Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying to help elderly friend that clicks on EVERYTHING


  • Please log in to reply
5 replies to this topic

#1 Den.

Den.

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 12 May 2015 - 08:50 PM

XP machine, running IE. I am trying to talk my friend through the procedures to diagnose his computer problems by phone and I will be posting for him.

 

I have a non-computer-savvy friend that clicks on every pop-up that claims to be able to improve his computer, drivers, registry etc. And now his computer has slowed to a crawl. I had him run FRST and then prepare the FRST and ADDITION logs for posting and then had him download AdwCleaner. When I left the phone for a few minutes he decided to run AdwCleaner, saw some results then clicked on "cleaning". I will include that log also.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by Owner (administrator) on S0027234486 on 10-05-2015 10:44:01
Running from C:\Documents and Settings\Owner\Desktop\PRINT SCREEN
Loaded Profiles: Owner (Available profiles: Owner & Admin & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\WINNT\system32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\csrss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(brother Industries Ltd) C:\WINNT\system32\brsvc01a.exe
(brother Industries Ltd) C:\WINNT\system32\brss01a.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\alg.exe
(Microsoft Corporation) C:\WINNT\system32\cisvc.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
(Microsoft Corporation) C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
(Microsoft Corporation) C:\WINNT\system32\tcpsvcs.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\dllhost.exe
(Microsoft Corporation) C:\WINNT\system32\vssvc.exe
(Microsoft Corporation) C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\WINNT\system32\dllhost.exe
(Microsoft Corporation) C:\WINNT\system32\msdtc.exe
(Microsoft Corporation) C:\WINNT\explorer.exe
(Realtek Semiconductor Corp.) C:\WINNT\SOUNDMAN.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
(Silitek Corporation) C:\WINNT\system32\SK9910DM.EXE
(Microsoft Corporation) C:\WINNT\system32\ctfmon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\WINNT\system32\cidaemon.exe
 

==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HotKeysCmds] => C:\WINNT\System32\hkcmd.exe [114688 2003-07-10] (Intel Corporation)
HKLM\...\Run: [SoundMan] => C:\WINNT\SOUNDMAN.EXE [65024 2004-02-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-23] (Avast Software s.r.o.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2004-09-13] (Hewlett-Packard Company)
HKLM\...\Run: [Hot Key Kbd 9910 Daemon] => C:\WINNT\system32\SK9910DM.EXE [66048 2001-01-03] (Silitek Corporation)
HKLM\...\Run: [IgfxTray] => C:\WINNT\System32\igfxtray.exe [155648 2003-07-10] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\WINNT\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] C:\WINNT\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll [2013-10-07] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINNT\System32\dimsntfy.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINNT\system32\igfxsrvc.dll [2003-07-10] (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2014-03-24] (Logitech, Inc.)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\WgaLogon: C:\WINNT\system32\WgaLogon.dll [2007-03-15] (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\System32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\System32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1079118523-426764551-501881172-1003\...\Run: [ctfmon.exe] => C:\WINNT\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1079118523-426764551-501881172-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-07-17] (Google Inc.)
HKU\S-1-5-21-1079118523-426764551-501881172-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1079118523-426764551-501881172-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\system32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SWHelper] => C:\WINNT\system32\Macromed\Shockwave 8\PostUpdate.exe [53248 2010-06-22] ()
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINNT\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINNT\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\system32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk [2010-08-23]
ShortcutTarget: Device Detector 3.lnk -> C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Directrec Configuration Tool.lnk [2010-08-23]
ShortcutTarget: Directrec Configuration Tool.lnk -> C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe (OLYMPUS IMAGING CORP.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-19]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-04-06]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\default\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2013-05-06]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
HKLM\...\AppCertDlls: [x86] -> c:\program files\settings manager\systemk\sysapcrt.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-23] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1079118523-426764551-501881172-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:13081;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1079118523-426764551-501881172-1003\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-1079118523-426764551-501881172-1003\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-1079118523-426764551-501881172-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-1079118523-426764551-501881172-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://go.speedbit.com/tab/?s=ECTbDAPSO" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=ECTaCNET&q={searchTerms}
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=ECTaCNET&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1079118523-426764551-501881172-1003 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1079118523-426764551-501881172-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12791&tm=360&src=ds&p={searchTerms}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-24] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-02-28] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-24] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation)
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25] (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKU\S-1-5-21-1079118523-426764551-501881172-1003 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-1079118523-426764551-501881172-1003 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1079118523-426764551-501881172-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} http://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab
DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} hcp://system/RunExeActiveX.CAB
DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} http://digitalflip.net/fvlite/fvliteY.cab
DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINNT\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Winsock: Catalog5 01 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINNT\system32\winrnr.dll [16896 2004-08-04] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINNT\system32\rsvpsp.dll [92672 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINNT\system32\rsvpsp.dll [92672 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 16 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 17 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 18 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 19 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 20 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 21 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 22 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 23 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 24 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 25 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 26 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 27 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 28 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 29 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 30 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 31 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 32 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 33 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 34 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 35 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 36 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 37 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 38 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 39 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 40 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 41 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 42 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 43 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 44 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 45 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Winsock: Catalog9 46 C:\WINNT\system32\mswsock.dll [245248 2004-08-04] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gg1mfxqq.default
FF SelectedSearchEngine: default-search.net
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINNT\system32\npDeployJava1.dll [2013-08-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-08-24] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll No File
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll No File
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1079118523-426764551-501881172-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Owner\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-02-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-1079118523-426764551-501881172-1003: tdameritrade.com/thinkorswim -> C:\Program Files\thinkTDA\npthinkorswim.dll [2013-09-08] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1079118523-426764551-501881172-1003: tdameritrade.com/tossc -> C:\Program Files\thinkTDA\nptossc.dll [2013-09-08] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Extension: Settings Manager - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gg1mfxqq.default\Extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E} [2014-05-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-15]
 
Chrome:
=======
CHR HomePage: Default -> hxxp://go.speedbit.com/?pid=s
CHR StartupUrls: Default -> "hxxp://go.speedbit.com/?pid=s"
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-31]
CHR Extension: (Google Drive) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-31]
CHR Extension: (YouTube) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-31]
CHR Extension: (No Name) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi [2014-06-27]
CHR Extension: (Google Search) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-31]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-14]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-14]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-01]
CHR Extension: (Gmail) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-31]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6to4; C:\WINNT\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S4 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
R2 ALG; C:\WINNT\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
S3 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-23] (Avast Software s.r.o.)
R3 BITS; C:\WINNT\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
R2 Brother XP spl Service; C:\WINNT\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd)
R2 Browser; C:\WINNT\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation)
R2 cisvc; C:\WINNT\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
S2 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
R2 CryptSvc; C:\WINNT\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)
R2 DM1Service; C:\Program Files\Olympus\DeviceDetector\DM1Service.exe [73728 2007-06-11] (OLYMPUS IMAGING CORP.) [File not signed]
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINNT\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
S3 Dot3svc; C:\WINNT\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation)
S3 EapHost; C:\WINNT\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation)
R2 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
R2 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 FontCache3.0.0.0; c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 HidServ; C:\WINNT\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation)
R2 hkmsvc; C:\WINNT\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation)
R2 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
S3 idsvc; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINNT\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
S3 Iprip; C:\WINNT\System32\iprip.dll [35328 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-08-24] (Oracle Corporation)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S2 mfevtp; C:\WINNT\system32\mfevtps.exe [179600 2014-04-03] (McAfee, Inc.)
S3 mnmsrvc; C:\WINNT\System32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
R3 MSDTC; C:\WINNT\System32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S3 MSIServer; C:\WINNT\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation)
S3 napagent; C:\WINNT\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation)
S2 NetDDE; C:\WINNT\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S3 Netlogon; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\WINNT\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
R2 PolicyAgent; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 RasAuto; C:\WINNT\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
S4 RDSessMgr; C:\WINNT\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
R2 RemoteAccess; C:\WINNT\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [1755768 2014-04-15] (Speedbit Ltd.)
S4 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
R2 Schedule; C:\WINNT\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)
R2 SENS; C:\WINNT\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 SimpTcp; C:\WINNT\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
R2 srservice; C:\WINNT\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
R2 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)
S2 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
R2 TapiSrv; C:\WINNT\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
R2 TermService; C:\WINNT\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation)
R2 Themes; C:\WINNT\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 TrkWks; C:\WINNT\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
R2 upnphost; C:\WINNT\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation)
S2 UPS; C:\WINNT\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
R2 VSS; C:\WINNT\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINNT\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
R2 WebClient; C:\WINNT\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
R2 WPFFontCache_v0400; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [754856 2013-07-20] (Microsoft Corporation)
R2 wscsvc; C:\WINNT\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)
R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
S3 WudfSvc; C:\WINNT\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation)
S3 xmlprov; C:\WINNT\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
R3 COMSysApp; C:\WINNT\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
R2 SwPrv; C:\WINNT\system32\dllhost.exe /Processid:{6D547C73-6C17-4D56-A2EA-A073AA56BA2A}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ac97intc; C:\WINNT\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation)
S4 ACPIEC; C:\WINNT\system32\Drivers\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation)
R0 adpu160m; C:\WINNT\System32\DRIVERS\adpu160m.sys [101888 2004-08-04] (Microsoft Corporation)
S3 aec; C:\WINNT\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)
R0 agp440; C:\WINNT\System32\DRIVERS\agp440.sys [42368 2008-04-14] (Microsoft Corporation)
R3 ALCXSENS; C:\WINNT\System32\drivers\ALCXSENS.SYS [391424 2003-12-11] (Sensaura Ltd) [File not signed]
R3 ALCXWDM; C:\WINNT\System32\drivers\ALCXWDM.SYS [611441 2004-02-23] (Realtek Semiconductor Corp.) [File not signed]
R2 aswHwid; C:\WINNT\system32\drivers\aswHwid.sys [24144 2015-04-23] ()
R1 aswKbd; C:\WINNT\system32\drivers\aswKbd.sys [26096 2015-04-23] (Avast Software s.r.o.)
R2 aswMonFlt; C:\WINNT\system32\drivers\aswMonFlt.sys [74976 2015-04-23] (Avast Software s.r.o.)
R0 aswNdis; C:\WINNT\System32\DRIVERS\aswNdis.sys [12112 2015-04-23] (ALWIL Software)
R0 aswNdis2; C:\WINNT\system32\Drivers\aswNdis2.sys [253600 2015-04-23] (Avast Software s.r.o.)
R1 aswRdr; C:\WINNT\system32\drivers\aswRdr.sys [55200 2015-04-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINNT\system32\Drivers\aswRvrt.sys [49904 2015-04-23] ()
R1 aswSnx; C:\WINNT\system32\drivers\aswSnx.sys [787760 2015-04-23] (Avast Software s.r.o.)
R1 aswSP; C:\WINNT\system32\drivers\aswSP.sys [427992 2015-04-23] (Avast Software s.r.o.)
R1 aswTdi; C:\WINNT\system32\drivers\aswTdi.sys [57888 2015-04-23] (Avast Software s.r.o.)
R0 aswVmm; C:\WINNT\system32\Drivers\aswVmm.sys [209048 2015-04-23] ()
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation)
S3 ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [701440 2004-08-04] (ATI Technologies Inc.)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
S3 BCMModem; C:\WINNT\System32\DRIVERS\BCMDM.sys [871388 2001-08-17] (BCM)
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2004-08-04] (Microsoft Corporation)
R1 BIOS; C:\WINNT\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group) [File not signed]
S3 BrScnUsb; C:\WINNT\System32\Drivers\BrScnUsb.sys [15263 2003-12-19] (Brother Industries Ltd.)
S3 BrSerIf; C:\WINNT\System32\Drivers\BrSerIf.sys [51712 2004-06-12] (Brother Industries Ltd.)
S3 BrUsbSer; C:\WINNT\System32\Drivers\BrUsbSer.sys [11648 2004-01-10] (Brother Industries Ltd.)
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2004-08-04] (Microsoft Corporation)
S3 CCDECODE; C:\WINNT\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation)
R4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINNT\system32\Drivers\Cdr4_xp.sys [57136 2002-02-28] (Roxio) [File not signed]
R1 Cdralw2k; C:\WINNT\system32\Drivers\Cdralw2k.sys [23721 2002-02-28] (Roxio) [File not signed]
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation)
S0 cercsr6; C:\WINNT\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software)
S4 dmio; C:\WINNT\system32\Drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software)
S4 dmload; C:\WINNT\system32\Drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation)
R2 DVDAccss; C:\WINNT\System32\drivers\DVDAccss.sys [29156 2003-11-21] (Apple Computer, Inc.) [File not signed]
S3 E100B; C:\WINNT\System32\DRIVERS\e100b325.sys [139776 2002-02-25] (Intel Corporation)
S3 EL90XBC; C:\WINNT\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
S3 EPUSBSTOR; C:\WINNT\System32\DRIVERS\epusbsto.sys [17976 2001-09-09] (SEIKO EPSON CORPORATION)
R4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation)
R3 Fdc; C:\WINNT\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation)
R3 FET5X86V; C:\WINNT\System32\DRIVERS\fetnd5bv.sys [48128 2011-04-01] (VIA Technologies, Inc.              )
S3 FETND5BV; C:\WINNT\System32\DRIVERS\fetnd5bv.sys [48128 2011-04-01] (VIA Technologies, Inc.              )
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation)
R3 Flpydisk; C:\WINNT\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\drivers\fltmgr.sys [129792 2008-04-14] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2004-08-04] (Microsoft Corporation)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation)
S3 GTWModem; C:\WINNT\System32\DRIVERS\GWMDM.sys [1167936 2002-03-06] (GTW)
R3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation)
S3 HPZid412; C:\WINNT\System32\DRIVERS\HPZid412.sys [49920 2005-10-22] (HP)
S3 HPZipr12; C:\WINNT\System32\DRIVERS\HPZipr12.sys [16496 2005-10-22] (HP)
S3 HPZius12; C:\WINNT\System32\DRIVERS\HPZius12.sys [21744 2004-12-15] (HP)
R3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation)
S3 ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [91419 2003-08-03] (Intel Corporation)
S3 ICDUSB2; C:\WINNT\System32\Drivers\ICDUSB2.sys [39048 2002-11-28] (Sony Corporation)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation)
R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2008-04-14] (Microsoft Corporation)
R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation)
R3 ip6fw; C:\WINNT\System32\drivers\ip6fw.sys [36608 2008-04-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation)
S3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation)
S1 kbdhid; C:\WINNT\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft Corporation)
R3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
R3 L8042Kbd; C:\WINNT\System32\DRIVERS\L8042Kbd.sys [19992 2014-03-18] (Logitech, Inc.)
R2 LBeepKE; C:\WINNT\System32\Drivers\LBeepKE.sys [10136 2014-03-18] (Logitech, Inc.)
R3 LHidFilt; C:\WINNT\System32\DRIVERS\LHidFilt.Sys [43800 2014-03-18] (Logitech, Inc.)
R3 Linksys_adapter_H; C:\WINNT\System32\DRIVERS\AE1200xp.sys [1034240 2011-03-28] (Broadcom Corporation)
S3 lkbdflt2; C:\WINNT\System32\DRIVERS\lkbdflt2.sys [5838 2001-08-07] (Logitech)
R3 LMouFilt; C:\WINNT\System32\DRIVERS\LMouFilt.Sys [37528 2014-03-18] (Logitech, Inc.)
R3 LUsbFilt; C:\WINNT\System32\Drivers\LUsbFilt.Sys [28312 2014-03-18] (Logitech, Inc.)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation)
S3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2008-04-14] (Microsoft Corporation)
S3 MODEMCSA; C:\WINNT\System32\drivers\MODEMCSA.sys [16128 2001-08-17] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2008-04-14] (Microsoft Corporation)
R3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation)
R3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2008-04-14] (Microsoft Corporation)
S3 MSTEE; C:\WINNT\System32\drivers\MSTEE.sys [5504 2008-04-14] (Microsoft Corporation)
R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
S3 NABTSFEC; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINNT\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)
R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2008-04-14] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation)
R3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2008-04-14] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation)
R2 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\system32\Drivers\PCIIde.sys [3328 2004-08-04] (Microsoft Corporation)
S4 Pcmcia; C:\WINNT\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation)
R3 pfc; C:\WINNT\System32\drivers\pfc.sys [14572 2002-02-11] (Padus, Inc.) [File not signed]
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation)
S1 Processor; C:\WINNT\System32\DRIVERS\processr.sys [35840 2008-04-14] (Microsoft Corporation)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.)
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation)
S3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57600 2008-04-14] (Microsoft Corporation)
R3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [31640 2014-04-15] ()
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 Sentinel; C:\WINNT\System32\Drivers\SENTINEL.SYS [90688 2007-04-27] (SafeNet, Inc.)
R3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation)
R1 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft Corporation)
S1 Sfloppy; C:\WINNT\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft Corporation)
S3 Sk99202k; C:\WINNT\System32\DRIVERS\Sk99202k.sys [7552 2000-09-11] (Silitek Corp.)
R1 Sk9920nt; C:\WINNT\System32\DRIVERS\Sk9920nt.sys [6208 2000-09-12] (Silitek Corp.)
S3 SLIP; C:\WINNT\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
S3 smwdm; C:\WINNT\System32\drivers\smwdm.sys [459944 2002-04-04] (Analog Devices, Inc.)
S3 SNTNLUSB; C:\WINNT\System32\DRIVERS\SNTNLUSB.SYS [35328 2007-04-27] (SafeNet, Inc.)
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)
S3 StillCam; C:\WINNT\System32\DRIVERS\serscan.sys [6784 2001-08-17] (Microsoft Corporation)
S3 streamip; C:\WINNT\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2008-04-14] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation)
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation)
R1 Tcpip6; C:\WINNT\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)
S3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
R3 tunmp; C:\WINNT\System32\DRIVERS\tunmp.sys [12288 2008-04-14] (Microsoft Corporation)
R0 uagp35; C:\WINNT\System32\DRIVERS\uagp35.sys [44672 2008-04-14] (Microsoft Corporation)
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation)
R0 ultra; C:\WINNT\System32\DRIVERS\ultra.sys [36736 2004-08-04] (Promise Technology, Inc.)
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation)
S3 usbaudio; C:\WINNT\System32\drivers\usbaudio.sys [60160 2013-07-16] (Microsoft Corporation)
S3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation)
S3 usbprint; C:\WINNT\System32\DRIVERS\usbprint.sys [25856 2008-04-14] (Microsoft Corporation)
S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation)
S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation)
R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation)
S3 usbvideo; C:\WINNT\System32\Drivers\usbvideo.sys [123008 2013-07-16] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation)
R3 viagfx; C:\WINNT\System32\DRIVERS\vtmini.sys [237312 2005-08-24] (Copyright © VIA/S3 Graphics Co, Ltd.)
R0 ViaIde; C:\WINNT\system32\Drivers\ViaIde.sys [5376 2008-04-14] (Microsoft Corporation)
S3 VIAudio; C:\WINNT\System32\drivers\ac97via.sys [84480 2004-08-03] (VIA Technologies, Inc.)
R0 videX32; C:\WINNT\System32\DRIVERS\videX32.sys [9216 2007-03-29] (VIA Technologies, Inc.)
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation)
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation)
R3 Wdf01000; C:\WINNT\System32\Drivers\wdf01000.sys [444136 2009-07-14] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation)
S3 WSTCODEC; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S3 WudfPf; C:\WINNT\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
R0 xfilt; C:\WINNT\System32\DRIVERS\xfilt.sys [11264 2006-02-22] (VIA Technologies,Inc)
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINNT\System32\drivers\ialmsbw.sys [120094 2003-08-03] (Intel Corporation)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}t; C:\WINNT\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys [55224 2014-07-07] (StdLib)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINNT\System32\drivers\ialmkchw.sys [96858 2003-08-03] (Intel Corporation)
S2 ASCTRM; No ImagePath
S3 FETNDIS; system32\DRIVERS\fetnd5.sys [X]
S4 hpt3xx; No ImagePath
S3 PcdrNt; \SystemRoot\System32\drivers\PcdrNt.sys [X]
U5 ScsiPort; C:\WINNT\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 

==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-10 10:40 - 2015-05-10 10:45 - 00000000 ____D () C:\FRST
2015-05-09 21:14 - 2015-05-09 21:14 - 00317152 _____ () C:\WINNT\system32\FNTCACHE.DAT
2015-05-09 21:08 - 2015-05-09 21:11 - 00000000 ____D () C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z..Z.ZZZZ....Z
2015-04-30 00:11 - 2015-04-30 00:11 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\CLINT ESTWOOD
2015-04-28 00:37 - 2015-04-28 00:37 - 00016543 _____ () C:\Documents and Settings\Owner\My Documents\MT. GOAT  # 2 4 27 15   #2 OF 2.txt
2015-04-27 01:23 - 2015-04-27 01:23 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\New Folder (2)
2015-04-27 01:20 - 2015-04-27 01:22 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\HOLISTIC MEDECINE
2015-04-27 01:16 - 2015-04-27 01:17 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\VIETNAM  WAR
2015-04-26 13:15 - 2015-04-26 13:15 - 00723651 _____ () C:\Documents and Settings\Owner\My Documents\Blog Page - Dinar Recaps.mht
2015-04-23 12:32 - 2015-04-23 12:31 - 00291312 _____ (Avast Software s.r.o.) C:\WINNT\system32\aswBoot.exe
2015-04-23 12:32 - 2015-04-23 12:31 - 00026096 _____ (Avast Software s.r.o.) C:\WINNT\system32\Drivers\aswKbd.sys
2015-04-23 12:32 - 2015-04-23 12:30 - 00253600 _____ (Avast Software s.r.o.) C:\WINNT\system32\Drivers\aswNdis2.sys
2015-04-23 12:31 - 2015-04-23 12:31 - 00043112 _____ (Avast Software s.r.o.) C:\WINNT\avastSS.scr
2015-04-23 12:30 - 2015-04-23 12:30 - 00012112 _____ (ALWIL Software) C:\WINNT\system32\Drivers\aswNdis.sys
2015-04-18 23:34 - 2015-04-18 23:34 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\RON PAUL
2015-04-15 09:34 - 2015-04-15 09:34 - 00094229 _____ () C:\Documents and Settings\Owner\My Documents\LIQUITY PART 1    4 14 15.eml
2015-04-15 09:28 - 2015-04-15 09:28 - 01660737 _____ () C:\Documents and Settings\Owner\Desktop\WAR & CHINA.mht
2015-04-14 23:45 - 2015-04-30 15:59 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-04-13 14:49 - 2015-04-13 14:51 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\SOVEREIGN NATION
2015-04-11 20:11 - 2015-05-10 10:12 - 00000950 _____ () C:\WINNT\Tasks\SBW_UpdateTask_Time_323235323335313632322d3437415a556c2a3223346c41.job
2015-04-11 11:46 - 2015-05-10 01:28 - 00174080 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-04-11 10:13 - 2015-04-11 10:14 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\NUTRIENT
2015-04-11 10:00 - 2015-04-11 10:01 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\PLANTS
2015-04-11 01:15 - 2015-04-11 01:15 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Copy of New Folder (13)
2015-04-10 01:48 - 2015-04-10 01:48 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\New Folder (13)
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-10 10:46 - 2011-08-14 12:03 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\temp
2015-05-10 10:46 - 2001-10-09 13:36 - 00000000 ____D () C:\WINNT\Temp
2015-05-10 10:35 - 2014-02-09 21:11 - 00000514 _____ () C:\WINNT\Tasks\G2MUpdateTask-S-1-5-21-1079118523-426764551-501881172-1003.job
2015-05-10 10:28 - 2013-02-18 18:54 - 00000826 ____C () C:\WINNT\Tasks\Adobe Flash Player Updater.job
2015-05-10 10:18 - 2014-12-29 13:17 - 00000778 ____C () C:\WINNT\Tasks\SBWUpdateTask_Time_1c35aeb2-C8D71930DFC6.job
2015-05-10 10:14 - 2015-01-01 15:16 - 01429738 ____C () C:\WINNT\WindowsUpdate.log
2015-05-10 10:12 - 2014-04-06 12:36 - 00000364 ____H () C:\WINNT\Tasks\avast! Emergency Update.job
2015-05-10 10:12 - 2010-01-10 14:48 - 00000882 ____C () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-10 10:12 - 2007-05-10 09:29 - 00012598 ____C () C:\WINNT\system32\wpa.dbl
2015-05-10 10:11 - 2014-12-29 13:17 - 00000778 ____C () C:\WINNT\Tasks\SBWUpdateTask_Logon_1c35aeb2-C8D71930DFC6.job
2015-05-10 10:11 - 2014-03-22 14:42 - 00000218 ____C () C:\WINNT\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-05-10 10:08 - 2014-07-18 04:02 - 00000330 ____H () C:\WINNT\Tasks\MP Scheduled Scan.job
2015-05-10 10:06 - 2001-10-09 13:47 - 00000000 ____D () C:\WINNT\Registration
2015-05-10 10:06 - 2001-10-09 13:36 - 00000000 ____D () C:\WINNT\system32\ias
2015-05-10 10:05 - 2015-01-01 15:16 - 00000159 ____C () C:\WINNT\wiadebug.log
2015-05-10 10:05 - 2015-01-01 15:16 - 00000049 ____C () C:\WINNT\wiaservc.log
2015-05-10 10:05 - 2001-10-09 13:50 - 00000006 ___HC () C:\WINNT\Tasks\SA.DAT
2015-05-10 01:28 - 2014-05-28 14:34 - 00354030 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-05-10 01:28 - 2001-10-09 13:57 - 00000178 __SHC () C:\Documents and Settings\Owner\ntuser.ini
2015-05-10 01:28 - 2001-10-09 13:55 - 00032458 _____ () C:\WINNT\SchedLgU.Txt
2015-05-10 01:05 - 2014-12-29 13:18 - 00000948 ____C () C:\WINNT\Tasks\SBW_UpdateTask_Time_323235323335313632322d5a4a6c414a34572a506c415a.job
2015-05-10 00:56 - 2010-01-10 14:48 - 00000886 ____C () C:\WINNT\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-10 00:30 - 2014-05-31 16:30 - 00000510 ____C () C:\WINNT\Tasks\SUPERAntiSpyware Scheduled Task e238bf15-a2ce-4c8e-97ba-732411878cc4.job
2015-05-10 00:29 - 2013-11-29 17:22 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Bob Mac
2015-05-10 00:23 - 2014-03-05 02:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\BANKS
2015-05-09 21:16 - 2001-10-09 13:36 - 00000000 ____D () C:\WINNT
2015-05-09 21:13 - 2007-05-10 12:36 - 00000178 __SHC () C:\Documents and Settings\default\ntuser.ini
2015-05-09 21:06 - 2001-10-09 13:57 - 00000000 ____D () C:\Documents and Settings\Owner
2015-05-09 15:49 - 2007-05-10 12:36 - 00000000 ____D () C:\Documents and Settings\default\Local Settings\Temp
2015-05-08 11:41 - 2014-11-30 16:26 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\MTN, GOAT
2015-05-08 10:58 - 2015-02-01 15:32 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\DOLLAR --- THE FALL OF_files
2015-05-08 10:57 - 2014-03-03 15:36 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\MONEY-- WHAT TO DO WITH IT
2015-05-08 10:17 - 2013-12-27 19:29 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\MEDICAL
2015-05-08 09:57 - 2014-08-19 10:07 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\DSS_FLDA
2015-05-07 18:48 - 2011-08-14 12:03 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-05-07 14:00 - 2014-12-28 15:22 - 00000378 ____C () C:\WINNT\Tasks\Wise Turbo Checker.job
2015-05-06 02:00 - 2014-05-31 16:30 - 00000510 ____C () C:\WINNT\Tasks\SUPERAntiSpyware Scheduled Task 84952383-aa6a-4359-9940-d6c4ec6c137f.job
2015-05-05 19:14 - 2013-04-06 13:48 - 00002485 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-05-04 11:44 - 2009-10-07 01:11 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\PEACE OF MIND
2015-05-04 11:42 - 2011-07-25 16:58 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\ATTITUDE
2015-05-04 11:42 - 2008-09-11 01:16 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\INTERESTING  THINGS
2015-05-04 05:47 - 2010-02-27 03:31 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\MR PRESIDENT
2015-05-04 05:45 - 2013-12-31 02:53 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\GOVERTMENT
2015-05-03 14:38 - 2002-06-16 11:35 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\RACING NEWS
2015-05-01 00:32 - 2008-11-12 13:36 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\THE FED
2015-04-27 01:19 - 2007-06-02 15:29 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\WATER
2015-04-27 00:52 - 2007-05-27 23:30 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\EYESIGHT
2015-04-27 00:45 - 2008-06-11 00:16 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\GOLD
2015-04-25 13:43 - 2007-05-10 12:36 - 00000000 ____D () C:\Documents and Settings\default
2015-04-23 15:30 - 2013-12-30 16:33 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\NESARA
2015-04-23 12:31 - 2014-06-15 12:59 - 00024144 _____ () C:\WINNT\system32\Drivers\aswHwid.sys
2015-04-23 12:31 - 2014-04-06 12:36 - 00787760 _____ (Avast Software s.r.o.) C:\WINNT\system32\Drivers\aswSnx.sys
2015-04-23 12:31 - 2014-04-06 12:36 - 00427992 _____ (Avast Software s.r.o.) C:\WINNT\system32\Drivers\aswSP.sys
2015-04-23 12:31 - 2014-04-06 12:36 - 00209048 _____ () C:\WINNT\system32\Drivers\aswVmm.sys
2015-04-23 12:31 - 2014-04-06 12:36 - 00074976 _____ (Avast Software s.r.o.) C:\WINNT\system32\Drivers\aswMonFlt.sys
2015-04-23 12:31 - 2014-04-06 12:36 - 00057888 _____ (Avast Software s.r.o.) C:\WINNT\system32\Drivers\aswTdi.sys
2015-04-23 12:31 - 2014-04-06 12:36 - 00055200 _____ (Avast Software s.r.o.) C:\WINNT\system32\Drivers\aswRdr.sys
2015-04-23 12:31 - 2014-04-06 12:36 - 00049904 _____ () C:\WINNT\system32\Drivers\aswRvrt.sys
2015-04-22 02:09 - 2007-08-07 15:39 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\SECURTY
2015-04-21 00:54 - 2001-10-09 13:55 - 00000178 __SHC () C:\Documents and Settings\LocalService\ntuser.ini
2015-04-15 11:38 - 2014-10-21 17:25 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\FINICAL ADVISOR
2015-04-15 10:07 - 2007-11-17 10:33 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\CANCER
2015-04-14 20:27 - 2011-09-27 18:41 - 00000803 ____C () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
2015-04-14 19:05 - 2013-08-15 03:21 - 00000000 ____D () C:\WINNT\system32\MRT
2015-04-14 18:49 - 2005-05-11 00:26 - 125832184 ____C (Microsoft Corporation) C:\WINNT\system32\MRT.exe
2015-04-10 11:22 - 2015-02-19 00:28 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\MONEY
2015-04-10 01:52 - 2010-12-08 01:26 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\asparagus
2015-04-10 01:46 - 2007-04-16 03:18 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\HEALTH FACTS
2015-04-10 01:40 - 2009-09-30 01:31 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\FOOD
 
==================== Files in the root of some directories =======
 
2005-08-28 11:31 - 2005-08-28 11:32 - 2855080 ____C () C:\Program Files\aawsepersonal.exe
2002-09-12 13:14 - 2003-01-14 03:37 - 0000075 ____C () C:\Program Files\Common Files\PATCH.ERR
2014-07-18 22:20 - 2014-07-18 22:21 - 0002756 ____C () C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2014-07-18 22:19 - 2014-07-18 22:19 - 0001105 ____C () C:\Documents and Settings\Owner\Application Data\HPCOM_48BitScanUpdate.log
2004-04-11 11:55 - 2014-01-10 13:09 - 0041984 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-28 16:32 - 2014-05-28 16:32 - 0000128 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
2002-09-18 12:32 - 2002-06-25 19:16 - 0001571 ____C () C:\Documents and Settings\All Users\Date Manager.lnk
 
Files to move or delete:
====================
C:\Documents and Settings\Owner\atwbxdet.dll
 

==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINNT\explorer.exe => File is digitally signed
C:\WINNT\system32\winlogon.exe => File is digitally signed
C:\WINNT\system32\svchost.exe => File is digitally signed
C:\WINNT\system32\services.exe => File is digitally signed
C:\WINNT\system32\User32.dll => File is digitally signed
C:\WINNT\system32\userinit.exe => File is digitally signed
C:\WINNT\system32\rpcss.dll => File is digitally signed
C:\WINNT\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

 

 

# AdwCleaner v4.203 - Logfile created 10/05/2015 at 11:19:56
# Updated 30/04/2015 by Xplode
# Database : 2015-05-09.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Owner - S0027234486
# Running from : C:\Documents and Settings\Owner\Desktop\PRINT SCREEN\adwcleaner_4.203.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : {6fcd6092-9615-4f7f-8898-8df53980e5d2}t
 
***** [ Files / Folders ] *****
 
File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\byy47ooe.default\user.js
File Found : C:\Documents and Settings\default\Application Data\LiveSupport.exe_log.txt
File Found : C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\pdf6nc5i.default\searchplugins\speedbit.xml
File Found : C:\Documents and Settings\default\Application Data\regsvr32.exe_log.txt
File Found : C:\Documents and Settings\default\daemonprocess.txt
File Found : C:\Documents and Settings\default\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_eliteunzip.dl.tb.ask.com_0.localstorage
File Found : C:\Documents and Settings\default\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_cdihkdldaicijakhchgojcokhpamkibi_0
File Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\cdihkdldaicijakhchgojcokhpamkibi
File Found : C:\END
File Found : C:\WINNT\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys
File Found : C:\WINNT\system32\roboot.exe
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\byy47ooe.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\byy47ooe.default\Extensions\ffxtlbr@mysearchdial.com
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Folder Found : C:\Documents and Settings\All Users\Application Data\myturbopc.com
Folder Found : C:\Documents and Settings\default\Application Data\DigitalSites
Folder Found : C:\Documents and Settings\default\Application Data\DriverCure
Folder Found : C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\pdf6nc5i.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Found : C:\Documents and Settings\default\Application Data\myturbopc.com
Folder Found : C:\Documents and Settings\default\Application Data\Settings Manager
Folder Found : C:\Documents and Settings\default\Application Data\Systweak
Folder Found : C:\Documents and Settings\default\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\default\Local Settings\Application Data\genienext
Folder Found : C:\Documents and Settings\default\Local Settings\Application Data\globalUpdate
Folder Found : C:\Documents and Settings\default\Local Settings\Application Data\Mobogenie
Folder Found : C:\Documents and Settings\default\Local Settings\Application Data\SearchProtect
Folder Found : C:\Documents and Settings\default\My Documents\Mobogenie
Folder Found : C:\Documents and Settings\Owner\Application Data\ShopAtHome
Folder Found : C:\Documents and Settings\Owner\Application Data\Systweak
Folder Found : C:\Documents and Settings\Owner\Application Data\Uniblue
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\SearchProtect
Folder Found : C:\Documents and Settings\Owner\My Documents\Save
Folder Found : C:\Program Files\FLVM Player
Folder Found : C:\Program Files\globalUpdate
Folder Found : C:\Program Files\Linkey
Folder Found : C:\Program Files\Settings Manager
Folder Found : C:\Program Files\suprasavings
Folder Found : C:\Program Files\SupraSavings
Folder Found : C:\Program Files\Uniblue
Folder Found : C:\Program Files\webget
 
***** [ Scheduled tasks ] *****
 
Task Found : MyTurboPC.com Update3_triggeronce
 
***** [ Shortcuts ] *****
 

***** [ Registry ] *****
 
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:13081;
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{769A91DA-209F-47FE-88B9-B0321B0982C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D6F486-7230-3139-1997-CB2FBCF4E080}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{769A91DA-209F-47FE-88B9-B0321B0982C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D6F486-7230-3139-1997-CB2FBCF4E080}
Key Found : HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\48A0C3FC-2898-45E4-B2B9-147D27D29D45
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLVM Player
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IminentToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NetCrawl
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean-Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\suprasavings
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\suprasavings
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\MyTurboPC.com
Key Found : HKLM\SOFTWARE\SpeedBit
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Uniblue
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://go.speedbit.com/tab/?s=ECTbDAPSO
 
-\\ Mozilla Firefox v
 
[byy47ooe.default] - Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
[byy47ooe.default] - Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");
[pdf6nc5i.default] - Line Found : user_pref("browser.search.defaultenginename", "Speedbit Search");
[pdf6nc5i.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://go.speedbit.com/search.aspx?s=ECTaCNET&q=");
[pdf6nc5i.default] - Line Found : user_pref("browser.search.order.1", "Speedbit Search");
[pdf6nc5i.default] - Line Found : user_pref("browser.search.selectedEngine", "Speedbit Search");
[pdf6nc5i.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://go.speedbit.com/?s=ECTbDAPSO");
[pdf6nc5i.default] - Line Found : user_pref("browser.startup.homepage_override_url", "hxxp://go.speedbit.com/?s=ECTbDAPSO");
[pdf6nc5i.default] - Line Found : user_pref("keyword.URL", "hxxp://go.speedbit.com/search.aspx?s=ECTaCNET&q=");
[gg1mfxqq.default] - Line Found : user_pref("browser.search.selectedEngine", "default-search.net");
[gg1mfxqq.default] - Line Found : user_pref("browser.search.defaultenginename", "default-search.net");
[gg1mfxqq.default] - Line Found : user_pref("browser.search.order.1", "default-search.net");
 
-\\ Google Chrome v42.0.2311.135
 
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Found [Extension] : pflphaooapbgpeakohlggbpidpppgdff
[C:\Documents and Settings\default\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\default\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\default\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12791&tm=360&src=ds&p={searchTerms}
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : cdihkdldaicijakhchgojcokhpamkibi
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://go.speedbit.com/?pid=s
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : hxxp://go.speedbit.com/?pid=s
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Found [Default_Search_Provider_Data] : hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}",
         "usage_count": 0
      }
   },
   "extensions": {
      "settings": {
         "ahfgeienlihckogmohjhadlkjgocpleb": {
            "active_permissions": {
               "api": [ "management", "system.display", "system.storage", "webstorePrivate", "system.cpu", "system.memory", "system.network" ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "t",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13045988708266125",
            "location": 5,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxps://chrome.google.com/webstore"
                  },
                  "urls": [ "hxxps://chrome.google.com/webstore" ]
               },
               "description": "Chrome Web Store",
               "icons": {
                  "128": "webstore_icon_128.png",
                  "16": "webstore_icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB",
               "name": "Store",
               "permissions": [ "webstorePrivate", "management" ],
               "version": "0.2"
            },
            "page_ordinal": "n",
            "path": "C:\\Program Files\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\web_store",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "aohghmighlieiainnegkcijnfilokake": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "w",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 137,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13073531656846000",
            "lastpingday": "13073468424006625",
            "location": 1,
            "manifest": {
               "api_console_project_id": "619683526622",
               "app": {
                  "launch": {
                     "local_path": "main.html"
                  }
               },
               "container": "GOOGLE_DRIVE",
               "current_locale": "en_US",
               "default_locale": "en_US",
               "description": "Create and edit documents ",
               "icons": {
                  "128": "icon_128.png",
                  "16": "icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB",
               "manifest_version": 2,
               "name": "Google Docs",
               "offline_enabled": true,
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "0.9"
            },
            "page_ordinal": "n",
            "path": "aohghmighlieiainnegkcijnfilokake\\0.9_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "apdfllckaahabafndbhieahigkjlhalf": {
            "ack_external": true,
            "active_permissions": {
               "api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "x",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 137,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13073531754766000",
            "lastpingday": "13073468424006625",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxps://drive.google.com/?usp=chrome_app"
                  },
                  "urls": [ "hxxp://docs.google.com/", "hxxp://drive.google.com/", "hxxps://docs.google.com/", "hxxps://drive.google.com/" ]
               },
               "background": {
                  "allow_js_access": false
               },
               "current_locale": "en_US",
               "default_locale": "en_US",
               "description": "Google Drive: create, share and keep all your stuff in one place.",
               "icons": {
                  "128": "128.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB",
               "manifest_version": 2,
               "name": "Google Drive",
               "offline_enabled": true,
               "options_page": "hxxps://drive.google.com/settings",
               "permissions": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "6.4"
            },
            "page_ordinal": "n",
            "path": "apdfllckaahabafndbhieahigkjlhalf\\6.4_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "bepbmhgboaologfdajaanbcjmnhjmhfn": {
            "disable_reasons": 1,
            "state": 0
         },
         "blpcfgokakmgnkcojhhkbfbldkacnbeo": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "yn",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 153,
            "events": [  ],
            "from_bookmark": true,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13073531635954000",
            "lastpingday": "13073468424006625",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "container": "tab",
                     "web_url": "hxxp://www.youtube.com/?feature=ytca"
                  },
                  "web_content": {
                     "enabled": true,
                     "origin": "hxxp://www.youtube.com"
                  }
               },
               "current_locale": "en_US",
               "default_locale": "en",
               "description": "The world's most popular online video community.",
               "icons": {
                  "128": "128.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB",
               "manifest_version": 2,
               "name": "YouTube",
               "update_url": "hxxp://clients2.google.com/service/update2/crx",
               "version": "4.2.7"
            },
            "page_ordinal": "n",
            "path": "blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "booedmolknjekdopkepjjeckmjkdpfgl": {
            "active_permissions": {
               "api": [ "tabs", "webNavigation", "webRequest", "webRequestBlocking", "webRequestInternal" ],
               "explicit_host": [ "chrome://newtab/*", "chrome://settings-frame/*", "hxxp://*/*", "hxxps://*/*" ],
               "manifest_permissions": [  ],
               "scriptable_host": [ "chrome://settings-frame/*" ]
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13049239568687250",
            "location": 5,
            "manifest": {
               "background": {
                  "persistent": true,
                  "scripts": [ "bk.js" ]
               },
               "content_scripts": [ {
                  "js": [ "cs.js" ],
                  "matches": [ "chrome://settings-frame/*" ]
               } ],
               "content_security_policy": "default-src 'self'; script-src chrome://resources 'self' chrome://settings-frame 'unsafe-eval'; frame-src 'self' chrome://settings-frame; style-src 'self' 'unsafe-inline';object-src 'self';",
               "description": "Extutil",
               "incognito": "spanning",
               "key": "MIAfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+ea9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB",
               "manifest_version": 2,
               "name": "Extutil",
               "permissions": [ "chrome://newtab/", "tabs", "webNavigation", "webRequest", "webRequestBlocking", "hxxp://*/*", "hxxps://*/*", "chrome://settings-frame/" ],
               "version": "0.1"
            },
            "path": "C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "cdihkdldaicijakhchgojcokhpamkibi": {
            "active_permissions": {
               "api": [ "contextMenus", "cookies", "notifications", "storage", "tabs", "unlimitedStorage", "webNavigation", "webRequest", "webRequestBlocking" ],
               "explicit_host": [ "hxxp://*/*", "hxxps://*/*" ],
               "manifest_permissions": [  ],
               "scriptable_host": [ "hxxp://*/*", "hxxps://*/*" ]
            },
            "creation_flags": 9,
            "events": [  ],
            "extension_can_script_all_urls": true,
            "from_webstore": true,
            "granted_permissions": {
               "api": [ "tabs", "cookies", "notifications", "contextMenus", "webNavigation", "webRequest", "webRequestBlocking", "unlimitedStorage", "storage", "webRequestInternal" ],
               "explicit_host": [ "hxxp://*/*", "hxxps://*/*" ],
               "scriptable_host": [ "hxxp://*/*", "hxxps://*/*" ]
            },
            "install_time": "13048574198874875",
            "lastpingday": "13073468451559750",
            "location": 1,
            "manifest": {
               "background": {
                  "page": "background.html"
               },
               "content_scripts": [ {
                  "all_frames": true,
                  "js": [ "js/platformVersion.js", "js/lib/consts.js", "js/lib/logging.js", "js/lib/reports.js", "js/lib/xhr.js", "js/api/cookie.js", "js/api/message.js", "js/api/pageAction.js", "js/lib/installer.js", "js/lib/app_api.js" ],
                  "matches": [ "hxxp://*/*", "hxxps://*/*" ],
                  "run_at": "document_start"
               } ],
               "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
               "description": "Turn YouTube videos to High Definition by default",
               "icons": {
                  "128": "icons/icon128.png",
                  "16": "icons/icon16.png",
                  "48": "icons/icon48.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvpE6DEf5my1F5CRJduj7ZsdH8w4MJC6YMDebBugE16JCYGWKp9T62XJ12oFypjIPNYclBwFTV7e0ydwJ5iBGJfWMRGWMqsNBgSWWVMQw6SYl0SyrdcNYKZw9q3P8uxjsVLRUK325bW+Lk9uQjL2KX2hLQ4LlSAgaOY4wIcyjVtwIDAQAB",
               "manifest_version": 2,
               "name": "CinemaHDplus-V1.8",
               "permissions": [ "hxxp://*/*", "hxxps://*/*", "tabs", "cookies", "notifications", "contextMenus", "webNavigation", "webRequest", "webRequestBlocking", "unlimitedStorage", "storage" ],
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "1.26.34",
               "web_accessible_resources": [ "Settings.json" ]
            },
            "path": "cdihkdldaicijakhchgojcokhpamkibi\\1.26.34_0",
            "state": 1
         },
         "coobgpohoikkiipiblmjeljniedjpjpf": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "z",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 153,
            "events": [  ],
            "from_bookmark": true,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13073531669849000",
            "lastpingday": "13073468424006625",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxp://www.google.com/webhp?source=search_app"
                  },
                  "urls": [ "*://www.google.com/search", "*://www.google.com/webhp", "*://www.google.com/imgres" ]
               },
               "current_locale": "en_US",
               "default_locale": "en",
               "description": "The fastest way to search the web.
 
*************************
 
AdwCleaner[R0].txt - [28759 bytes] - [10/05/2015 11:19:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [28819 bytes] ##########

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:17 PM

Posted 17 May 2015 - 09:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Have him run the AdwCleaner tool selecting the Cleaning button.

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
HKLM\...\AppCertDlls: [x86] -> c:\program files\settings manager\systemk\sysapcrt.dll
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1079118523-426764551-501881172-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:13081;
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://go.speedbit.com/tab/?s=ECTbDAPSO" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=ECTaCNET&q={searchTerms}
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=ECTaCNET&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1079118523-426764551-501881172-1003 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1079118523-426764551-501881172-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12791&tm=360&src=ds&p={searchTerms}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKU\.DEFAULT -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKU\S-1-5-21-1079118523-426764551-501881172-1003 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF SelectedSearchEngine: default-search.net
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll No File
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll No File
FF Extension: Settings Manager - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gg1mfxqq.default\Extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E} [2014-05-26]
CHR HomePage: Default -> hxxp://go.speedbit.com/?pid=s
CHR StartupUrls: Default -> "hxxp://go.speedbit.com/?pid=s"
CHR Extension: (No Name) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi [2014-06-27]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-15]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]
R2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [1755768 2014-04-15] (Speedbit Ltd.)
R3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [31640 2014-04-15] ()
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}t; C:\WINNT\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys [55224 2014-07-07] (StdLib)
S2 ASCTRM; No ImagePath
S3 FETNDIS; system32\DRIVERS\fetnd5.sys [X]
S4 hpt3xx; No ImagePath
S3 PcdrNt; \SystemRoot\System32\drivers\PcdrNt.sys [X]
U3 TlntSvr; No ImagePath
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL; No ImagePath
C:\WINNT\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys
C:\Program Files\Common Files\SpeedBit
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi
Task: C:\WINNT\Tasks\SBWUpdateTask_Logon_1c35aeb2-C8D71930DFC6.job => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe <==== ATTENTION
Task: C:\WINNT\Tasks\SBWUpdateTask_Time_1c35aeb2-C8D71930DFC6.job => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe <==== ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:56E2E879
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
c:\program files\settings manager\systemk

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 Den.

Den.
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 19 May 2015 - 06:07 PM

My friend is having trouble following my instructions over the phone so I am going to have to pay him a visit to his home the next town over. This won't be until this coming Sunday. I will post again Sunday evening. Thanks.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:17 PM

Posted 25 May 2015 - 08:17 AM

Are you still with me?

#5 Den.

Den.
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 25 May 2015 - 01:11 PM

Sorry, I meant to send this post yesterday. During my visit to my elderly friend the next town over, he told me that "a computer expert" a relative of his knows came to his house to work on his computer and that he "changed his settings" to fix his problems. And he told my friend not to let anybody do anything else to his computer. So my friend of forty years has decided to listen to a stranger instead of you and me. I suspect that the next news I hear from my friend is that he has been told that his computer is unfixable and that he is going to have to buy a new one.


Edited by Den., 25 May 2015 - 01:16 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:17 PM

Posted 25 May 2015 - 01:38 PM

Wait and see.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users