uninstaller's restore point - Slick Savings
24-11-2014 20:23:12 System Checkpoint
29-11-2014 11:47:55 Restore Operation
29-11-2014 14:17:11 McAfee Vulnerability Scanner
29-11-2014 14:36:25 Software Distribution Service 3.0
01-12-2014 11:45:28 System Checkpoint
06-12-2014 15:31:16 McAfee Vulnerability Scanner
08-12-2014 10:50:34 System Checkpoint
11-12-2014 02:15:40 System Checkpoint
13-12-2014 12:49:59 System Checkpoint
13-12-2014 15:39:25 Software Distribution Service 3.0
15-12-2014 19:05:31 Software Distribution Service 3.0
17-12-2014 10:16:31 Software Distribution Service 3.0
20-12-2014 23:52:08 System Checkpoint
23-12-2014 01:36:57 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-02-01 01:13 - 2012-05-13 16:41 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\ARO 2012.job => C:\Program Files\ARO 2012\ARO.exe
Task: C:\WINDOWS\Tasks\CandyUpdater.job => C:\Documents and Settings\Owner\Local Settings\Application Data\ArcadeCandy\candyUpdater.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cff0d77418983c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0002a55ff289a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3550008426-1246109893-1517987788-1008Core.job => C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3550008426-1246109893-1517987788-1008Core1cff0aea4259b5c.job => C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3550008426-1246109893-1517987788-1008Core1d000552cfff91c.job => C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3550008426-1246109893-1517987788-1008UA.job => C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\ProPCCleaner_Popup.job => C:\Program Files\Pro PC Cleaner\Splash.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1013.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1013.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerResumeInstall_Tre.job => C:\Documents and Settings\Tre\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{074A025A-C5E4-4E06-BC59-FC3E671B395E}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2006-05-17 16:59 - 2005-07-12 08:33 - 00032768 _____ () C:\WINDOWS\system32\LXPRMON.DLL
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-01-10 17:15 - 2009-01-10 17:15 - 00159744 _____ () C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
2009-01-10 17:14 - 2009-01-10 17:14 - 00023552 _____ () C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
2010-11-29 02:23 - 2010-11-29 02:23 - 00074552 _____ () C:\Program Files\McAfee Online Backup\librs2.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2006-05-17 16:58 - 2005-06-13 15:04 - 00192512 _____ () C:\Program Files\Lexmark 2300 Series\iptk.dll
2004-08-26 11:11 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-26 11:12 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-12-13 12:05 - 2014-12-05 20:50 - 09009480 _____ () C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 12:04 - 2014-12-05 20:50 - 01677128 _____ () C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3550008426-1246109893-1517987788-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-3550008426-1246109893-1517987788-1006 - Limited - Enabled)
Guest (S-1-5-21-3550008426-1246109893-1517987788-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-3550008426-1246109893-1517987788-1005 - Limited - Disabled)
Owner (S-1-5-21-3550008426-1246109893-1517987788-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-3550008426-1246109893-1517987788-1002 - Limited - Disabled)
Tre (S-1-5-21-3550008426-1246109893-1517987788-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Tre
 
==================== Faulty Device Manager Devices =============
 
Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/24/2014 10:26:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst (1).exe, version 24.12.2014.0, faulting module frst (1).exe, version 24.12.2014.0, fault address 0x0001f09e.
Processing media-specific event for [frst (1).exe!ws!]
 
Error: (12/24/2014 10:18:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 24.12.2014.0, faulting module frst.exe, version 24.12.2014.0, fault address 0x0001f3d9.
Processing media-specific event for [frst.exe!ws!]
 
Error: (12/24/2014 09:02:56 PM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers.  Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.
 
Error: (12/24/2014 06:42:02 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007041d.
 
Error: (12/24/2014 06:40:27 AM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers.  Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.
 
Error: (12/23/2014 04:34:57 PM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers.  Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.
 
Error: (12/23/2014 11:20:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application lxcgmon.exe, version 2.6.62.20, faulting module lxcgmon.exe, version 2.6.62.20, fault address 0x0000a5c4.
Processing media-specific event for [lxcgmon.exe!ws!]
 
Error: (12/23/2014 11:11:19 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007041d.
 
Error: (12/23/2014 11:07:50 AM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers.  Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.
 
Error: (12/23/2014 01:40:28 AM) (Source: MsiInstaller) (EventID: 11705) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional 2007 -- Error 1705.A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
 
 
System errors:
=============
Error: (12/24/2014 09:10:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Scanner service failed to start due to the following error: 
%%1053
 
Error: (12/24/2014 09:10:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the McAfee Scanner service to connect.
 
Error: (12/24/2014 09:10:27 PM) (Source: DCOM) (EventID: 10005) (User: TRENT)
Description: DCOM got error "%%1053" attempting to start the service MCODS with arguments ""
in order to run the server:
{C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
 
Error: (12/24/2014 09:08:52 PM) (Source: DCOM) (EventID: 10010) (User: TRENT)
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.
 
Error: (12/24/2014 09:06:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (12/24/2014 09:05:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Boot Delay Start Service service hung on starting.
 
Error: (12/24/2014 09:00:45 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVG WatchDog service terminated with service-specific error 3758198275 (0xE0018E03).
 
Error: (12/24/2014 09:00:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bonjour Service service failed to start due to the following error: 
%%1053
 
Error: (12/24/2014 09:00:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Bonjour Service service to connect.
 
Error: (12/24/2014 06:57:39 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {C13F71BC-CC67-40A4-BEF2-1CBF44BD2A6D} did not register with DCOM within the required timeout.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® 4 CPU 3.06GHz
Percentage of memory in use: 56%
Total physical RAM: 1918.38 MB
Available physical RAM: 836.21 MB
Total Pagefile: 3810.21 MB
Available Pagefile: 2712.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.36 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:181.91 GB) (Free:47.36 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:4.39 GB) (Free:2.72 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 50535052)
Partition 1: (Active) - (Size=181.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.4 GB) - (Type=0B)
 
==================== End Of Log ============================
 

Edited by Geogbuff, 25 December 2014 - 06:20 PM.


#13 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:11:54 PM

Posted 25 December 2014 - 09:32 PM

Look at the picture of FRST , just follow what is checked and what is not checkmarked , run a new scan with FRST and post both the new FRST log and the Additions log

 

FRST_zps5d956a1a.jpg


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#14 Geogbuff

Geogbuff
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 26 December 2014 - 12:08 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-12-2014
Ran by Tre (administrator) on TRENT on 25-12-2014 23:17:44
Running from C:\Documents and Settings\Tre\My Documents\Downloads
Loaded Profile: Tre (Available profiles: Owner & Tre & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgfws.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Fun4Trent\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Fun4Trent\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBK370backup.exe
(Malwarebytes Corporation) C:\Program Files\Fun4Trent\mbam.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 2300 Series\ezprint.exe
(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Google Inc.) C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
( ) C:\WINDOWS\system32\lxcgcoms.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Google Inc.) C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [lxcgmon.exe] => C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [200704 2005-07-21] (Lexmark International, Inc.)
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 2300 Series\ezprint.exe [94208 2005-08-01] (Lexmark International Inc.)
HKLM\...\Run: [LXCGCATS] => rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16                                                                                                                         (the data entry has 59 more characters).
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-14] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [Reminder] => C:\WINDOWS\Creator\Remind_XP.exe [966656 2005-02-25] (SoftThinks)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-03-01] (RealNetworks, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [15797248 2005-12-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Run: [DW7] => "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Run: [Messenger (Yahoo!)] => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Run: [Google Update] => C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Run: [ProPCCleaner] => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe true
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Run: [ihecewib] => "C:\Documents and Settings\Tre\Local Settings\Application Data\bcfomhsk.exe"
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\RunOnce: [SWHelper] => C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe [53248 2010-08-25] ()
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Royal Sands Casino.lnk
ShortcutTarget: Royal Sands Casino.lnk -> C:\Program Files\Royal Sands Casino\casino.exe (No File)
ShellIconOverlayIdentifiers: [MOBK370] -> {bff4e73d-267c-bcf4-4da5-d1acf704e06f} => C:\Program Files\McAfee Online Backup\MOBK370shell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3702] -> {79f9dbf4-54df-187d-6044-a5a7749063fc} => C:\Program Files\McAfee Online Backup\MOBK370shell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3703] -> {967bbfb6-5c39-7f69-f270-ff9bb7956f30} => C:\Program Files\McAfee Online Backup\MOBK370shell.dll (McAfee, Inc.)
BootExecute: PDBoot.exeautocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8074
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5062E
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 -> {362269bd-c93c-460f-9255-3bd667eb7f0a} URL = 
SearchScopes: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = 
SearchScopes: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 -> {E06F1D74-4C02-41ED-9FFA-E2C9FAB54E54} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-3550008426-1246109893-1517987788-1008 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} http://www.riverbelle.com/download_helper/Nyoko.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} http://simcity.ea.com/play/classic/SimCityX.cab
DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} http://chat.yahoo.com/cab/yvwrctl.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/controls/msnchat45.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Tre\Application Data\Mozilla\Firefox\Profiles\pg6c1h6a.default-1393101600734
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/npracplug;version=1.0.0.0 -> C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3550008426-1246109893-1517987788-1008: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3550008426-1246109893-1517987788-1008: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Shopop Widget - C:\Documents and Settings\Tre\Application Data\Mozilla\Firefox\Profiles\pg6c1h6a.default-1393101600734\Extensions\{0a1b923c-19f5-0e97-e99a-707f48578297} [2014-11-22]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} [2014-11-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG10\Firefox
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox [2010-11-06]
FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-03]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-02-13]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-01]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-02-13]
FF Extension: No Name - {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-27]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Tre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-02-13]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
R2 avgfws; C:\Program Files\AVG\AVG10\avgfws.exe [3210176 2010-09-10] (AVG Technologies CZ, s.r.o.)
S4 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6104656 2010-10-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [265400 2010-09-10] (AVG Technologies CZ, s.r.o.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [352248 2012-08-03] (Verizon) [File not signed]
S2 iWonIEService; C:\Program Files\iWonIE\bar\1.bin\idbarsvc.exe [28766 2011-02-24] (iWon) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-26] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
R3 lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [491520 2005-07-25] ( )
R2 MBAMScheduler; C:\Program Files\Fun4Trent\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Fun4Trent\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
U2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MOBK370backup; C:\Program Files\McAfee Online Backup\MOBK370backup.exe [216888 2010-11-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation)
S2 PDWebWmi; C:\Program Files\Raxco\PerfectDisk Live\PDWebWmi.exe [210448 2005-07-20] (Raxco Software, Inc.)
S3 PDWEngine; C:\Program Files\Raxco\PerfectDisk Live\PDWEngine.exe [591376 2005-07-20] (Raxco Software, Inc.)
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2006-02-16] (New Boundary Technologies, Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30432 2010-07-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30432 2010-07-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [249424 2010-09-07] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [34384 2010-09-07] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [9072 2012-07-11] (Sonic Solutions)
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [9200 2012-07-11] (Sonic Solutions)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R2 Defrag32; C:\WINDOWS\system32\Drivers\Defrag32.sys [61920 2005-06-28] (Raxco Software, Inc.)
R0 Defrag32b; C:\WINDOWS\system32\Drivers\Defrag32b.sys [61920 2005-06-28] (Raxco Software, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1033600 2005-03-17] (Conexant Systems, Inc.)
S3 JL2005C; C:\WINDOWS\System32\Drivers\jl2005c.sys [69098 2009-05-25] (Windows ® 2000 DDK provider) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-25] (Malwarebytes Corporation)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [66296 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.)
R1 MOBK370Filter; C:\WINDOWS\System32\DRIVERS\MOBK370.sys [54776 2010-11-29] (Mozy, Inc.)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [70144 2004-04-13] (Realtek Semiconductor Corporation                           )
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 AVGIDSDriver; system32\DRIVERS\AVGIDSDriver.Sys [X]
S4 AVGIDSEH; system32\DRIVERS\AVGIDSEH.Sys [X]
S4 AVGIDSFilter; system32\DRIVERS\AVGIDSFilter.Sys [X]
S4 AVGIDSShim; system32\DRIVERS\AVGIDSShim.Sys [X]
S0 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]
S4 Avgtdix; system32\DRIVERS\avgtdix.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 F-Secure Standalone Minifilter; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [X]
U0 mfewfpk; No ImagePath
S0 nkflkhfw; System32\drivers\njxq.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-25 12:32 - 2014-12-25 12:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-25 11:14 - 2014-12-25 11:34 - 00000000 ____D () C:\AdwCleaner
2014-12-24 22:07 - 2014-12-25 23:21 - 00000000 ____D () C:\FRST
2014-12-24 22:00 - 2014-12-24 22:00 - 00001313 _____ () C:\Documents and Settings\Tre\My Documents\aswMBR.txt
2014-12-24 22:00 - 2014-12-24 22:00 - 00000512 _____ () C:\Documents and Settings\Tre\My Documents\MBR.dat
2014-12-21 05:09 - 2014-12-21 05:10 - 00286378 _____ () C:\avenger.txt
2014-12-21 05:09 - 2014-12-21 05:09 - 00000000 ____D () C:\Avenger
2014-12-20 14:46 - 2014-12-20 14:46 - 00000000 __SHD () C:\found.003
2014-12-17 11:01 - 2014-12-17 11:01 - 00000000 __SHD () C:\found.002
2014-12-16 08:09 - 2014-12-16 08:09 - 00000664 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\d3d9caps.tmp
2014-12-09 02:01 - 2014-12-09 02:01 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-12-09 02:01 - 2014-12-09 02:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-12-09 02:00 - 2014-12-09 02:01 - 00000000 ____D () C:\Program Files\iTunes
2014-12-09 02:00 - 2014-12-09 02:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-09 02:00 - 2014-12-09 02:00 - 00000000 ____D () C:\Program Files\iPod
2014-11-29 14:35 - 2014-11-29 14:35 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-29 14:30 - 2014-11-29 14:30 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2014-11-29 14:30 - 2014-11-29 14:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-11-29 14:29 - 2014-11-29 14:30 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-29 14:22 - 2014-11-29 14:22 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-29 14:19 - 2014-11-29 14:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-25 23:37 - 2012-05-13 16:47 - 00000000 ____D () C:\Documents and Settings\Tre\Local Settings\temp
2014-12-25 23:35 - 2010-06-24 09:29 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{074A025A-C5E4-4E06-BC59-FC3E671B395E}.job
2014-12-25 23:29 - 2012-08-17 17:13 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-12-25 23:23 - 2014-11-20 15:36 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-25 23:21 - 2004-08-26 13:02 - 01574118 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-25 22:57 - 2010-04-04 14:00 - 00000970 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3550008426-1246109893-1517987788-1008UA.job
2014-12-25 22:55 - 2014-02-13 04:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-12-25 22:46 - 2010-04-30 09:30 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-25 22:43 - 2014-02-13 04:26 - 00000000 __RSD () C:\Documents and Settings\Tre\My Documents\McAfee Vaults
2014-12-25 22:41 - 2012-11-10 18:07 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-25 22:35 - 2012-02-13 00:04 - 00054655 _____ () C:\lxcg.log
2014-12-25 22:31 - 2004-08-26 05:58 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-25 22:30 - 2012-02-12 08:41 - 00324029 _____ () C:\lxcgscan.log
2014-12-25 22:30 - 2006-02-16 07:44 - 00000000 ____D () C:\WINDOWS\system32\Lang
2014-12-25 22:30 - 2004-08-26 05:58 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-25 22:28 - 2014-11-14 11:45 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0002a55ff289a.job
2014-12-25 22:28 - 2014-10-25 23:43 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cff0d77418983c.job
2014-12-25 22:28 - 2014-03-16 17:27 - 00000296 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job
2014-12-25 22:28 - 2014-03-16 17:23 - 00000300 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job
2014-12-25 22:28 - 2014-03-16 17:15 - 00000274 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job
2014-12-25 22:28 - 2014-03-02 14:04 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job
2014-12-25 22:28 - 2011-01-02 17:23 - 00000270 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1013.job
2014-12-25 22:28 - 2010-12-25 10:39 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job
2014-12-25 22:28 - 2010-12-24 04:25 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job
2014-12-25 22:28 - 2010-04-30 09:30 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-25 22:26 - 2004-08-26 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-25 18:21 - 2012-10-26 18:18 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-12-25 18:07 - 2006-09-29 22:34 - 00017354 _____ () C:\Documents and Settings\Tre\Application Data\wklnhst.dat
2014-12-25 16:56 - 2014-11-14 16:51 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3550008426-1246109893-1517987788-1008Core1d000552cfff91c.job
2014-12-25 16:56 - 2014-10-25 18:51 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3550008426-1246109893-1517987788-1008Core1cff0aea4259b5c.job
2014-12-25 16:00 - 2012-07-06 08:13 - 00000340 _____ () C:\WINDOWS\Tasks\CandyUpdater.job
2014-12-25 13:41 - 2004-08-26 13:08 - 00032594 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-25 13:27 - 2014-03-16 17:27 - 00000304 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job
2014-12-25 13:27 - 2014-03-16 17:15 - 00000282 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job
2014-12-25 11:40 - 2006-09-03 13:22 - 00000278 ___SH () C:\Documents and Settings\Tre\ntuser.ini
2014-12-25 09:56 - 2004-08-26 11:12 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-24 23:39 - 2010-11-11 23:09 - 00322865 _____ () C:\WINDOWS\wmsetup.log
2014-12-23 17:30 - 2012-05-13 16:47 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\temp
2014-12-23 16:45 - 2014-02-13 04:20 - 00000000 __RSD () C:\Documents and Settings\Owner\My Documents\McAfee Vaults
2014-12-23 01:50 - 2009-12-20 23:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-12-23 00:46 - 2004-08-26 05:45 - 00000000 ____D () C:\WINDOWS\Help
2014-12-21 05:04 - 2009-09-30 01:46 - 00000000 __HDC () C:\WINDOWS\ie8
2014-12-17 22:30 - 2012-07-10 08:57 - 00000664 _____ () C:\Documents and Settings\Tre\Local Settings\Application Data\d3d9caps.dat
2014-12-17 11:10 - 2010-12-15 07:40 - 00000000 ____D () C:\Program Files\McAfee
2014-12-16 21:12 - 2004-08-26 13:09 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-12-16 19:56 - 2010-04-04 14:00 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3550008426-1246109893-1517987788-1008Core.job
2014-12-16 08:42 - 2014-03-05 08:07 - 00000664 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\d3d9caps.dat
2014-12-16 07:55 - 2006-05-17 16:53 - 00000000 ____D () C:\Program Files\Lx_cats
2014-12-15 02:18 - 2014-02-02 08:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-12-15 00:37 - 2014-11-20 15:34 - 00000665 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-15 00:37 - 2014-11-20 15:34 - 00000000 ____D () C:\Program Files\Fun4Trent
2014-12-15 00:37 - 2014-11-20 15:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Fun4Trent
2014-12-14 17:26 - 2011-01-02 17:23 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1013.job
2014-12-14 14:33 - 2010-11-11 19:29 - 00693591 _____ () C:\WINDOWS\setupapi.log
2014-12-13 15:56 - 2014-02-02 08:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 15:39 - 2006-05-19 09:40 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-13 12:08 - 2014-03-08 23:09 - 00002268 _____ () C:\Documents and Settings\Tre\Desktop\Google Chrome.lnk
2014-12-13 12:00 - 2010-02-14 04:17 - 00000000 ____D () C:\Documents and Settings\Tre\Application Data\Apple Computer
2014-12-09 16:24 - 2012-06-08 10:24 - 00014848 _____ () C:\Documents and Settings\Owner\My Documents\AsstManager.wps
2014-12-09 16:24 - 2006-08-22 10:32 - 00032990 _____ () C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2014-12-09 02:00 - 2010-12-04 15:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-09 01:59 - 2014-03-08 14:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-12-09 01:53 - 2006-02-16 07:10 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-12-08 21:05 - 2010-12-24 04:25 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1008.job
2014-12-08 10:46 - 2010-12-25 10:39 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job
2014-12-06 15:49 - 2014-11-10 11:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-06 15:49 - 2014-01-26 21:09 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-06 15:49 - 2014-01-26 21:09 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-12-06 15:49 - 2014-01-26 21:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-06 15:46 - 2014-04-26 19:30 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-12-06 15:46 - 2007-04-20 11:34 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-12-06 13:04 - 2014-03-16 18:13 - 00001750 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2014-12-06 13:02 - 2014-03-25 21:23 - 00002199 _____ () C:\Documents and Settings\Tre\Desktop\QuickTime Player.lnk
2014-12-04 21:40 - 2014-03-02 14:04 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3550008426-1246109893-1517987788-1003.job
2014-11-29 14:38 - 2014-05-01 23:54 - 00012937 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-11-29 14:38 - 2014-04-19 19:32 - 00018479 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-11-29 14:34 - 2007-01-19 16:25 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-29 14:32 - 2012-05-07 07:13 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-29 14:32 - 2011-05-15 11:28 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-29 14:19 - 2006-02-16 07:17 - 00000000 ____D () C:\Program Files\Java
2014-11-29 11:49 - 2010-11-19 07:25 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-29 11:49 - 2006-09-03 13:22 - 00000000 ____D () C:\Documents and Settings\Tre
2014-11-29 11:49 - 2004-08-26 13:09 - 00000000 ____D () C:\Documents and Settings\Owner
2014-11-29 11:49 - 2004-08-26 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-29 11:49 - 2004-08-26 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-11-29 11:49 - 2004-08-26 13:01 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-29 11:39 - 2012-05-13 16:47 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
 
Files to move or delete:
====================
C:\Documents and Settings\Owner\GoToAssist_chat2way__317_en.exe
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite12396.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite14652.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite27111.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite28625.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite48809.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite53478.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite61369.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite62985.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite64975.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite82250.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite95361.dll
C:\Documents and Settings\Owner\Local Settings\temp\System.Data.SQLite99710.dll
C:\Documents and Settings\Tre\Local Settings\temp\APNSetup.exe
C:\Documents and Settings\Tre\Local Settings\temp\bcicabebjbjf.exe
C:\Documents and Settings\Tre\Local Settings\temp\GUR1.exe
C:\Documents and Settings\Tre\Local Settings\temp\lowproc.exe
C:\Documents and Settings\Tre\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Tre\Local Settings\temp\sqlite3.dll
C:\Documents and Settings\Tre\Local Settings\temp\stubhelper.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite11995.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite18009.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite21040.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite31408.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite31887.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite33460.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite36516.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite40033.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite44225.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite46257.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite49148.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite50124.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite54354.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite56950.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite59670.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite76613.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite81683.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite83021.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite83584.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite96699.dll
C:\Documents and Settings\Tre\Local Settings\temp\System.Data.SQLite99123.dll
C:\Documents and Settings\Tre\Local Settings\temp\vcredist_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#15 Geogbuff

Geogbuff
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 26 December 2014 - 12:37 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-12-2014
Ran by Tre at 2014-12-25 23:37:38
Running from C:\Documents and Settings\Tre\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1153 - AVG Technologies)
AVG 2011 (Version: 10.0.1153 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.424 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cake Mania 3 (Version: 3.6.1.4 - Sandlot) Hidden
CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Coby Media Manager (HKLM\...\{6EC0BE33-4BDF-419B-AFC3-40E06BCEA536}) (Version: 1.0.2623 - Coby)
DVD Solution (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version:  - )
Encyclopaedia Britannica CD Installer (HKLM\...\Encyclopaedia Britannica CD Installer) (Version: 2006.0.0.0 - Encyclopaedia Britannica, Inc.)
ESSBrwr (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Google Chrome (HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
Hoyle Casino 2006 (remove only) (HKLM\...\HCS10DL) (Version:  - )
Hoyle Friday Night Poker (HKLM\...\{A17FD8C6-1AC2-46E7-AD0A-70C602C3504D}) (Version: 2.0.0.0 - Encore, Inc.)
Hoyle Kids Games 2 (HKLM\...\{6E2061C5-D96D-4358-9657-CDC4A5C8F191}) (Version: 1.0.0.0 - Encore, Inc.)
IHA_MessageCenter (HKLM\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
InterActual Player (HKLM\...\InterActual Player) (Version:  - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
Lexmark 2300 Series (HKLM\...\Lexmark 2300 Series) (Version:  - )
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Online Backup (Version:  - McAfee, Inc.) Hidden
McAfee Online Backup (Version: 1.16.6.1 - McAfee, Inc.) Hidden
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
McAfee Total Protection (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Digital Image Starter Edition 2006 (HKLM\...\PictureItSuiteTrial_v11) (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 Trial (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
MostFun.com Games - Cake Mania 3 (remove only) (HKLM\...\MostFun.com Games - Cake Mania 3) (Version: 3.6.1.4 - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-3550008426-1246109893-1517987788-1008\...\Move Networks Player - IE) (Version:  - )
Move Networks Player for Internet Explorer (HKLM\...\Move Networks Player_is1) (Version:  - Move Networks)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
Napster (HKLM\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 3.0.3.7 - Napster)
Napster Burn Engine (Version: 2.5.0000 - Roxio) Hidden
netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
OfotoXMI (Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden
PerfectDisk Live (HKLM\...\{318EA6FA-B534-4C9D-945D-DCE9C14AC947}) (Version: 7.00.047 - RAXCO)
Power2Go 4.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - CyberLink Corporation)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users