Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remove what I think is the restore virus


  • This topic is locked This topic is locked
9 replies to this topic

#1 sbwertz

sbwertz

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 19 July 2015 - 11:26 AM

This is an xp system, and the notifications page is not the same as in the instructions.  I hope I got all the correct items checked.

 

This is a friend's machine, so I don't know all the immediate history of the infection.  It apparently came in on an email.

 

All programs were deleted from start menu.  I booted into safe mode and downloaded and ran unhide, then ran avg from safe mode.  Downloaded rkil.  Rebooted and ran rkill.  After running rkill I ran malwarebytes and the antivirus that was loaded on the machine....360 plus I think.  I tried to load avg 2015 but it wouldn't load.  I deleted the other antivirus, but avg still wouldn't load. 

 

Here is the frst log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2015 01
Ran by Home (administrator) on RIVERS-LAPTOP on 19-07-2015 08:51:25
Running from C:\Documents and Settings\Home\My Documents\Downloads
Loaded Profiles: Home (Available Profiles: Home & Rivers)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
(AVG Secure Search) C:\Program Files\AVG Web TuneUp\avgcefrend.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [98394 2004-11-05] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [688218 2004-11-05] (Synaptics, Inc.)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [282624 2006-02-13] (SigmaTel, Inc.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-11-28] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2005-11-28] (Intel Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [3033112 2015-05-13] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1863664188-4259440161-1125831159-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-05-08]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Professional&Br=GTW&Loc=ENG_US&Sys=PTB&M=M465-E
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Professional&Br=GTW&Loc=ENG_US&Sys=PTB&M=M465-E
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1863664188-4259440161-1125831159-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Professional&Br=GTW&Loc=ENG_US&Sys=PTB&M=M465-E
HKU\S-1-5-21-1863664188-4259440161-1125831159-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={CD28F996-F21B-4875-82CF-D55D1E0B1086}&mid=6d46e24c4dc847d2a43fd15231b1c84e-b5141d3f687eb34d641acf53c2f7620ebf6af39f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-13%2012:39:35&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1863664188-4259440161-1125831159-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1863664188-4259440161-1125831159-1006 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={CD28F996-F21B-4875-82CF-D55D1E0B1086}&mid=6d46e24c4dc847d2a43fd15231b1c84e-b5141d3f687eb34d641acf53c2f7620ebf6af39f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-13 12:39:35&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1863664188-4259440161-1125831159-1006 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={CD28F996-F21B-4875-82CF-D55D1E0B1086}&mid=6d46e24c4dc847d2a43fd15231b1c84e-b5141d3f687eb34d641acf53c2f7620ebf6af39f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-13 12:39:35&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-05-13] (AVG)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> c:\windows\system32\BAE.dll [2006-02-01] (Gateway Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1320975410443
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{3653294C-0B4B-43BF-8440-3E2A947E754D}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\8m6vqx7a.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: https://mysearch.avg.com/?cid={CD28F996-F21B-4875-82CF-D55D1E0B1086}&mid=6d46e24c4dc847d2a43fd15231b1c84e-b5141d3f687eb34d641acf53c2f7620ebf6af39f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-13 12:39:35&v=4.1.0.411&pid=wtu&sg=&sap=hp
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-26] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\8m6vqx7a.default\searchplugins\avg-secure-search.xml [2015-05-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-05-13]
FF Extension: AVG Web TuneUp - C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\8m6vqx7a.default\Extensions\avg@toolbar [2015-05-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-10]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-09]
CHR Extension: (Google Docs) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-09]
CHR Extension: (YouTube) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-09]
CHR Extension: (Google Search) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-09]
CHR Extension: (360 Internet Protection) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2015-03-09]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09]
CHR Extension: (Gmail) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2008-04-13] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation) [File not signed]
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation) [File not signed]
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295 2006-03-14] (Broadcom Corporation.) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-11-01] (Intel Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S3 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation) [File not signed]
S3 HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [81920 2005-05-20] (Hewlett-Packard Company)
S3 HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [73728 2004-10-16] (Hewlett-Packard Company)
S3 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation) [File not signed]
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-26] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-09] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-13] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
S3 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [196608 2011-11-10] (New Boundary Technologies, Inc.) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-11-01] (Intel Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Rpcnet; C:\WINDOWS\system32\rpcnet.exe [78032 2015-04-20] (Absolute Software Corp.)
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1183744 2007-11-01] (Intel Corporation ) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-13] (Microsoft Corporation) [File not signed]
S3 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation) [File not signed]
S3 vToolbarUpdater18.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-05-13] (AVG Secure Search)
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation) [File not signed]
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation) [File not signed]
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-05-13] ()
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) [File not signed]
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ACPIEC; C:\WINDOWS\System32\DRIVERS\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation) [File not signed]
R0 adpu160m; C:\WINDOWS\System32\DRIVERS\adpu160m.sys [101888 2001-08-17] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2011-11-10] (Cisco Systems, Inc.) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
R0 agp440; C:\WINDOWS\System32\DRIVERS\agp440.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
R0 agpCPQ; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [44928 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Aha154x; C:\WINDOWS\System32\DRIVERS\aha154x.sys [12800 2001-08-17] (Microsoft Corporation) [File not signed]
R0 aic78u2; C:\WINDOWS\System32\DRIVERS\aic78u2.sys [55168 2001-08-17] (Microsoft Corporation) [File not signed]
R0 aic78xx; C:\WINDOWS\System32\DRIVERS\aic78xx.sys [56960 2001-08-17] (Microsoft Corporation) [File not signed]
R0 AliIde; C:\WINDOWS\System32\DRIVERS\aliide.sys [5248 2001-08-17] (Acer Laboratories Inc.) [File not signed]
R0 alim1541; C:\WINDOWS\System32\DRIVERS\alim1541.sys [42752 2008-04-13] (Microsoft Corporation) [File not signed]
R0 amdagp; C:\WINDOWS\System32\DRIVERS\amdagp.sys [43008 2008-04-13] (Advanced Micro Devices, Inc.) [File not signed]
R0 amsint; C:\WINDOWS\System32\DRIVERS\amsint.sys [12032 2001-08-17] (Microsoft Corporation) [File not signed]
R3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R0 asc; C:\WINDOWS\System32\DRIVERS\asc.sys [26496 2001-08-17] (Advanced System Products, Inc.) [File not signed]
R0 asc3350p; C:\WINDOWS\System32\DRIVERS\asc3350p.sys [22400 2001-08-17] (Microsoft Corporation) [File not signed]
R0 asc3550; C:\WINDOWS\System32\DRIVERS\asc3550.sys [14848 2001-08-17] (Advanced System Products, Inc.) [File not signed]
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [328237 2006-03-14] (Broadcom Corporation.) [File not signed]
S3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30427 2006-03-14] (Broadcom Corporation.) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [851402 2006-03-14] (Broadcom Corporation.) [File not signed]
R2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [23271 2006-03-14] (Broadcom Corporation.) [File not signed]
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [148900 2006-03-14] (Broadcom Corporation.) [File not signed]
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [45683 2006-03-14] (Broadcom Corporation.) [File not signed]
R0 cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) [File not signed]
R0 cd20xrnt; C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys [7680 2001-08-17] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation) [File not signed]
R0 CmdIde; C:\WINDOWS\System32\DRIVERS\cmdide.sys [6656 2001-08-17] (CMD Technology, Inc.) [File not signed]
R0 Compbatt; C:\WINDOWS\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Cpqarray; C:\WINDOWS\System32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation) [File not signed]
R0 dac2w2k; C:\WINDOWS\System32\DRIVERS\dac2w2k.sys [179584 2001-08-17] (Mylex Corporation) [File not signed]
R0 dac960nt; C:\WINDOWS\System32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
R0 dpti2o; C:\WINDOWS\System32\DRIVERS\dpti2o.sys [20192 2001-08-17] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
R3 e1express; C:\WINDOWS\System32\DRIVERS\e1e5132.sys [179200 2005-09-14] (Intel Corporation) [File not signed]
S4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Fdc; C:\WINDOWS\system32\Drivers\Fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Flpydisk; C:\WINDOWS\system32\Drivers\Flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2001-08-17] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) [File not signed]
S3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
R0 hpn; C:\WINDOWS\System32\DRIVERS\hpn.sys [25952 2001-08-17] (Microsoft Corporation) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2005-10-27] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-27] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-27] (HP)
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R1 i2omgmt; C:\WINDOWS\system32\Drivers\i2omgmt.sys [8576 2008-04-13] (Microsoft Corporation) [File not signed]
R0 i2omp; C:\WINDOWS\System32\DRIVERS\i2omp.sys [18560 2008-04-13] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [1353820 2005-11-28] (Intel Corporation) [File not signed]
R0 iaStor; C:\WINDOWS\System32\DRIVERS\IASTOR.SYS [874240 2005-10-11] (Intel Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ini910u; C:\WINDOWS\System32\DRIVERS\ini910u.sys [16000 2001-08-17] (Microsoft Corporation) [File not signed]
R0 IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
S1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
S3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
S3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
R0 mraid35x; C:\WINDOWS\System32\DRIVERS\mraid35x.sys [17280 2001-08-17] (American Megatrends Inc.) [File not signed]
S3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
S3 NABTSFEC; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-27] (Intel® Corporation) [File not signed]
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2236544 2007-10-31] (Intel Corporation) [File not signed]
R3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation) [File not signed]
R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
R0 Pcmcia; C:\WINDOWS\System32\DRIVERS\pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
R0 perc2; C:\WINDOWS\System32\DRIVERS\perc2.sys [27296 2001-08-17] (Microsoft Corporation) [File not signed]
R0 perc2hib; C:\WINDOWS\System32\DRIVERS\perc2hib.sys [5504 2001-08-17] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.) [File not signed]
R0 ql1080; C:\WINDOWS\System32\DRIVERS\ql1080.sys [40320 2001-08-17] (QLogic Corporation) [File not signed]
R0 Ql10wnt; C:\WINDOWS\System32\DRIVERS\ql10wnt.sys [33152 2001-08-17] (Microsoft Corporation) [File not signed]
R0 ql12160; C:\WINDOWS\System32\DRIVERS\ql12160.sys [45312 2001-08-17] (QLogic Corporation) [File not signed]
R0 ql1240; C:\WINDOWS\System32\DRIVERS\ql1240.sys [40448 2001-08-17] (Microsoft Corporation) [File not signed]
R0 ql1280; C:\WINDOWS\System32\DRIVERS\ql1280.sys [49024 2001-08-17] (QLogic Corporation) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12288 2007-08-27] (Intel Corporation) [File not signed]
S3 sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [79232 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S2 Serial; C:\WINDOWS\system32\Drivers\Serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
R0 sisagp; C:\WINDOWS\System32\DRIVERS\sisagp.sys [40960 2008-04-13] (Silicon Integrated Systems Corporation) [File not signed]
S3 SLIP; C:\WINDOWS\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) [File not signed]
R3 smserial; C:\WINDOWS\System32\DRIVERS\smserial.sys [980736 2006-09-14] (Motorola Inc.) [File not signed]
R0 Sparrow; C:\WINDOWS\System32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1106888 2006-02-13] (SigmaTel, Inc.) [File not signed]
S3 streamip; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
R0 symc810; C:\WINDOWS\System32\DRIVERS\symc810.sys [16256 2001-08-17] (Symbios Logic Inc.) [File not signed]
R0 symc8xx; C:\WINDOWS\System32\DRIVERS\symc8xx.sys [32640 2001-08-17] (LSI Logic) [File not signed]
R0 sym_hi; C:\WINDOWS\System32\DRIVERS\sym_hi.sys [28384 2001-08-17] (LSI Logic) [File not signed]
R0 sym_u3; C:\WINDOWS\System32\DRIVERS\sym_u3.sys [30688 2001-08-17] (LSI Logic) [File not signed]
R3 SynTP; C:\WINDOWS\System32\DRIVERS\SynTP.sys [185824 2004-11-05] (Synaptics, Inc.) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-13] (Microsoft Corporation) [File not signed]
R3 tifm21; C:\WINDOWS\System32\drivers\tifm21.sys [168448 2006-07-06] (Texas Instruments) [File not signed]
R0 TosIde; C:\WINDOWS\System32\DRIVERS\toside.sys [4992 2001-08-17] (Microsoft Corporation) [File not signed]
R0 ultra; C:\WINDOWS\System32\DRIVERS\ultra.sys [36736 2001-08-17] (Promise Technology, Inc.) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60160 2013-07-16] (Microsoft Corporation) [File not signed]
S3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation) [File not signed]
S3 usbstor; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbvideo; C:\WINDOWS\System32\Drivers\usbvideo.sys [123008 2013-07-16] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
R0 viaagp; C:\WINDOWS\System32\DRIVERS\viaagp.sys [42240 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WSTCODEC; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [14208 2008-04-13] (Microsoft Corporation) [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-19 08:51 - 2015-07-19 08:51 - 00000000 ____D C:\FRST
2015-07-17 06:19 - 2015-07-17 06:19 - 00072352 _____ C:\Documents and Settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-07-16 22:04 - 2015-07-16 22:04 - 00000000 ____D C:\Documents and Settings\Home\Local Settings\Application Data\Avg2015
2015-07-16 21:38 - 2015-07-16 21:38 - 00281336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-16 21:24 - 2015-07-16 21:24 - 00000000 ____D C:\Intel
2015-07-16 20:44 - 2015-07-16 20:49 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 11:11 - 2015-07-17 06:58 - 00305990 _____ C:\Documents and Settings\Home\Desktop\Rkill.txt
2015-07-16 11:03 - 2015-07-16 11:03 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-07-16 10:38 - 2015-07-16 10:42 - 00002486 _____ C:\Documents and Settings\Home\Desktop\unhide.txt
2015-07-16 10:25 - 2015-07-16 10:58 - 00003290 _____ C:\Documents and Settings\All Users\Desktop\avgrep.txt
2015-07-16 10:16 - 2015-07-16 10:16 - 00000000 __SHD C:\WINDOWS\CSC
2015-06-25 14:10 - 2015-06-25 14:10 - 00000000 ____D C:\Documents and Settings\Home\Local Settings\Application Data\Avg
2015-06-24 15:38 - 2015-06-24 16:20 - 00001913 _____ C:\WINDOWS\wmsetup.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-19 08:52 - 2014-10-24 10:27 - 00000000 ____D C:\Documents and Settings\Home\Local Settings\Temp
2015-07-19 08:52 - 2006-05-31 20:30 - 01886674 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-19 08:51 - 2015-05-14 14:45 - 00168566 _____ C:\Documents and Settings\Home\debug.log
2015-07-19 08:51 - 2015-03-11 18:04 - 00000000 ____D C:\Documents and Settings\Home\Application Data\Skype
2015-07-19 08:50 - 2015-03-09 11:16 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-19 08:50 - 2015-03-09 11:16 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-07-19 08:50 - 2015-03-09 10:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-19 08:50 - 2011-11-10 18:06 - 00078032 _____ (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.dll
2015-07-19 08:50 - 2011-11-10 17:54 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2015-07-19 08:50 - 2006-05-31 20:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-19 08:50 - 2006-05-31 20:17 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-19 08:48 - 2014-10-24 10:27 - 00000178 ___SH C:\Documents and Settings\Home\ntuser.ini
2015-07-19 08:35 - 2006-05-31 20:36 - 00032456 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-17 11:39 - 2013-02-09 09:59 - 00000071 __RSH C:\Documents and Settings\All Users\Application Data\3002.xml
2015-07-16 22:10 - 2015-03-09 10:16 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 22:04 - 2014-10-24 13:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-07-16 22:00 - 2012-07-11 16:02 - 00610786 _____ C:\WINDOWS\setupapi.log
2015-07-16 21:48 - 2015-03-09 11:02 - 00000000 ____D C:\Program Files\360
2015-07-16 21:20 - 2015-03-09 11:29 - 00000000 ____D C:\Documents and Settings\Home\Local Settings\Application Data\Adobe
2015-07-16 21:20 - 2015-03-09 10:15 - 00000000 ____D C:\Documents and Settings\Home\Application Data\Adobe
2015-07-16 21:15 - 2015-03-09 11:13 - 00000000 __SHD C:\$360Section
2015-07-16 21:15 - 2015-03-09 11:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\360Quarant
2015-07-16 20:47 - 2014-10-24 13:12 - 00000782 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-16 20:47 - 2014-10-24 13:12 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-16 20:47 - 2014-10-24 13:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-16 20:12 - 2015-03-09 10:19 - 00001818 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-07-15 17:59 - 2014-10-24 10:27 - 00000000 ____D C:\Documents and Settings\Home\WINDOWS
2015-07-15 05:07 - 2015-05-08 20:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2015-07-13 14:30 - 2015-03-11 18:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-07-13 14:29 - 2015-03-11 18:03 - 00000000 ___RD C:\Program Files\Skype
2015-07-10 01:04 - 2015-05-08 18:46 - 00000484 _____ C:\WINDOWS\Tasks\Driver Support-RTMScan.job
2015-07-09 11:43 - 2013-11-07 17:27 - 00048496 _____ (Absolute Software Corporation) C:\WINDOWS\system32\identprv.dll
2015-07-08 16:29 - 2015-05-13 12:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2015-07-07 22:17 - 2014-10-24 10:27 - 00000000 ____D C:\Documents and Settings\Home
2015-07-07 15:03 - 2015-05-08 18:46 - 00000446 _____ C:\WINDOWS\Tasks\Driver Support-RTMUpdater.job
2015-07-06 10:53 - 2015-03-11 18:03 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-07-05 15:52 - 2015-06-06 18:35 - 00000000 ____D C:\Documents and Settings\Home\Application Data\MPC-HC
2015-07-03 08:49 - 2011-11-10 18:50 - 127070192 _____ C:\WINDOWS\system32\MRT.exe
2015-06-26 21:09 - 2015-03-09 11:10 - 00000000 ____D C:\WINDOWS\Tasks\360Disabled
2015-06-26 17:04 - 2013-02-09 10:38 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-26 17:04 - 2011-11-11 16:28 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-24 16:21 - 2014-10-24 13:12 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe
[2006-05-31 20:16] - [2008-04-13 17:12] - 1033728 ____A (Microsoft Corporation) 0x31323839363832336662393562666233646339623436626361656463393932332000200000

C:\WINDOWS\system32\winlogon.exe
[2006-05-31 20:17] - [2008-04-13 17:12] - 0507904 ____A (Microsoft Corporation) 0x65643065663061313336646563383364663639663034313138383730303033652000200000

C:\WINDOWS\system32\svchost.exe
[2006-05-31 20:17] - [2008-04-13 17:12] - 0014336 ____A (Microsoft Corporation) 0x32376336643033626364623863666562393662373136663364386265336531382000200000

C:\WINDOWS\system32\services.exe
[2006-05-31 20:16] - [2009-02-06 04:11] - 0110592 ____A (Microsoft Corporation) 0x36356466353266356238623665396262643138333530353232356333373331352000200000

C:\WINDOWS\system32\User32.dll
[2006-05-31 20:17] - [2008-04-13 17:12] - 0578560 ____A (Microsoft Corporation) 0x62323662313335666631623966363063393338386234613764313666363030622000200000

C:\WINDOWS\system32\userinit.exe
[2006-05-31 20:17] - [2008-04-13 17:12] - 0026112 ____A (Microsoft Corporation) 0x61393361656531393238613964376365336531366432346563373338306638392000200000

C:\WINDOWS\system32\rpcss.dll
[2006-05-31 20:16] - [2009-02-09 05:10] - 0401408 ____A (Microsoft Corporation) 0x36623237613563303364666239346234323435373339303635343331333232632000200000

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2006-05-31 20:17] - [2008-04-13 11:41] - 0052352 ____A (Microsoft Corporation) 0x34633866636235636335336161623731366438313037343066653539643032352000200000


==================== End of log ============================

 

 

 Attached File  Addition_19-07-2015_08-54-25.txt   22.61KB   2 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:14 AM

Posted 20 July 2015 - 09:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 

the antivirus that was loaded on the machine....360 plus I think. I tried to load avg 2015 but it wouldn't load. I deleted the other antivirus, but avg still wouldn't load.

Norton will not quit that easy.

Download the Norton Removal Tool from this site.
https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us?abproduct=home&abversion=1&pvid=f-home

Run the application and restart the computer if not executed by the tool.
===

p.s.
You may have to reinstall AVG again. Not sure.

----

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Please run the Farbar tool one more time and post a fresh FRST log for my review.

===


Also, please provide an update on how the computer is behaving after running the above script.

===

#3 sbwertz

sbwertz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 20 July 2015 - 09:39 AM

The antivirus I removed was not the Norton.  It was something called Qihoo 360 Total Security.  Right at the moment there is no antivirus running because I deleted the Qihoo product and AVG won't load. 

 

I will run the adware cleaner and post the log.  I have to go into Safe mode to download anything, because I cannot get on the net except in safe mode on that machine.


Edited by sbwertz, 20 July 2015 - 09:43 AM.


#4 sbwertz

sbwertz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 20 July 2015 - 09:53 AM

The zoek.exe link is broken.



#5 sbwertz

sbwertz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 20 July 2015 - 10:05 AM

adwcleaner logfile

 

# AdwCleaner v4.208 - Logfile created 20/07/2015 at 07:57:51
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Home - RIVERS-LAPTOP
# Running from : C:\Documents and Settings\Home\My Documents\Downloads\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater18.4.0

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Driver Support
Folder Deleted : C:\Program Files\Driver Support
Folder Deleted : C:\Program Files\Veloxum
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Home\Local Settings\Application Data\PC_Drivers_Headquarters
Folder Deleted : C:\Documents and Settings\Home\Start Menu\Programs\Driver Support
Folder Deleted : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\8m6vqx7a.default\Extensions\Avg@toolbar
File Deleted : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\8m6vqx7a.default\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ Scheduled tasks ] *****

Task Deleted : Driver Support-RTMScan
Task Deleted : Driver Support-RTMUpdater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\DriverSupport
Key Deleted : HKCU\Software\Veloxum
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\DriverSupport
Key Deleted : HKLM\SOFTWARE\Veloxum
Key Deleted : HKU\.DEFAULT\Software\Veloxum
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverSupport
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DriverSupport

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v33.0 (x86 en-US)

[8m6vqx7a.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[8m6vqx7a.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v43.0.2357.134

[C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4078 bytes] - [20/07/2015 07:55:43]
AdwCleaner[S0].txt - [4105 bytes] - [20/07/2015 07:57:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4164  bytes] ##########
 



#6 sbwertz

sbwertz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 20 July 2015 - 10:08 AM

I can't find anyplace to download zoek.exe.  All the download links are broken.



#7 sbwertz

sbwertz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 20 July 2015 - 10:18 AM

After running adwcleaner, I can now access the net from inside xp.  I still cannot load avg because it does not display the installation screens correctly...they are blank and I cannot see the checkboxes to select my options.  Something is still not right.



#8 sbwertz

sbwertz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 20 July 2015 - 10:33 AM

Second FRST logfile

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2015 01
Ran by Home (administrator) on RIVERS-LAPTOP on 20-07-2015 08:21:59
Running from C:\Documents and Settings\Home\My Documents\Downloads
Loaded Profiles: Home (Available Profiles: Home & Rivers)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [98394 2004-11-05] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [688218 2004-11-05] (Synaptics, Inc.)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [282624 2006-02-13] (SigmaTel, Inc.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-11-28] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2005-11-28] (Intel Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1863664188-4259440161-1125831159-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-05-08]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Professional&Br=GTW&Loc=ENG_US&Sys=PTB&M=M465-E
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Professional&Br=GTW&Loc=ENG_US&Sys=PTB&M=M465-E
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1863664188-4259440161-1125831159-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Professional&Br=GTW&Loc=ENG_US&Sys=PTB&M=M465-E
HKU\S-1-5-21-1863664188-4259440161-1125831159-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={CD28F996-F21B-4875-82CF-D55D1E0B1086}&mid=6d46e24c4dc847d2a43fd15231b1c84e-b5141d3f687eb34d641acf53c2f7620ebf6af39f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-13%2012:39:35&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1863664188-4259440161-1125831159-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1863664188-4259440161-1125831159-1006 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={CD28F996-F21B-4875-82CF-D55D1E0B1086}&mid=6d46e24c4dc847d2a43fd15231b1c84e-b5141d3f687eb34d641acf53c2f7620ebf6af39f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-13 12:39:35&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> c:\windows\system32\BAE.dll [2006-02-01] (Gateway Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1320975410443
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{3653294C-0B4B-43BF-8440-3E2A947E754D}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\8m6vqx7a.default
FF Homepage: https://mysearch.avg.com/?cid={CD28F996-F21B-4875-82CF-D55D1E0B1086}&mid=6d46e24c4dc847d2a43fd15231b1c84e-b5141d3f687eb34d641acf53c2f7620ebf6af39f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-13 12:39:35&v=4.1.0.411&pid=wtu&sg=&sap=hp
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-26] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-10]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-09]
CHR Extension: (Google Docs) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-09]
CHR Extension: (YouTube) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-09]
CHR Extension: (Google Search) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-09]
CHR Extension: (360 Internet Protection) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2015-03-09]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09]
CHR Extension: (Gmail) - C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2008-04-13] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation) [File not signed]
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
S3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation) [File not signed]
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295 2006-03-14] (Broadcom Corporation.) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-11-01] (Intel Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S3 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation) [File not signed]
S3 HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [81920 2005-05-20] (Hewlett-Packard Company)
S3 HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [73728 2004-10-16] (Hewlett-Packard Company)
S3 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation) [File not signed]
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-26] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-09] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation) [File not signed]
R3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-13] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
S3 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [196608 2011-11-10] (New Boundary Technologies, Inc.) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-11-01] (Intel Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Rpcnet; C:\WINDOWS\system32\rpcnet.exe [78032 2015-04-20] (Absolute Software Corp.)
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1183744 2007-11-01] (Intel Corporation ) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-13] (Microsoft Corporation) [File not signed]
S3 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation) [File not signed]
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation) [File not signed]
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-05-13] ()
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) [File not signed]
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ACPIEC; C:\WINDOWS\System32\DRIVERS\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation) [File not signed]
R0 adpu160m; C:\WINDOWS\System32\DRIVERS\adpu160m.sys [101888 2001-08-17] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2011-11-10] (Cisco Systems, Inc.) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
R0 agp440; C:\WINDOWS\System32\DRIVERS\agp440.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
R0 agpCPQ; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [44928 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Aha154x; C:\WINDOWS\System32\DRIVERS\aha154x.sys [12800 2001-08-17] (Microsoft Corporation) [File not signed]
R0 aic78u2; C:\WINDOWS\System32\DRIVERS\aic78u2.sys [55168 2001-08-17] (Microsoft Corporation) [File not signed]
R0 aic78xx; C:\WINDOWS\System32\DRIVERS\aic78xx.sys [56960 2001-08-17] (Microsoft Corporation) [File not signed]
R0 AliIde; C:\WINDOWS\System32\DRIVERS\aliide.sys [5248 2001-08-17] (Acer Laboratories Inc.) [File not signed]
R0 alim1541; C:\WINDOWS\System32\DRIVERS\alim1541.sys [42752 2008-04-13] (Microsoft Corporation) [File not signed]
R0 amdagp; C:\WINDOWS\System32\DRIVERS\amdagp.sys [43008 2008-04-13] (Advanced Micro Devices, Inc.) [File not signed]
R0 amsint; C:\WINDOWS\System32\DRIVERS\amsint.sys [12032 2001-08-17] (Microsoft Corporation) [File not signed]
R3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R0 asc; C:\WINDOWS\System32\DRIVERS\asc.sys [26496 2001-08-17] (Advanced System Products, Inc.) [File not signed]
R0 asc3350p; C:\WINDOWS\System32\DRIVERS\asc3350p.sys [22400 2001-08-17] (Microsoft Corporation) [File not signed]
R0 asc3550; C:\WINDOWS\System32\DRIVERS\asc3550.sys [14848 2001-08-17] (Advanced System Products, Inc.) [File not signed]
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [328237 2006-03-14] (Broadcom Corporation.) [File not signed]
S3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30427 2006-03-14] (Broadcom Corporation.) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [851402 2006-03-14] (Broadcom Corporation.) [File not signed]
R2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [23271 2006-03-14] (Broadcom Corporation.) [File not signed]
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [148900 2006-03-14] (Broadcom Corporation.) [File not signed]
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [45683 2006-03-14] (Broadcom Corporation.) [File not signed]
R0 cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) [File not signed]
R0 cd20xrnt; C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys [7680 2001-08-17] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation) [File not signed]
R0 CmdIde; C:\WINDOWS\System32\DRIVERS\cmdide.sys [6656 2001-08-17] (CMD Technology, Inc.) [File not signed]
R0 Compbatt; C:\WINDOWS\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Cpqarray; C:\WINDOWS\System32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation) [File not signed]
R0 dac2w2k; C:\WINDOWS\System32\DRIVERS\dac2w2k.sys [179584 2001-08-17] (Mylex Corporation) [File not signed]
R0 dac960nt; C:\WINDOWS\System32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
R0 dpti2o; C:\WINDOWS\System32\DRIVERS\dpti2o.sys [20192 2001-08-17] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
R3 e1express; C:\WINDOWS\System32\DRIVERS\e1e5132.sys [179200 2005-09-14] (Intel Corporation) [File not signed]
S4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Fdc; C:\WINDOWS\system32\Drivers\Fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Flpydisk; C:\WINDOWS\system32\Drivers\Flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2001-08-17] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) [File not signed]
S3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
R0 hpn; C:\WINDOWS\System32\DRIVERS\hpn.sys [25952 2001-08-17] (Microsoft Corporation) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2005-10-27] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-27] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-27] (HP)
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R1 i2omgmt; C:\WINDOWS\system32\Drivers\i2omgmt.sys [8576 2008-04-13] (Microsoft Corporation) [File not signed]
R0 i2omp; C:\WINDOWS\System32\DRIVERS\i2omp.sys [18560 2008-04-13] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [1353820 2005-11-28] (Intel Corporation) [File not signed]
R0 iaStor; C:\WINDOWS\System32\DRIVERS\IASTOR.SYS [874240 2005-10-11] (Intel Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ini910u; C:\WINDOWS\System32\DRIVERS\ini910u.sys [16000 2001-08-17] (Microsoft Corporation) [File not signed]
R0 IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
S1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
S3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
R0 mraid35x; C:\WINDOWS\System32\DRIVERS\mraid35x.sys [17280 2001-08-17] (American Megatrends Inc.) [File not signed]
S3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
S3 NABTSFEC; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-27] (Intel® Corporation) [File not signed]
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2236544 2007-10-31] (Intel Corporation) [File not signed]
R3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation) [File not signed]
R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
R0 Pcmcia; C:\WINDOWS\System32\DRIVERS\pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
R0 perc2; C:\WINDOWS\System32\DRIVERS\perc2.sys [27296 2001-08-17] (Microsoft Corporation) [File not signed]
R0 perc2hib; C:\WINDOWS\System32\DRIVERS\perc2hib.sys [5504 2001-08-17] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.) [File not signed]
R0 ql1080; C:\WINDOWS\System32\DRIVERS\ql1080.sys [40320 2001-08-17] (QLogic Corporation) [File not signed]
R0 Ql10wnt; C:\WINDOWS\System32\DRIVERS\ql10wnt.sys [33152 2001-08-17] (Microsoft Corporation) [File not signed]
R0 ql12160; C:\WINDOWS\System32\DRIVERS\ql12160.sys [45312 2001-08-17] (QLogic Corporation) [File not signed]
R0 ql1240; C:\WINDOWS\System32\DRIVERS\ql1240.sys [40448 2001-08-17] (Microsoft Corporation) [File not signed]
R0 ql1280; C:\WINDOWS\System32\DRIVERS\ql1280.sys [49024 2001-08-17] (QLogic Corporation) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12288 2007-08-27] (Intel Corporation) [File not signed]
S3 sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [79232 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S2 Serial; C:\WINDOWS\system32\Drivers\Serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
R0 sisagp; C:\WINDOWS\System32\DRIVERS\sisagp.sys [40960 2008-04-13] (Silicon Integrated Systems Corporation) [File not signed]
S3 SLIP; C:\WINDOWS\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) [File not signed]
R3 smserial; C:\WINDOWS\System32\DRIVERS\smserial.sys [980736 2006-09-14] (Motorola Inc.) [File not signed]
R0 Sparrow; C:\WINDOWS\System32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1106888 2006-02-13] (SigmaTel, Inc.) [File not signed]
S3 streamip; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
R0 symc810; C:\WINDOWS\System32\DRIVERS\symc810.sys [16256 2001-08-17] (Symbios Logic Inc.) [File not signed]
R0 symc8xx; C:\WINDOWS\System32\DRIVERS\symc8xx.sys [32640 2001-08-17] (LSI Logic) [File not signed]
R0 sym_hi; C:\WINDOWS\System32\DRIVERS\sym_hi.sys [28384 2001-08-17] (LSI Logic) [File not signed]
R0 sym_u3; C:\WINDOWS\System32\DRIVERS\sym_u3.sys [30688 2001-08-17] (LSI Logic) [File not signed]
R3 SynTP; C:\WINDOWS\System32\DRIVERS\SynTP.sys [185824 2004-11-05] (Synaptics, Inc.) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-13] (Microsoft Corporation) [File not signed]
R3 tifm21; C:\WINDOWS\System32\drivers\tifm21.sys [168448 2006-07-06] (Texas Instruments) [File not signed]
R0 TosIde; C:\WINDOWS\System32\DRIVERS\toside.sys [4992 2001-08-17] (Microsoft Corporation) [File not signed]
R0 ultra; C:\WINDOWS\System32\DRIVERS\ultra.sys [36736 2001-08-17] (Promise Technology, Inc.) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60160 2013-07-16] (Microsoft Corporation) [File not signed]
S3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation) [File not signed]
S3 usbstor; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbvideo; C:\WINDOWS\System32\Drivers\usbvideo.sys [123008 2013-07-16] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
R0 viaagp; C:\WINDOWS\System32\DRIVERS\viaagp.sys [42240 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WSTCODEC; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [14208 2008-04-13] (Microsoft Corporation) [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 07:55 - 2015-07-20 07:58 - 00000000 ____D C:\AdwCleaner
2015-07-19 09:31 - 2015-07-19 09:31 - 00000115 _____ C:\Documents and Settings\Home\Desktop\Remove what I think is the restore virus - Virus, Trojan, Spyware, and Malware Removal Logs.URL
2015-07-19 09:11 - 2015-07-19 09:11 - 00000154 _____ C:\Documents and Settings\Home\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Remov.URL
2015-07-19 09:10 - 2015-07-19 09:10 - 00000088 _____ C:\Documents and Settings\Home\Desktop\rkill in loop - Am I infected What do I do.URL
2015-07-19 08:51 - 2015-07-20 08:22 - 00000000 ____D C:\FRST
2015-07-17 06:19 - 2015-07-17 06:19 - 00072352 _____ C:\Documents and Settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-07-16 22:04 - 2015-07-16 22:04 - 00000000 ____D C:\Documents and Settings\Home\Local Settings\Application Data\Avg2015
2015-07-16 21:38 - 2015-07-16 21:38 - 00281336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-16 21:24 - 2015-07-16 21:24 - 00000000 ____D C:\Intel
2015-07-16 20:44 - 2015-07-16 20:49 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 11:11 - 2015-07-17 06:58 - 00305990 _____ C:\Documents and Settings\Home\Desktop\Rkill.txt
2015-07-16 11:03 - 2015-07-16 11:03 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-07-16 10:38 - 2015-07-16 10:42 - 00002486 _____ C:\Documents and Settings\Home\Desktop\unhide.txt
2015-07-16 10:25 - 2015-07-16 10:58 - 00003290 _____ C:\Documents and Settings\All Users\Desktop\avgrep.txt
2015-07-16 10:16 - 2015-07-16 10:16 - 00000000 __SHD C:\WINDOWS\CSC
2015-06-25 14:10 - 2015-06-25 14:10 - 00000000 ____D C:\Documents and Settings\Home\Local Settings\Application Data\Avg
2015-06-24 15:38 - 2015-06-24 16:20 - 00001913 _____ C:\WINDOWS\wmsetup.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 08:22 - 2014-10-24 10:27 - 00000000 ____D C:\Documents and Settings\Home\Local Settings\Temp
2015-07-20 08:20 - 2015-03-11 18:04 - 00000000 ____D C:\Documents and Settings\Home\Application Data\Skype
2015-07-20 08:15 - 2015-03-09 11:29 - 00000000 ____D C:\Documents and Settings\Home\Local Settings\Application Data\Adobe
2015-07-20 08:15 - 2006-05-31 20:30 - 01947064 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-20 08:12 - 2014-10-24 13:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-07-20 08:10 - 2015-03-09 10:16 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-20 08:09 - 2015-03-09 11:16 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-20 08:09 - 2015-03-09 11:16 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-07-20 08:09 - 2015-03-09 10:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-20 08:09 - 2011-11-10 18:06 - 00078032 _____ (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.dll
2015-07-20 08:09 - 2011-11-10 17:54 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2015-07-20 08:09 - 2006-05-31 20:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-20 08:09 - 2006-05-31 20:17 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-20 08:08 - 2014-10-24 10:27 - 00000178 ___SH C:\Documents and Settings\Home\ntuser.ini
2015-07-20 08:00 - 2006-05-31 20:36 - 00032456 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-20 07:57 - 2015-05-14 14:45 - 00170650 _____ C:\Documents and Settings\Home\debug.log
2015-07-19 09:01 - 2013-02-09 09:59 - 00000071 __RSH C:\Documents and Settings\All Users\Application Data\3002.xml
2015-07-16 22:00 - 2012-07-11 16:02 - 00610786 _____ C:\WINDOWS\setupapi.log
2015-07-16 21:48 - 2015-03-09 11:02 - 00000000 ____D C:\Program Files\360
2015-07-16 21:20 - 2015-03-09 10:15 - 00000000 ____D C:\Documents and Settings\Home\Application Data\Adobe
2015-07-16 21:15 - 2015-03-09 11:13 - 00000000 __SHD C:\$360Section
2015-07-16 21:15 - 2015-03-09 11:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\360Quarant
2015-07-16 20:47 - 2014-10-24 13:12 - 00000782 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-16 20:47 - 2014-10-24 13:12 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-16 20:47 - 2014-10-24 13:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-16 20:12 - 2015-03-09 10:19 - 00001818 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-07-15 17:59 - 2014-10-24 10:27 - 00000000 ____D C:\Documents and Settings\Home\WINDOWS
2015-07-15 05:07 - 2015-05-08 20:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2015-07-13 14:30 - 2015-03-11 18:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-07-13 14:29 - 2015-03-11 18:03 - 00000000 ___RD C:\Program Files\Skype
2015-07-07 22:17 - 2014-10-24 10:27 - 00000000 ____D C:\Documents and Settings\Home
2015-07-06 10:53 - 2015-03-11 18:03 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-07-05 15:52 - 2015-06-06 18:35 - 00000000 ____D C:\Documents and Settings\Home\Application Data\MPC-HC
2015-07-03 08:49 - 2011-11-10 18:50 - 127070192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-26 21:09 - 2015-03-09 11:10 - 00000000 ____D C:\WINDOWS\Tasks\360Disabled
2015-06-26 17:04 - 2013-02-09 10:38 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-26 17:04 - 2011-11-11 16:28 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-24 16:21 - 2014-10-24 13:12 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Home\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Home\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe
[2006-05-31 20:16] - [2008-04-13 17:12] - 1033728 ____A (Microsoft Corporation) 0x31323839363832336662393562666233646339623436626361656463393932332000200000

C:\WINDOWS\system32\winlogon.exe
[2006-05-31 20:17] - [2008-04-13 17:12] - 0507904 ____A (Microsoft Corporation) 0x65643065663061313336646563383364663639663034313138383730303033652000200000

C:\WINDOWS\system32\svchost.exe
[2006-05-31 20:17] - [2008-04-13 17:12] - 0014336 ____A (Microsoft Corporation) 0x32376336643033626364623863666562393662373136663364386265336531382000200000

C:\WINDOWS\system32\services.exe
[2006-05-31 20:16] - [2009-02-06 04:11] - 0110592 ____A (Microsoft Corporation) 0x36356466353266356238623665396262643138333530353232356333373331352000200000

C:\WINDOWS\system32\User32.dll
[2006-05-31 20:17] - [2008-04-13 17:12] - 0578560 ____A (Microsoft Corporation) 0x62323662313335666631623966363063393338386234613764313666363030622000200000

C:\WINDOWS\system32\userinit.exe
[2006-05-31 20:17] - [2008-04-13 17:12] - 0026112 ____A (Microsoft Corporation) 0x61393361656531393238613964376365336531366432346563373338306638392000200000

C:\WINDOWS\system32\rpcss.dll
[2006-05-31 20:16] - [2009-02-09 05:10] - 0401408 ____A (Microsoft Corporation) 0x36623237613563303364666239346234323435373339303635343331333232632000200000

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2006-05-31 20:17] - [2008-04-13 11:41] - 0052352 ____A (Microsoft Corporation) 0x34633866636235636335336161623731366438313037343066653539643032352000200000


==================== End of log ============================



#9 sbwertz

sbwertz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 20 July 2015 - 10:36 AM

Thank you for your time, but I think this is an exercise in futility.  I don't want to waste any more of your time.  She doesn't have much data on the system, so i am going to do a full system restore back to factory settings.

 

Sharon



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:14 AM

Posted 20 July 2015 - 12:59 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users