Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD once or twice a month & Avira's Luke Filewalker errors out


  • This topic is locked This topic is locked
21 replies to this topic

#1 Zhang Fei

Zhang Fei

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 20 February 2016 - 03:02 PM

Hibernation leads, after a couple of sessions, to the fuzzing out of the top right hand window controls (minimize window, maximize window, close window), and the spontaneous shutdown of applications. For instance, Firefox shuts down with the message "The application or DLL C:\..\xul.dll is not a valid Windows image. Please check this against your installation image". The message "Couldn't load XPCOM" also appears. Upon a reboot, all programs work as they used to. I suspect there's I have some kind of malware problem, but am stumped as to what it could be. I have attached my logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-02-2016
Ran by Fenix (administrator) on BLUE-ZHREIMHWED (20-02-2016 13:40:58)
Running from C:\Downloads
Loaded Profiles: Fenix (Available Profiles: Gryphon & Griffin & Fenix & Unicorn & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINNT\system32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\csrss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
(ATI Technologies Inc.) C:\WINNT\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(ATI Technologies Inc.) C:\WINNT\system32\ati2evxx.exe
(IDT, Inc.) C:\Program Files\IDT\v114_ECS_D_6207.2V7_6099.8xp_G2.0V_RC_SDC\WDM\stacsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\explorer.exe
(Microsoft Corporation) C:\WINNT\system32\ctfmon.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Maxtor) C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\Mctray.exe
(Sonic Solutions) C:\WINNT\system32\dla\tfswctrl.exe
(Vimicro) C:\WINNT\VMSnap3.EXE
(Vimicro) C:\WINNT\Domino.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Maxtor) C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(j2 Global Communications, Inc.) C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(Acronis) C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\UPHClean\uphclean.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe
(Ahead Software) C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\PROGRA~1\MI3AA1~1\rapimgr.exe
(Microsoft Corporation) C:\WINNT\system32\wbem\wmiprvse.exe
(Eastman Kodak Company) C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Palm, Inc.) C:\Program Files\PalmOne\HOTSYNC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINNT\system32\alg.exe
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINNT\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
(Microsoft Corporation) C:\WINNT\system32\sndvol32.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Synchronization Manager] => mobsync.exe /logon
HKLM\...\Run: [CloneDVDElbyDelay] => C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe [45056 2002-11-02] (Elaborate Bytes AG)
HKLM\...\Run: [PinnacleDriverCheck] => C:\WINNT\system32\PSDrvCheck.exe [394240 2003-05-28] ()
HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [200704 2007-01-20] (PowerISO Computing, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [87584 2006-10-16] (Acronis)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [111952 2008-05-12] (McAfee, Inc.)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\UdaterUI.exe [136768 2006-11-17] (McAfee, Inc.)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINNT\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-03] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [IMEKRMIG6.1] => C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE [44032 2002-08-29] (Microsoft Corporation)
HKLM\...\Run: [dla] => C:\WINNT\system32\dla\tfswctrl.exe [127037 2005-02-25] (Sonic Solutions)
HKLM\...\Run: [VMSnap3] => C:\WINNT\VMSnap3.EXE [49152 2006-07-18] (Vimicro)
HKLM\...\Run: [Domino] => C:\WINNT\Domino.EXE [49152 2006-06-28] (Vimicro)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [446571 2009-03-25] (IDT, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [1164912 2006-10-16] (Acronis)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe [136472 2008-06-27] (Maxtor)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [Maxtor Scheduler2 Service] => C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe [136472 2008-06-27] (Maxtor)
HKLM\...\Run: [MaxBlastMonitor.exe] => C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe [1325800 2008-06-27] (Maxtor)
HKLM\...\Run: [eFax 4.4] => C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe [95744 2010-07-02] (j2 Global Communications, Inc.)
HKLM\...\Run: [DiscWizardMonitor.exe] => C:\Program Files\Maxtor\MaxBlast\DiscWizardMonitor.exe [1325936 2009-10-16] (Seagate)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe [904776 2008-06-27] (Acronis)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM\...\Run: [BigDog303] => C:\WINNT\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime Alternative\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [804168 2016-02-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2591888 2015-04-08] ()
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-04-08] (NVIDIA Corporation)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\WINNT\System32\Userinit.exe,
HKLM\...\Winlogon: [Shell] explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] C:\WINNT\system32\logonui.exe [514560 2008-04-13] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINNT\system32\Ati2evxx.dll [2008-07-04] (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll [2013-10-07] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINNT\System32\dimsntfy.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\WgaLogon: C:\WINNT\system32\WgaLogon.dll [2009-03-10] (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\wzcnotif: C:\WINNT\system32\wzcdlg.dll [2008-04-13] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-19\...\RunOnce: [^SetupICWDesktop] => C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\WINNT\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\system32\logon.scr [220672 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [^SetupICWDesktop] => C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\WINNT\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\system32\logon.scr [220672 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Run: [ctfmon.exe] => C:\WINNT\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Run: [updateMgr] => C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Run: [Google Update] => C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [144200 2015-11-16] (Google Inc.)
HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [389352 2010-08-09] (SANDBOXIE L.T.D)
HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2016-01-25] (SUPERAntiSpyware)
HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Run: [PhotoShow Deluxe Media Manager] => C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe [212992 2005-02-25] (Ahead Software)
HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-484763869-507921405-1343024091-1007\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\system32\scrnsave.scr [9216 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [ctfmon.exe] => C:\WINNT\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [^SetupICWDesktop] => C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINNT\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINNT\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0xFF000000
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\system32\logon.scr [220672 2008-04-13] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HotSync Manager.lnk [2005-02-26]
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files\PalmOne\HOTSYNC.EXE (Palm, Inc.)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Registration-InstantCopy.lnk [2007-10-27]
ShortcutTarget: Registration-InstantCopy.lnk -> C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2016-02-19]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\WINNT\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2008-05-01]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2008-05-24]
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Documents and Settings\Fenix\Start Menu\Programs\Startup\HotSync Manager.lnk [2012-01-03]
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files\PalmOne\HOTSYNC.EXE (Palm, Inc.)
Startup: C:\Documents and Settings\Fenix\Start Menu\Programs\Startup\Registration-InstantCopy.lnk [2008-10-06]
ShortcutTarget: Registration-InstantCopy.lnk -> C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe (No File)
Startup: C:\Documents and Settings\Griffin\Start Menu\Programs\Startup\HotSync Manager.lnk [2005-02-26]
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files\PalmOne\HOTSYNC.EXE (Palm, Inc.)
Startup: C:\Documents and Settings\Griffin\Start Menu\Programs\Startup\Registration-InstantCopy.lnk [2007-10-27]
ShortcutTarget: Registration-InstantCopy.lnk -> C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe (No File)
AlternateShell:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINNT\system32\winrnr.dll [16896 2008-04-13] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINNT\system32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINNT\system32\rsvpsp.dll [92672 2008-04-13] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINNT\system32\rsvpsp.dll [92672 2008-04-13] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2ADDB8BA-2057-4DC0-A797-71586A3B9654}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-484763869-507921405-1343024091-1007\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-484763869-507921405-1343024091-1007\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-484763869-507921405-1343024091-1007\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-484763869-507921405-1343024091-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-484763869-507921405-1343024091-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -> C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-19] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2008-05-12] (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-19] (Oracle Corporation)
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-484763869-507921405-1343024091-1007 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-484763869-507921405-1343024091-1007 -> No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {33363249-0000-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37968.3613194444
DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2003-11-17] (Belarc, Inc.)
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll [2006-08-10] (Juno Online Services, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINNT\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINNT\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2007-04-22] (DivX,Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll [2007-04-22] (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [2007-04-22] (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-19] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin: @veoh.com/VeohWebPlayer -> C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll [2009-10-27] (Veoh)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll [2006-08-16] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-484763869-507921405-1343024091-1007: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-484763869-507921405-1343024091-1007: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-484763869-507921405-1343024091-1007: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll [2012-12-27] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2007-04-22] (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2007-04-22] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2005-01-08] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2005-01-08] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-07-12] (Nullsoft, Inc.)
FF SearchPlugin: C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\searchplugins\jeeves.xml [2007-02-10]
FF SearchPlugin: C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\searchplugins\mdbgwdbs.xml [2010-01-06]
FF SearchPlugin: C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\searchplugins\mdbgwdbt.xml [2010-02-04]
FF Extension: Flashblock - C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-02]
FF Extension: Avira Browser Safety - C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\Extensions\abs@avira.com [2016-02-18]
FF Extension: Google search link fix - C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2015-12-23]
FF Extension: Video DownloadHelper - C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-17]
FF Extension: Adblock Plus - C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16] [not signed]
FF HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Firefox\Extensions: [{86D92CB0-3EB2-4979-AD43-DF0341807D7F}] - C:\Program Files\Copernic Desktop Search 2\FirefoxToolbar => not found
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\inspector.js [2005-03-17]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-10-08]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Native Client) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINNT\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 6.5.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.5.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll => No File
CHR Plugin: (Veoh Web Player Beta) - C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
CHR Plugin: (Shockwave for Director) - C:\WINNT\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-08]
CHR Extension: (Google Search) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-08]
CHR Extension: (AdBlock) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-06]
CHR Extension: (FlashBlock) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl [2014-08-21]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-08]
CHR Extension: (Gmail) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-12] (SUPERAntiSpyware.com)
S2 6to4; C:\WINNT\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [230944 2006-10-16] (Acronis)
S3 AdobeFlashPlayerUpdateSvc; C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [269504 2016-02-10] (Adobe Systems Incorporated)
S4 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation)
R3 ALG; C:\WINNT\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [930944 2016-02-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [466408 2016-02-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [466408 2016-02-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1223920 2016-02-19] (Avira Operations GmbH & Co. KG)
S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2008-04-13] (Microsoft Corporation)
S3 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160 2010-03-18] (Microsoft Corporation)
R2 Ati HotKey Poller; C:\WINNT\system32\Ati2evxx.exe [561152 2008-07-04] (ATI Technologies Inc.)
S2 ATI Smart; C:\WINNT\system32\ati2sgag.exe [593920 2008-07-03] () [File not signed]
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation)
R2 BITS; C:\WINNT\system32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation)
R2 Browser; C:\WINNT\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation)
S3 cisvc; C:\WINNT\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation)
S4 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
R2 CryptSvc; C:\WINNT\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation)
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINNT\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
S3 Dot3svc; C:\WINNT\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation)
S3 EapHost; C:\WINNT\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation)
R2 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
S2 Fax; C:\WINNT\system32\fxssvc.exe [267776 2008-04-13] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation)
R2 HidServ; C:\WINNT\System32\hidserv.dll [21504 2008-04-13] (Microsoft Corporation)
S3 hkmsvc; C:\WINNT\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation)
S3 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 idsvc; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINNT\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [99840 2010-08-26] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation)
R2 MaxSch2Svc; C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe [431384 2008-06-27] (Maxtor)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [104000 2006-11-17] (McAfee, Inc.)
U2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144704 2008-05-12] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54608 2008-05-12] (McAfee, Inc.)
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation)
S3 mnmsrvc; C:\WINNT\System32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation)
S3 MSDTC; C:\WINNT\System32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation)
S3 MSIServer; C:\WINNT\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation)
S3 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 napagent; C:\WINNT\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation)
S4 NetDDE; C:\WINNT\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
S3 Netlogon; C:\WINNT\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINNT\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S2 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-04-08] (NVIDIA Corporation)
S2 NVSvc; C:\WINNT\system32\nvsvc32.exe [155976 2015-04-08] (NVIDIA Corporation)
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R2 PolicyAgent; C:\WINNT\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S3 RasAuto; C:\WINNT\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation)
S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation)
S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2008-04-13] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\system32\locator.exe [75264 2008-04-13] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\system32\rsvp.exe [132608 2001-08-23] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [75496 2010-08-09] (SANDBOXIE L.T.D)
S3 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation)
R2 Schedule; C:\WINNT\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation)
R2 SENS; C:\WINNT\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation)
S2 SgtSch2Svc; C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe [431384 2008-06-27] (Maxtor)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
R2 srservice; C:\WINNT\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation)
R3 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation)
R2 STacSV; c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe [237665 2009-03-25] (IDT, Inc.)
R2 StiSvc; C:\WINNT\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation)
S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation)
R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation)
R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation)
R2 Themes; C:\WINNT\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
S3 TlntSvr; C:\WINNT\System32\tlntsvr.exe [73216 2008-04-13] (Microsoft Corporation)
R2 TrkWks; C:\WINNT\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [241725 2005-04-27] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\WINNT\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation)
S3 UPS; C:\WINNT\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation)
S3 UtilMan; C:\WINNT\System32\UtilMan.exe [50176 2008-04-13] (Microsoft Corporation)
S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation)
R2 W32Time; C:\WINNT\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation)
R2 WebClient; C:\WINNT\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation)
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation)
S3 WinRM; C:\WINNT\system32\WsmSvc.dll [1107456 2009-10-09] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 Wmi; C:\WINNT\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\system32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation)
S3 WPFFontCache_v0400; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [754856 2013-07-20] (Microsoft Corporation)
R2 wscsvc; C:\WINNT\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation)
R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation)
R2 WudfSvc; C:\WINNT\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
S3 WZCSVC; C:\WINNT\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation)
S3 xmlprov; C:\WINNT\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation)
S2 Avira.ServiceHost; "C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe" [X]
S3 COMSysApp; C:\WINNT\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 SwPrv; C:\WINNT\system32\dllhost.exe /Processid:{54A0D0DB-C402-477F-A471-D6AFEC7DF175}

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation)
S4 ACPIEC; C:\WINNT\system32\Drivers\ACPIEC.sys [11648 2001-08-23] (Microsoft Corporation)
S3 aec; C:\WINNT\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)
R2 amdfix; C:\WINNT\System32\drivers\amdfix.sys [4108 2002-12-28] (Microsoft Corporation) [File not signed]
R0 amdide; C:\WINNT\System32\DRIVERS\amdide.sys [9096 2007-10-11] (Advanced Micro Devices)
R1 AmdPPM; C:\WINNT\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S3 asapiW2k; C:\WINNT\System32\Drivers\ASAPIW2K.sys [11264 2002-04-17] (VOB Computersysteme GmbH) [File not signed]
R2 Aspi32; C:\WINNT\system32\Drivers\Aspi32.sys [16877 2002-07-17] (Adaptec)
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation)
R3 AtcL001; C:\WINNT\System32\DRIVERS\l151x86.sys [37376 2009-04-06] (Atheros Communications, Inc.)
R3 ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [3230720 2008-07-04] (ATI Technologies Inc.)
S3 AtiHdmiService; C:\WINNT\System32\drivers\AtiHdmi.sys [84992 2007-07-20] (ATI Research Inc.)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R2 avgntflt; C:\WINNT\System32\DRIVERS\avgntflt.sys [106968 2015-11-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINNT\System32\DRIVERS\avipbb.sys [135760 2016-02-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINNT\System32\DRIVERS\avkmgr.sys [37896 2015-11-20] (Avira Operations GmbH & Co. KG)
R1 BANTExt; C:\WINNT\System32\Drivers\BANTExt.sys [3840 2003-03-06] () [File not signed]
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2001-08-23] (Microsoft Corporation)
S2 BT848; C:\WINNT\System32\DRIVERS\BT848.sys [372309 2002-12-21] (Illusion & Hope.) [File not signed]
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2001-08-23] (Microsoft Corporation)
S3 CCDECODE; C:\WINNT\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2001-08-23] (Microsoft Corporation)
R4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation)
S1 Cdralw2k; C:\WINNT\system32\Drivers\Cdralw2k.sys [9464 2007-02-02] (Sonic Solutions)
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation)
R1 CINEMSUP; C:\WINNT\SYSTEM32\DRIVERS\CINEMSUP.SYS [6656 2003-12-19] (Sonic Solutions) [File not signed]
S3 ctljystk; C:\WINNT\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmio; C:\WINNT\System32\DRIVERS\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmload; C:\WINNT\system32\Drivers\dmload.sys [5888 2001-08-23] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
R0 drvmcdb; C:\WINNT\System32\drivers\drvmcdb.sys [88080 2005-02-02] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINNT\System32\drivers\drvnddm.sys [40544 2004-12-23] (Sonic Solutions) [File not signed]
R1 ElbyCDIO; C:\WINNT\System32\Drivers\ElbyCDIO.sys [24392 2008-07-21] (Elaborate Bytes AG)
R3 ElbyDelay; C:\WINNT\System32\Drivers\ElbyDelay.sys [3968 2004-06-08] (Elaborate Bytes AG) [File not signed]
R4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation)
S3 Fdc; C:\WINNT\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation)
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation)
S3 Flpydisk; C:\WINNT\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation)
R1 FsVga; C:\WINNT\System32\DRIVERS\fsvga.sys [12160 2001-08-23] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2001-08-23] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2001-08-23] (Microsoft Corporation)
S3 gameenum; C:\WINNT\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 GEARAspiWDM; C:\WINNT\System32\DRIVERS\GEARAspiWDM.sys [26840 2012-08-21] (GEAR Software Inc.)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
S2 hardlock; C:\WINNT\system32\drivers\hardlock.sys [665600 2005-02-06] (Aladdin Knowledge Systems) [File not signed]
R2 Haspnt; C:\WINNT\system32\drivers\Haspnt.sys [47616 2005-02-06] (Aladdin Knowledge Systems) [File not signed]
R3 HDAudBus; C:\WINNT\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation)
R3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation)
R0 imagedrv; C:\WINNT\System32\Drivers\imagedrv.sys [11304 2007-07-03] (Ahead Software AG)
R0 imagesrv; C:\WINNT\System32\DRIVERS\imagesrv.sys [132904 2007-07-03] (Ahead Software AG)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation)
R3 Ip6Fw; C:\WINNT\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2001-08-23] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation)
S3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation)
S1 kbdhid; C:\WINNT\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation)
S3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
R3 mfeapfk; C:\WINNT\System32\drivers\mfeapfk.sys [64232 2008-05-12] (McAfee, Inc.)
R3 mfeavfk; C:\WINNT\System32\drivers\mfeavfk.sys [72936 2008-05-12] (McAfee, Inc.)
R3 mfebopk; C:\WINNT\System32\drivers\mfebopk.sys [33960 2008-05-12] (McAfee, Inc.)
R3 mfehidk; C:\WINNT\System32\drivers\mfehidk.sys [174952 2008-05-12] (McAfee, Inc.)
R1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31816 2008-05-12] (McAfee, Inc.)
S1 mfetdik; C:\WINNT\System32\drivers\mfetdik.sys [52104 2008-05-12] (McAfee, Inc.)
S3 MHIKEY10; C:\WINNT\System32\Drivers\MHIKEY10.sys [51072 2008-05-27] (Generic USB smartcard reader)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2001-08-23] (Microsoft Corporation)
S3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation)
S3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation)
S3 MPE; C:\WINNT\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 MpFilter; C:\WINNT\system32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation)
S3 MSDV; C:\WINNT\System32\DRIVERS\msdv.sys [51200 2008-04-13] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation)
S3 MSTEE; C:\WINNT\System32\drivers\MSTEE.sys [5504 2008-04-13] (Microsoft Corporation)
S3 ms_mpu401; C:\WINNT\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
R0 Mup; C:\WINNT\System32\drivers\mup.sys [105472 2011-04-21] (Microsoft Corporation)
S3 NABTSFEC; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINNT\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)
S3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation)
S3 nm; C:\WINNT\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2001-08-23] (Microsoft Corporation)
S3 nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [10707360 2013-02-09] (NVIDIA Corporation)
S4 nv4; C:\WINNT\System32\DRIVERS\nv4_mini.sys [10707360 2013-02-09] (NVIDIA Corporation)
S3 NVHDA; C:\WINNT\System32\drivers\nvhda32.sys [128960 2015-04-08] (NVIDIA Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2001-08-23] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2001-08-23] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINNT\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINNT\System32\DRIVERS\nwlnknb.sys [63232 2001-08-23] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINNT\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-23] (Microsoft Corporation)
R0 ohci1394; C:\WINNT\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation)
S2 Parclass; C:\WINNT\System32\Drivers\Parclass.sys [18832 1997-11-26] (Microsoft Corporation) [File not signed]
R3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation)
R2 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2001-08-23] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\System32\DRIVERS\pciide.sys [3328 2001-08-23] (Microsoft Corporation)
S4 Pcmcia; C:\WINNT\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation)
R3 pcouffin; C:\WINNT\System32\Drivers\pcouffin.sys [47360 2007-09-14] (VSO Software) [File not signed]
R3 pctvvbi; C:\WINNT\System32\DRIVERS\pctvvbi.sys [6369 2002-04-02] (Pinnacle Systems) [File not signed]
S3 pfc; C:\WINNT\System32\drivers\pfc.sys [10368 2003-09-18] (Padus, Inc.) [File not signed]
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation)
S1 Processor; C:\WINNT\System32\DRIVERS\processr.sys [35840 2008-04-13] (Microsoft Corporation)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2001-08-23] (Parallel Technologies, Inc.)
R0 PxHelp20; C:\WINNT\System32\DRIVERS\PxHelp20.sys [43528 2007-03-29] (Sonic Solutions)
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2001-08-23] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2001-08-23] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2001-08-23] (Microsoft Corporation)
R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation)
S3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
S2 ROB_A; C:\WINNT\System32\DRIVERS\rob_a.sys [20064 2002-02-07] (Pinnacle Systems GmbH) [File not signed]
S2 ROB_V; C:\WINNT\System32\drivers\rob_v.sys [124800 2002-09-12] (Pinnacle Systems GmbH) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [123112 2010-08-09] (SANDBOXIE L.T.D)
R1 SCDEmu; C:\WINNT\system32\Drivers\SCDEmu.sys [31644 2007-01-20] (PowerISO Computing, Inc.) [File not signed]
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation)
R1 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation)
S1 Sfloppy; C:\WINNT\system32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation)
R0 sisagp; C:\WINNT\System32\DRIVERS\sisagp.sys [40960 2008-04-13] (Silicon Integrated Systems Corporation)
S3 SLIP; C:\WINNT\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
R0 snapman; C:\WINNT\System32\DRIVERS\snapman.sys [132224 2011-06-05] (Acronis)
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)
R1 sscdbhk5; C:\WINNT\System32\drivers\sscdbhk5.sys [5627 2004-12-02] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\WINNT\System32\DRIVERS\ssmdrv.sys [31848 2015-11-20] (Avira Operations GmbH & Co. KG)
R1 ssrtln; C:\WINNT\System32\drivers\ssrtln.sys [23545 2004-12-02] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINNT\System32\drivers\sthda.sys [1392498 2009-03-25] (IDT, Inc.)
R3 StillCam; C:\WINNT\System32\DRIVERS\serscan.sys [6784 2001-08-17] (Microsoft Corporation)
S3 streamip; C:\WINNT\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [57696 2001-08-15] (Symantec Corporation) [File not signed]
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation)
R1 Tcpip6; C:\WINNT\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation)
R0 tdrpman; C:\WINNT\System32\DRIVERS\tdrpman.sys [368480 2011-06-05] (Acronis)
S3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2008-04-13] (Microsoft Corporation)
R2 tfsnboio; C:\WINNT\System32\dla\tfsnboio.sys [25725 2005-02-25] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINNT\System32\dla\tfsncofs.sys [34845 2005-02-25] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINNT\System32\dla\tfsndrct.sys [4125 2005-02-25] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINNT\System32\dla\tfsndres.sys [2241 2005-02-25] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINNT\System32\dla\tfsnifs.sys [86684 2005-02-25] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINNT\System32\dla\tfsnopio.sys [14877 2005-02-25] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINNT\System32\dla\tfsnpool.sys [6365 2005-02-25] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINNT\System32\dla\tfsnudf.sys [98716 2005-02-25] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINNT\System32\dla\tfsnudfa.sys [100605 2005-02-25] (Sonic Solutions) [File not signed]
R2 tifsfilter; C:\WINNT\System32\DRIVERS\tifsfilt.sys [44384 2011-06-05] (Acronis)
R0 timounter; C:\WINNT\System32\DRIVERS\timntr.sys [441760 2011-06-05] (Acronis)
R3 tunmp; C:\WINNT\System32\DRIVERS\tunmp.sys [12288 2008-04-13] (Microsoft Corporation)
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation)
S3 uhcd; C:\WINNT\System32\DRIVERS\uhcd.sys [32848 2003-06-19] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation)
R3 usbaudio; C:\WINNT\System32\drivers\usbaudio.sys [60160 2013-07-16] (Microsoft Corporation)
R3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation)
S3 usbhub20; C:\WINNT\System32\DRIVERS\usbhub20.sys [49776 2003-06-19] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\WINNT\System32\DRIVERS\usbohci.sys [17152 2008-04-13] (Microsoft Corporation)
R3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation)
R3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation)
R3 usbvideo; C:\WINNT\System32\Drivers\usbvideo.sys [123008 2013-07-16] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation)
S3 vmfilter303; C:\WINNT\System32\drivers\vmfilter303.sys [428160 2006-04-25] (Vimicro Corporation) [File not signed]
R0 VOBID; C:\WINNT\System32\DRIVERS\vobid.sys [29239 2003-08-01] (Pinnacle Systems) [File not signed]
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation)
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation)
S3 wceusbsh; C:\WINNT\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
S3 WpdUsb; C:\WINNT\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation)
S4 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2001-08-23] (Microsoft Corporation)
S3 WSTCODEC; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
R0 WudfPf; C:\WINNT\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
S3 WudfRd; C:\WINNT\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
R2 xinstall; C:\WINNT\System32\drivers\xinstall.sys [6143 2002-12-28] () [File not signed]
S3 ZSMC0303; C:\WINNT\System32\Drivers\usbVM303.sys [392058 2006-07-18] (Vimicro Corporation) [File not signed]
S3 ZSMC303; C:\WINNT\System32\Drivers\usbVM303.sys [392058 2006-07-18] (Vimicro Corporation) [File not signed]
S4 aic116x; no ImagePath
S4 ami0nt; no ImagePath
S4 BusLogic; no ImagePath
S0 c2scsi; System32\DRIVERS\c2scsi.sys [X]
U4 Cdr4vsd; no ImagePath
S3 cmuda; system32\drivers\cmuda.sys [X]
S4 cpqarry2; no ImagePath
S4 cpqfcalm; no ImagePath
S4 cpqfws2e; no ImagePath
S4 deckzpsx; no ImagePath
S4 EFS; no ImagePath
S4 Fd16_700; no ImagePath
S4 fireport; no ImagePath
S4 flashpnt; no ImagePath
S4 IntelIde; no ImagePath
S4 ipsraidn; no ImagePath
S4 lp6nds35; no ImagePath
S3 MEMSWEEP2; \??\C:\WINNT\system32\151.tmp [X]
S3 MTK; System32\Drivers\fide.sys [X]
S4 Nbf; System32\DRIVERS\nbf.sys [X]
S4 Ncrc710; no ImagePath
S3 ossrv; system32\drivers\ctoss2k.sys [X]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
S4 Parallel; System32\DRIVERS\parallel.sys [X]
S4 ql2100; no ImagePath
S3 rtl8139; System32\DRIVERS\RTL8139.SYS [X]
U2 SchedulingAgent; no ImagePath
U5 ScsiPort; C:\WINNT\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SISNIC; system32\DRIVERS\sisnic.sys [X]
S3 smc8000n; system32\DRIVERS\smc8000n.sys [X]
S3 TESTCAP; System32\DRIVERS\PCTVAud.sys [X]
S1 tga; no ImagePath
S3 UCORESYS; \??\C:\Downloads\A74M0315\UCORESYS.SYS [X]
S4 ultra66; no ImagePath
S3 vvftav303; system32\drivers\vvftav303.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-19 16:56 - 2016-02-19 16:56 - 00000000 ____D C:\Program Files\Common Files\Java
2016-02-19 03:24 - 2016-02-19 03:24 - 811050403 _____ C:\DATA.zip
2016-02-13 01:17 - 2016-02-13 01:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-07 22:02 - 2016-02-07 22:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TomTom
2016-02-04 23:24 - 2016-02-20 13:40 - 00000000 ____D C:\FRST
2016-02-04 22:00 - 2016-02-04 22:04 - 00000000 ____D C:\AdwCleaner
2016-02-04 21:49 - 2016-02-04 21:49 - 00000272 _____ C:\WINNT\Tasks\switchShakeIcon.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-20 13:41 - 2008-05-04 15:19 - 00000000 ____D C:\Documents and Settings\Fenix\Local Settings\Temp
2016-02-20 13:25 - 2002-08-10 20:02 - 00000000 ____D C:\WINNT\Temp
2016-02-20 13:07 - 2012-09-02 16:18 - 00000000 ____D C:\Documents and Settings\Fenix\Application Data\Skype
2016-02-20 13:02 - 2010-06-07 16:43 - 00000886 _____ C:\WINNT\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-20 12:51 - 2009-07-13 14:12 - 00000978 _____ C:\WINNT\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-507921405-1343024091-1007UA.job
2016-02-20 12:45 - 2012-04-01 23:54 - 00000826 _____ C:\WINNT\Tasks\Adobe Flash Player Updater.job
2016-02-20 07:06 - 2008-05-02 05:18 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2016-02-20 06:59 - 2013-07-10 06:21 - 00000384 ____H C:\WINNT\Tasks\Microsoft Antimalware Scheduled Scan.job
2016-02-20 05:09 - 2002-08-10 20:02 - 00000000 ____D C:\WINNT\security
2016-02-20 04:51 - 2009-07-13 14:12 - 00000926 _____ C:\WINNT\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-507921405-1343024091-1007Core.job
2016-02-20 04:02 - 2002-10-18 20:29 - 00032538 _____ C:\WINNT\SchedLgU.Txt
2016-02-20 01:02 - 2010-06-07 16:43 - 00000882 _____ C:\WINNT\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-19 17:13 - 2007-01-11 22:37 - 00002311 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
2016-02-19 16:56 - 2015-01-24 18:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2016-02-19 16:56 - 2014-10-16 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2016-02-19 16:56 - 2004-09-04 16:06 - 00000000 ____D C:\Program Files\Java
2016-02-19 16:56 - 2002-08-10 20:01 - 00000000 ____D C:\WINNT\system32
2016-02-19 16:55 - 2015-11-17 17:22 - 00000000 ____D C:\Documents and Settings\Fenix\.oracle_jre_usage
2016-02-19 16:55 - 2015-01-24 18:29 - 00095840 _____ (Oracle Corporation) C:\WINNT\system32\WindowsAccessBridge.dll
2016-02-19 16:55 - 2014-10-16 19:59 - 00146432 _____ (Oracle Corporation) C:\WINNT\system32\javacpl.cpl
2016-02-19 16:47 - 2008-05-24 20:21 - 00279675 _____ C:\logfile
2016-02-19 16:47 - 2002-08-29 06:00 - 00002206 _____ C:\WINNT\system32\wpa.dbl
2016-02-19 16:44 - 2014-03-13 04:42 - 00000218 _____ C:\WINNT\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-02-19 16:44 - 2009-08-26 21:30 - 00000232 _____ C:\WINNT\Tasks\OGALogon.job
2016-02-19 16:43 - 2002-10-18 20:16 - 00000006 ____H C:\WINNT\Tasks\SA.DAT
2016-02-19 16:39 - 2015-02-07 15:04 - 3623071744 _____ C:\WINNT\MEMORY.DMP
2016-02-19 16:39 - 2002-08-10 20:01 - 00000000 ____D C:\WINNT
2016-02-19 15:45 - 2002-10-18 20:14 - 00000000 ____D C:\WINNT\Registration
2016-02-19 12:41 - 2015-12-04 14:13 - 00135760 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avipbb.sys
2016-02-19 12:25 - 2008-05-04 14:53 - 00000278 ___SH C:\Documents and Settings\Fenix\ntuser.ini
2016-02-19 03:24 - 2003-02-06 06:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-02-17 14:20 - 2010-11-21 00:10 - 00001984 _____ C:\WINNT\system32\d3d9caps.dat
2016-02-14 23:59 - 2009-11-18 00:24 - 00000000 ____D C:\Common
2016-02-13 01:13 - 2011-04-14 23:34 - 00000740 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-13 01:13 - 2005-01-02 17:07 - 00000734 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2016-02-12 22:02 - 2006-12-14 07:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-02-12 12:04 - 2012-04-27 12:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-12 10:52 - 2012-01-04 00:39 - 00000284 _____ C:\WINNT\Tasks\AppleSoftwareUpdate.job
2016-02-10 08:45 - 2012-04-01 23:54 - 00796864 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerApp.exe
2016-02-10 08:45 - 2011-05-31 12:13 - 00142528 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerCPLApp.cpl
2016-02-09 23:00 - 2013-07-20 13:37 - 00000000 ____D C:\WINNT\system32\MRT
2016-02-09 22:32 - 2005-08-18 21:00 - 144254680 _____ (Microsoft Corporation) C:\WINNT\system32\MRT.exe
2016-02-08 15:00 - 2014-03-13 04:42 - 00000212 _____ C:\WINNT\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-02-07 22:02 - 2014-05-21 13:56 - 00000000 ____D C:\Program Files\TomTom HOME 2
2016-02-07 22:01 - 2014-05-21 14:00 - 00000000 ____D C:\Documents and Settings\Fenix\Local Settings\Application Data\Downloaded Installations
2016-02-04 22:05 - 2008-05-04 14:53 - 00000000 ____D C:\Documents and Settings\Fenix
2016-02-03 14:07 - 2010-03-09 01:46 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-29 13:27 - 2009-10-06 14:50 - 00000000 ____D C:\Documents and Settings\Fenix\Local Settings\Application Data\CutePDF Writer
2016-01-26 02:53 - 2008-05-04 15:04 - 00000000 ____D C:\Documents and Settings\Fenix\Application Data\uTorrent
2016-01-24 11:42 - 2012-08-26 21:11 - 00000000 __HDC C:\WINNT\$NtUninstallKB2655992$
2016-01-24 03:39 - 2014-07-21 23:08 - 00170200 _____ (Malwarebytes) C:\WINNT\system32\Drivers\MBAMSwissArmy.sys

==================== Files in the root of some directories =======

2002-10-18 20:15 - 2008-05-01 09:42 - 0021952 ____H () C:\Program Files\folder.htt
2011-09-11 01:22 - 2011-09-11 01:22 - 0002528 _____ () C:\Documents and Settings\Fenix\Application Data\$_hpcst$.hpc
2013-09-04 04:58 - 2013-09-05 19:10 - 0000552 _____ () C:\Documents and Settings\Fenix\Application Data\AutoGK.ini
2008-05-04 15:13 - 2009-06-06 00:29 - 0000782 _____ () C:\Documents and Settings\Fenix\Application Data\DVDSubEdit.ini
2008-05-04 15:13 - 2009-06-06 00:29 - 0138188 _____ () C:\Documents and Settings\Fenix\Application Data\DVDSubEditLastFile.txt
2008-05-04 15:13 - 2007-09-14 14:20 - 0087608 _____ () C:\Documents and Settings\Fenix\Application Data\inst.exe
2008-05-04 15:07 - 2007-09-14 14:20 - 0007887 _____ () C:\Documents and Settings\Fenix\Application Data\pcouffin.cat
2008-05-04 15:07 - 2007-09-14 14:20 - 0001144 _____ () C:\Documents and Settings\Fenix\Application Data\pcouffin.inf
2008-05-04 15:07 - 2007-09-14 14:21 - 0000097 _____ () C:\Documents and Settings\Fenix\Application Data\pcouffin.log
2008-05-04 15:07 - 2007-09-14 14:20 - 0047360 _____ (VSO Software) C:\Documents and Settings\Fenix\Application Data\pcouffin.sys
2009-11-22 05:04 - 2009-11-22 05:04 - 0005744 _____ () C:\Documents and Settings\Fenix\Application Data\temp23076.txt
2010-03-09 01:28 - 2010-03-09 01:45 - 0011172 ___SH () C:\Documents and Settings\Fenix\Local Settings\Application Data\2hP38sy7qD86M
2010-03-05 09:18 - 2010-03-05 10:20 - 0009638 ___SH () C:\Documents and Settings\Fenix\Local Settings\Application Data\2Y04MW11w
2011-08-14 14:04 - 2012-12-29 13:53 - 0408917 _____ () C:\Documents and Settings\Fenix\Local Settings\Application Data\ars.cache
2011-08-14 14:07 - 2012-12-29 13:54 - 0937535 _____ () C:\Documents and Settings\Fenix\Local Settings\Application Data\census.cache
2008-05-04 15:33 - 2016-01-20 01:31 - 0177664 _____ () C:\Documents and Settings\Fenix\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-28 02:27 - 2009-11-28 02:27 - 0000036 _____ () C:\Documents and Settings\Fenix\Local Settings\Application Data\housecall.guid.cache
2008-11-15 13:06 - 2009-04-11 19:12 - 0000040 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
2007-01-09 00:46 - 2010-11-05 20:40 - 0001362 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Fenix\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Fenix\Local Settings\Temp\jre-8u73-windows-au.exe
C:\Documents and Settings\Fenix\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Fenix\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Gryphon\Local Settings\Temp\IadHide5.dll
C:\Documents and Settings\Gryphon\Local Settings\Temp\perplex.dll
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-108bd7bc.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-16a65d7b.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-179d6278.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1d771570.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-213453fe.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-506e102f.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-521d10b8.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-529df00.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-52ee4f1b.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-5c4a0a22.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-61d2573f.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-720b224.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-734886e6.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-755c8cad.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-865492c8.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8ea55615.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-9b53e4cb.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-9cc82710.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-9ed94759.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a7050972.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a747cec0.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d009e8b4.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d2284dca.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d56fbcb6.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d8fbd64d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-de8e5438.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-e23b02a5.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f392aeaa.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f78eae68.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINNT\explorer.exe => File is digitally signed
C:\WINNT\system32\winlogon.exe => File is digitally signed
C:\WINNT\system32\svchost.exe => File is digitally signed
C:\WINNT\system32\services.exe => File is digitally signed
C:\WINNT\system32\User32.dll => File is digitally signed
C:\WINNT\system32\userinit.exe => File is digitally signed
C:\WINNT\system32\rpcss.dll => File is digitally signed
C:\WINNT\system32\dnsapi.dll => File is digitally signed
C:\WINNT\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-01-2016
Ran by Fenix (2016-02-04 23:26:35)
Running from C:\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2008-05-02 11:13:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-484763869-507921405-1343024091-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-484763869-507921405-1343024091-1001 - Limited - Enabled)
Fenix (S-1-5-21-484763869-507921405-1343024091-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Fenix
Griffin (S-1-5-21-484763869-507921405-1343024091-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Griffin
Gryphon (S-1-5-21-484763869-507921405-1343024091-1000 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Gryphon
Guest (S-1-5-21-484763869-507921405-1343024091-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-484763869-507921405-1343024091-1002 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-484763869-507921405-1343024091-1004 - Limited - Disabled)
Unicorn (S-1-5-21-484763869-507921405-1343024091-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Unicorn
UpdatusUser (S-1-5-21-484763869-507921405-1343024091-1010 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee VirusScan Enterprise (Disabled - Out of date) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
1Time ver 2.2 (HKLM\...\1Time ver 2.2_is1) (Version: - )
ABBYY FineReader 5.0 Sprint (HKLM\...\{D1696920-9794-4BBC-8A30-7A88763DE5A2}) (Version: 5.0.0.3412 - ABBYY Software House)
AC-3 ACM Codec (HKLM\...\AC3ACM) (Version: - )
Acronis True Image Home (HKLM\...\{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}) (Version: 10.0.4871 - Acronis)
Adobe Acrobat 7.1.1 Professional (HKLM\...\Adobe Acrobat 7.0 Professional - V) (Version: 7.1.1 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Age of Empires III: Complete Collection (HKLM\...\GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}) (Version: 1.0.0000.1 - Microsoft Game Studios)
Age of Empires III: Complete Collection (Version: 1.0.0000.1 - Microsoft Game Studios) Hidden
Amazon Cloud Drive (HKLM\...\{293FE8CE-376E-4F5E-B129-D3A2065F2EA7}) (Version: 0.11.12.0 - Amazon.com)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AONI PC Cam (Vimicro301 Neptune) (HKLM\...\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}) (Version: 1.00.000 - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1022 - )
ATI AVIVO Codecs (HKLM\...\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}) (Version: 9.16.0.30508 - ATI Technologies Inc.)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.512-080703a-066900C-ATI - )
ATI Parental Control & Encoder (Version: 3.0 - ATI Technologies Inc.) Hidden
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.2.0.0 - Auslogics Labs Pty Ltd)
Auto Gordian Knot 2.55 (HKLM\...\AutoGK) (Version: 2.55 - len0x)
AutoHotkey 1.0.47.02 (HKLM\...\AutoHotkey) (Version: 1.0.47.02 - Chris Mallett)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
Belarc Advisor 6.0 (HKLM\...\Belarc Advisor 2.0) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite (HKLM\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.)
BuyPin NFO-Reader (HKLM\...\BuyPin NFO-Reader) (Version: - )
CCE SP Trial Version (HKLM\...\CCE SP Trial Version) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
CCScore (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
CloneCD (HKLM\...\CloneCD) (Version: - )
CloneDVD (HKLM\...\CloneDVD) (Version: - Elaborate Bytes)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: - Elaborate Bytes)
Command & Conquer The First Decade (HKLM\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}) (Version: 1.00.0000 - Electronic Arts)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Compel Adaptec WinASPI (HKLM\...\Compel install Adaptec WinASPI-4.6.0(1021)_is1) (Version: 4.6.0(1021) - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
D2SRoBa 3.60 (HKLM\...\D2SRoBa) (Version: - )
dBpowerAMP Music Converter (HKLM\...\dBpowerAMP Music Converter) (Version: - )
DirectX 8.1 YUV Colour Space Fix (HKLM\...\DX81-YUV-Fix) (Version: - )
DiskCheckup v3.0.1006 (HKLM\...\DiskCheckup_is1) (Version: 3.0.1006 - PassMark Software)
DivX ;-) Audio Compressor 4.02 (HKLM\...\DIVXAudioCompressor4.02) (Version: - )
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
DivX Content Uploader (HKLM\...\{D050D7362D214723AD585B541FFB6C11}) (Version: 1.2.1 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 6.2.1 - DivX, Inc.)
DivX H.264 Decoder Beta 3 (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 8.1.0 - DivX, Inc.)
DivX H.264 Player Plugin (HKLM\...\{DF1C6F727B034910BEC7B16715E08F94}) (Version: - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.4.3 - DivXNetworks, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.3.1 - DivX,Inc.)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version: - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVD2SVCD 1.2.2 Build 3 (HKLM\...\DVD2SVCD Software Bundle_is1) (Version: - DVD2SVCD)
DVDFab 6.2.0.5 (11/11/2009) (HKLM\...\DVDFab 6_is1) (Version: - Fengtao Software Inc.)
DVD-lab PRO 2.5 (HKLM\...\DVD-lab PRO 2.5_is1) (Version: - Mediachance)
DVDPlayer (HKLM\...\{05E6FC80-EA9F-11D3-96AC-0050DA2DBBEC}) (Version: - )
EasyRecovery Professional (HKLM\...\InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}) (Version: 6.10.07 - Ontrack Data Recovery, Inc.)
EasyRecovery Professional (Version: 6.10.07 - Ontrack Data Recovery, Inc.) Hidden
eFax Messenger (HKLM\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.1.528 - j2 Global)
EndItAll 2.0 (HKLM\...\EndItAll_is1) (Version: 2.0 - Ziff Davis Media, Inc.)
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.0.1.0 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - )
ESSBrwr (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (Version: 6.04.0000.0003 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSSONIC (Version: 6.4.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
Exact Audio Copy 0.99pb3 (HKLM\...\Exact Audio Copy) (Version: 0.99pb3 - Andre Wiethoff)
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Filelister 2.11 (HKLM\...\Filelister) (Version: 2.11 - True Human Design)
FLAC 1.2.0a (remove only) (HKLM\...\FLAC) (Version: 1.2.0a - Xiph.org)
Free Desktop Timer 1.2 (HKLM\...\Free Desktop Timer_is1) (Version: - Drive Software Company)
GoldWave v5.04 (HKLM\...\GoldWave v5.04) (Version: - )
Google Chrome (HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
GooReader (HKLM\...\{A6E618C2-1D75-4809-9874-DAA3270E9F17}) (Version: 3 - GooReader)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Huffyuv AVI lossless video codec (Remove Only) (HKLM\...\HUFFYUV) (Version: - )
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6099.6 - IDT)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Indeo® software (HKLM\...\Indeo® software) (Version: - )
InstantCopy (HKLM\...\{9ACEBC7B-4D46-462A-929C-99177EC5BEA6}) (Version: 8.0 - Pinnacle Systems GmbH)
IsoBuster 1.4 (HKLM\...\IsoBuster_is1) (Version: 1.4 - Smart Projects)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
IZArc 3.81 (HKLM\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 3.81 Build 1550 - Ivan Zahariev)
Japanese Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Juno (HKLM\...\{11D696C6-0A0C-499A-B431-6190F9DC1904}) (Version: - Juno Online Services, Inc.)
kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
K-Lite Mega Codec Pack 9.5.5 (HKLM\...\KLiteCodecPack_is1) (Version: 9.5.5 - )
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Live Sound Recorder (HKLM\...\Live Sound Recorder_is1) (Version: - MMusic software, Inc.)
MainConcept MPEG Encoder (HKLM\...\InstallShield_{DB10AF3B-E30E-49F9-84AC-26785D689E13}) (Version: 1.4.2.0 - MainConcept AG)
MainConcept MPEG Encoder (Version: 1.4.2.0 - MainConcept AG) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Matrox DVD Player (HKLM\...\{9E4B3200-11E8-11D4-A3E9-0050DA2DBBEC}) (Version: - )
McAfee VirusScan Enterprise (HKLM\...\{35C03C04-3F1F-42C2-A989-A757EE691F65}) (Version: 8.6.0 - McAfee, Inc.)
MemoriesOnTV 2.0.3 (HKLM\...\MemoriesOnTV_is1) (Version: 2.0.3 - PictureToTV.com)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ActiveSync (HKLM\...\{99052DB7-9592-4522-A558-5417BBAD48EE}) (Version: 4.5.5096.0 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Combat Flight Simulator (HKLM\...\Combat Flight Simulator 1.00) (Version: - )
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Global IME for Chinese (Simplified) (HKLM\...\SCAIME) (Version: - )
Microsoft Money 2003 (HKLM\...\{01F9D88C-3C86-4E82-840A-101A3221F67A}) (Version: 11.0.50 - Microsoft)
Microsoft Money 2003 System Pack (HKLM\...\{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}) (Version: 11.0.80 - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Reader (HKLM\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - )
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Journal Viewer (HKLM\...\{43DCF766-6838-4F9A-8C91-D92DA586DFA7}) (Version: 1.5.2316.3 - Microsoft)
Microsoft XML Parser and SDK (HKLM\...\{3E908702-AF35-4611-9518-955DA24B7E07}) (Version: 4.10.9406.0 - Microsoft Corporation)
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.0 - DivX, Inc.)
MKVtoolnix 2.9.7 (HKLM\...\MKVtoolnix) (Version: 2.9.7 - Moritz Bunkus)
Monkey's Audio (HKLM\...\Monkey's Audio_is1) (Version: - )
Mozilla Firefox 44.0 (x86 en-US) (HKLM\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
MPEG-VCR (HKLM\...\MPEG-VCR) (Version: MPEG-2 Version 3.14 (06/2004) - Womble Multimedia, Inc.)
MSN (HKLM\...\MSNINST) (Version: - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
MTP Porting Kit (HKLM\...\{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp)
Nero 7 Ultra Edition (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
Nero PhotoShow Express (HKLM\...\Nero PhotoShow Express) (Version: 3.0 - Simple Star, Inc.)
netbrdg (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
NewsLeecher v4.0 Final (HKLM\...\NewsLeecher_is1) (Version: - )
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
OfotoXMI (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Palm Desktop (HKLM\...\{E89D78B8-28F7-412F-8B26-C684739CBBDC}) (Version: 4.1.0410 - Palm, Inc.)
Par-N-Rar 1.3 (HKLM\...\Par-N-Rar) (Version: 1.3 - MilowSoft)
PictureToTV 1.4.5 (HKLM\...\PictureToTV_is1) (Version: 1.4.5 - PictureToTV.com)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
PowerISO (HKLM\...\PowerISO) (Version: - )
QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTime Alternative 1.69 (HKLM\...\QuicktimeAlt_is1) (Version: 1.69 - )
rarslave 0.1.9 build 11 BETA (HKLM\...\rarslave_is1) (Version: - filesplit.org)
Read in Microsoft Reader Add-in for Microsoft Word (HKLM\...\{84F1DAC1-E1BF-4A21-9D2B-DD3E12686A2C}) (Version: 1.1.3.1206 - Microsoft Corporation)
Real Alternative 2.0.2 (HKLM\...\RealAlt_is1) (Version: 2.0.2 - )
Roxio Backup MyPC Deluxe (HKLM\...\{637099FB-45FD-4BC7-9651-6FB540DBB749}) (Version: 6.0.0 - Roxio)
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.97 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.0.0 - Roxio)
Roxio MyDVD (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Roxio)
Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.1 - Roxio)
Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.1 - Roxio)
Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.1 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Roxio VideoPack 5.1 FixPack 1 (HKLM\...\{E6FFA046-46CF-4150-956A-30E6ED9BDA23}) (Version: 1.00 - ROXIO)
Sandboxie 3.48 (HKLM\...\Sandboxie) (Version: - )
ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
SDFormatter (HKLM\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Seagate DiscWizard (HKLM\...\{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}) (Version: 11.0.8326 - Seagate)
SetFileDate 2.0 (HKLM\...\SetFileDate_is1) (Version: - No Nonsense Software)
SFR (Version: 6.04.0000.0001 - Eastman Kodak Company) Hidden
SFR2 (Version: 3.03.0000.0002 - EASTMAN KODAK Company) Hidden
SHASTA (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (Version: 6.04.0000.0004 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Skype Call Recorder (HKLM\...\{31FDDB24-D8FE-456A-8479-5E0526D5EAAF}) (Version: 0.7.2 - Alexander Nikiforov)
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
staticcr (Version: 6.04.0000.0005 - EASTMAN KODAK Company) Hidden
Subtitle Workshop 2.51 (HKLM\...\SubtitleWorkshop) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1146 - SUPERAntiSpyware.com)
Switch Sound File Converter (HKLM\...\Switch) (Version: - NCH Software)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TMPGEnc 3.0 XPress (HKLM\...\{D48EAA77-E526-41EB-894C-BD6A17EABD95}) (Version: 3.0.4.24 - Pegasys, Inc.)
TMPGEnc MPEG Editor (HKLM\...\{5C9440EC-5BAD-435F-8DE4-2B7A11C7B43E}) (Version: 1.0.1.59 - Pegasys, Inc.)
TMPGEnc Plus 2.5 (HKLM\...\InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}) (Version: 2.524.63.181 - Pegasys Inc.)
TMPGEnc Plus 2.5 (Version: 2.524.63.181 - Pegasys Inc.) Hidden
TMPGEnc Sound Player (HKLM\...\{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}) (Version: 1.0.2.9 - Pegasys Inc.)
TomTom HOME (HKLM\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
tooltips (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
TreeSize Free V2.4 (HKLM\...\TreeSize Free_is1) (Version: 2.4 - JAM Software)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version: - Intuit, Inc)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
Ulead CD & DVD PictureShow 4 Trial (HKLM\...\{1F6199F9-9BED-4B43-9E5C-8495086EE714}) (Version: 4.0 - Ulead Systems)
Ulead DVD MovieFactory (HKLM\...\{85F49DC5-81F1-11D5-B626-0010B5557563}) (Version: - )
Ulead DVD PictureShow (HKLM\...\{F4CC121F-9F45-47E8-A6CF-AF445372FE4A}) (Version: - Ulead System)
Ulead DVD PictureShow 2 Trial (HKLM\...\{A9212616-FCA2-4173-BD99-5C741EB3A068}) (Version: 2.00.1300 - Ulead Systems, Inc.)
Ulead DVD Plug-in (HKLM\...\{14ED5180-00DC-11D5-A44A-0000E86D2305}) (Version: - )
Ulead DVD Workshop (HKLM\...\{A04BF5DC-6DD3-4B6D-BABD-B1BC5DB23CB0}) (Version: - )
Ulead MediaStudio Pro 6.5 Trial (remove only) (HKLM\...\{99BF44DF-1181-11D5-B627-0010B5557563}) (Version: - )
Uninstall MPEG2 Plugin (HKLM\...\MemoriesOnTV Mpeg2 Plugin_is1) (Version: 2.00 - PictureToTV.com)
Uninstall SVCD Plugin (HKLM\...\PictureToTV SVCD Plugin_is1) (Version: 1.00 - PictureToTV.com)
Universal Extractor 1.6.1 (HKLM\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
UnlockMe (HKLM\...\{AB697312-5590-4543-A045-286F8C5004F1}) (Version: 1.0.0 - Camtech)
Update Rollup 1 for Windows 2000 SP4 (HKLM\...\Update Rollup 1) (Version: 20050602.215753 - Microsoft Corporation)
USB-IrDA Adapter (HKLM\...\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}) (Version: - )
User Profile Hive Cleanup Service (HKLM\...\{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}) (Version: 1.6.30 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
Virtual VCR (HKLM\...\{14F06853-8A15-4731-BBDC-C9B40A866A63}) (Version: - www.digtv.ws)
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version: - )
VPRINTOL (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.581 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows PowerShell™ 1.0 MUI pack (HKLM\...\KB926141) (Version: 2 - Microsoft Corporation)
Windows Rights Management Client Backwards Compatibility SP2 (HKLM\...\{EC905264-BCFE-423B-9C42-C3A106266790}) (Version: 5.2.95 - Microsoft)
Windows Rights Management Client with Service Pack 2 (HKLM\...\{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}) (Version: 5.2.95 - Microsoft)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinISO 5.3 (HKLM\...\WinISO_is1) (Version: - WinISO Computing Inc.)
WinMerge 2.12.4 (HKLM\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip (HKLM\...\WinZip) (Version: - )
WIRELESS (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
XPS Essentials Pack (HKLM\...\{6A69D94E-C569-4154-9643-72E94D1DDFDA}) (Version: 1.0.6000 - Microsoft Corporation)
XPS Essentials Pack 1.0 (Version: - Microsoft Corporation) Hidden
XviD MPEG4 Video Codec (remove only) (HKLM\...\XviD MPEG4 Video Codec) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{164A4365-064D-494D-92C8-9303A5080157}\InprocServer32 -> C:\Program Files\palmOne\SgCalendar.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{188047CE-0F0A-11D7-8331-00C04FA03755}\localserver32 -> C:\Program Files\PalmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{1D67C047-F016-11D6-831E-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PictPreview.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{1FFD7892-06E4-4A0A-941E-BC966900C883}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\Photos.ocx (Palm, Inc. developed by ArcSoft, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{209DAEB8-0F02-11D7-8331-00C04FA03755}\localserver32 -> C:\Program Files\PalmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\GoogleUpdat (the data entry has 25 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{2E0C66AC-5A87-4AFF-AC9F-93B33D43E4ED}\InprocServer32 -> C:\Program Files\palmOne\SgDateAlarm.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\GoogleUpdat (the data entry has 25 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{3193996D-1AC8-11D4-80CC-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\AlarmSvr.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{3597288E-FF31-49C2-A58A-EA88F3CEDD42}\InprocServer32 -> C:\Program Files\palmOne\SgCalendar.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{3B52D512-935F-11D6-82D4-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{3CF39B9A-0CF8-4792-A918-67573260BDBE}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\Photos.ocx (Palm, Inc. developed by ArcSoft, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{43F73EA1-92AE-11D6-82D3-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{44D93876-1803-5C3B-C316-2F113CBFDA84}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{496038FA-3891-4827-AFCD-A7B13B9FF75A}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\PhotosPlugIn.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\GoogleUpdat (the data entry has 25 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\DefaultPlugin.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{6357BCB6-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{6357BCB9-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{6357BCBC-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{6357BCBE-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{6600B26A-CCCE-4EF9-870E-DAB97E489CDF}\InprocServer32 -> C:\Program Files\palmOne\SgDateAlarm.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{72440244-25C1-11D4-80D7-00C04FA03755}\localserver32 -> C:\Program Files\PalmOne\AlarmApp.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{7433EB64-25C1-11D4-80D7-00C04FA03755}\localserver32 -> C:\Program Files\PalmOne\AlarmApp.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{74531205-74DC-48FF-953B-3B6DC988424F}\InprocServer32 -> C:\Program Files\palmOne\VoiceMemoExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{74A3F9EA-25C1-11D4-80D7-00C04FA03755}\localserver32 -> C:\Program Files\PalmOne\AlarmApp.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{763F9014-A89C-11D6-82E7-00C04FA03755}\localserver32 -> C:\Program Files\PalmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{7686FC59-EA6F-11D5-823E-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\InstServ.dll (Palm, Inc)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{78547CB6-2D08-47F4-A1EB-AF576A33E433}\InprocServer32 -> C:\Program Files\palmOne\SgContacts.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{831B49E8-91A6-11D5-820F-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\ExpenseExt.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{831B49E9-91A6-11D5-820F-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\ExpenseExt.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{868C6D64-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\NotePadExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{868C6D65-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\NotePadExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{87001487-8B8A-4C40-BFEF-036F5BD5BAA3}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\PhotosPlugIn.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{8DEBF92B-1EC4-11D4-80D0-00C04FA03755}\localserver32 -> C:\Program Files\PalmOne\AlarmApp.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{92DA540D-FCC0-442C-8F82-7F6C1DBD66C8}\InprocServer32 -> C:\Program Files\palmOne\SgMemos.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{9D3B3E2B-1789-4A83-8050-5ED8307B02E5}\InprocServer32 -> C:\Program Files\palmOne\VoiceMemoExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{AB40E4E0-0F0C-11D7-8331-00C04FA03755}\localserver32 -> C:\Program Files\PalmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{AF478991-F6B0-40E8-856B-E80BE0677AFC}\InprocServer32 -> C:\Program Files\palmOne\SgTasks.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{B2565128-0F22-11D7-8331-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{B2F7AF3C-0CA7-4EAE-BBBF-A748FBC500DD}\InprocServer32 -> C:\Program Files\palmOne\SgMemos.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{BE1B5231-A3E2-11D6-82E3-00C04FA03755}\localserver32 -> C:\Program Files\PalmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{BE1B5233-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{BE1B5235-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{BE44897A-EB38-11D5-823F-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\RegServ.dll ()
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{C0010C26-F44B-4BE2-9D65-04D3934C5E46}\InprocServer32 -> C:\Program Files\palmOne\SgTasks.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{C11BCF07-4F91-4748-956E-2B4FFC9401C5}\InprocServer32 -> C:\Program Files\palmOne\SgContacts.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\npGoogleUpda (the data entry has 18 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\npGoogleUpda (the data entry has 18 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{DFD4C164-AE18-11D6-82EC-00C04FA03755}\localserver32 -> C:\Program Files\PalmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\GoogleUpdat (the data entry has 25 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{EACEB807-2AB5-11D4-88DE-00C0F05ABB4B}\localserver32 -> C:\Program Files\PalmOne\AlarmApp.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{EE469827-4ED9-443B-9FB0-EFA81FEA6646}\InprocServer32 -> C:\Program Files\palmOne\Components\DelDups.dll ( palmOne, Inc)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{F21AC7C7-D6F5-11D6-8306-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll => (the data entry has 8 more characters).

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINNT\Tasks\Adobe Flash Player Updater.job => C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINNT\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINNT\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINNT\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINNT\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-507921405-1343024091-1007Core.job => C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINNT\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-507921405-1343024091-1007UA.job => C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINNT\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINNT\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINNT\system32\xp_eos.exe
Task: C:\WINNT\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINNT\system32\xp_eos.exe
Task: C:\WINNT\Tasks\OGALogon.job => C:\WINNT\system32\OGAEXEC.exe
Task: C:\WINNT\Tasks\switchShakeIcon.job => C:\Program Files\NCH Software\Switch\switch.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\DVD2SVCD Software bundle\Run DVD2SVCD Batch File.lnk -> C:\Program Files\DVD2SVCD\dvd2svcd batch.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-11-20 15:33 - 2013-10-23 15:23 - 00089136 _____ () C:\WINNT\system32\cpwmon2k.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-30 06:37 - 2014-04-30 06:37 - 00854016 _____ () C:\WINNT\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-04-30 06:37 - 2014-04-30 06:37 - 00476520 _____ () C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2007-12-19 10:28 - 2006-11-17 12:41 - 00120384 _____ () C:\Program Files\McAfee\Common Framework\naXML71.dll
2007-12-19 10:28 - 2006-11-17 12:39 - 00071232 _____ () C:\Program Files\McAfee\Common Framework\NaiSign.DLL
2006-11-30 07:50 - 2006-11-30 07:50 - 00149080 _____ () C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll
2014-09-29 02:37 - 2002-11-26 12:43 - 00106496 ____N () C:\WINNT\system32\BrMuSNMP.dll
2004-08-03 16:56 - 2008-04-13 18:11 - 00014336 _____ () C:\WINNT\system32\msdmo.dll
2004-08-03 16:56 - 2008-04-13 18:11 - 00059904 _____ () C:\WINNT\System32\devenum.dll
2006-10-16 19:49 - 2006-10-16 19:49 - 00050720 _____ () C:\Program Files\Common Files\Acronis\Common\gc.dll
2008-06-27 15:13 - 2008-06-27 15:13 - 01328408 _____ () C:\Program Files\Maxtor\MaxBlast\fox.dll
2015-12-03 22:43 - 2015-04-08 18:35 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2007-09-19 02:43 - 2008-05-24 20:15 - 00338944 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Kfx.dll
2007-09-19 02:41 - 2008-05-24 20:15 - 00257536 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
2007-09-19 02:39 - 2008-05-24 20:15 - 00343552 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
2006-12-06 20:19 - 2008-05-24 20:15 - 00013824 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\MEshim.dll
2007-09-19 02:39 - 2008-05-24 20:15 - 00233472 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
2007-09-19 02:56 - 2008-05-24 20:15 - 00231424 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
2007-09-19 02:36 - 2008-05-24 20:15 - 00086016 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
2007-09-19 02:56 - 2008-05-24 20:15 - 00077312 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
2007-09-19 02:33 - 2008-05-24 20:15 - 00062464 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
2006-03-07 08:05 - 2008-05-24 20:15 - 01564672 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
2007-09-19 03:06 - 2008-05-24 20:15 - 00675840 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
2007-09-19 02:43 - 2008-05-24 20:15 - 00084480 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
2007-09-19 02:36 - 2008-05-24 20:15 - 00114176 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
2007-09-19 03:00 - 2008-05-24 20:15 - 01064448 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
2006-12-20 13:32 - 2008-05-24 20:15 - 00770048 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxIm.dll
2006-12-20 13:32 - 2008-05-24 20:15 - 00835584 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBase.dll
2006-12-21 09:47 - 2008-05-24 20:15 - 00430080 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFF.dll
2006-12-21 09:48 - 2008-05-24 20:15 - 00495616 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProc.dll
2006-12-21 09:48 - 2008-05-24 20:15 - 00786432 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2.dll
2006-12-21 09:47 - 2008-05-24 20:15 - 02052096 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmp.dll
2007-02-12 07:54 - 2008-05-24 20:15 - 01339392 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommon.dll
2007-09-19 02:38 - 2008-05-24 20:15 - 00117760 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
2007-09-19 02:56 - 2008-05-24 20:15 - 00172032 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
2007-09-19 02:53 - 2008-05-24 20:15 - 00052224 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
2007-09-19 02:53 - 2008-05-24 20:15 - 00143360 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
2007-09-19 02:36 - 2008-05-24 20:15 - 00082432 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
2007-09-19 00:59 - 2008-05-24 20:15 - 00010240 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
2007-09-19 03:16 - 2008-05-24 20:15 - 00339968 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
2007-09-19 03:04 - 2008-05-24 20:15 - 00096256 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
2007-09-19 03:06 - 2008-05-24 20:15 - 00307200 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
2007-09-19 02:55 - 2008-05-24 20:15 - 00688128 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
2007-09-19 03:15 - 2008-05-24 20:15 - 00466944 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Escom.dll
2007-09-19 02:37 - 2008-05-24 20:15 - 00044544 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
2004-08-03 16:56 - 2013-01-02 00:49 - 01292288 _____ () C:\WINNT\system32\quartz.dll
2013-03-27 23:11 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2013-03-27 23:11 - 2012-05-25 03:25 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll
2010-11-05 08:38 - 2006-05-16 20:33 - 02002944 _____ () C:\Program Files\Adobe\Acrobat 7.0\PDFMaker\Common\AdobePDFMakerX.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINNT:A26B22EFAAE52D4E

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7753 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com

There are 4097 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com

There are 4097 more sites.

IE trusted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\intuit.com -> hxxps://ttlc.intuit.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.00hq.com -> .00hq.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.75tz.com -> .75tz.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.aavc.com -> .aavc.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.acjp.com -> .acjp.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.count.cc -> .count.cc
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.ebav.com -> .ebav.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.ebaw.com -> .ebaw.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.ebch.com -> .ebch.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.ebdv.com -> .ebdv.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.ebdw.com -> .ebdw.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.ebgo.com -> .ebgo.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.ebjp.com -> .ebjp.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.ebkb.com -> .ebkb.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.ebkn.com -> .ebkn.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.ebky.com -> .ebky.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.eblv.com -> .eblv.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.ebmu.com -> .ebmu.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.ebvr.com -> .ebvr.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.ecmh.com -> .ecmh.com
IE restricted site: HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\.ecmp.com -> .ecmp.com

There are 7941 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

1999-12-07 11:00 - 2012-02-09 00:05 - 00441322 ____R C:\WINNT\system32\Drivers\etc\hosts

127.0.0.1 localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123simsen.com
127.0.0.1 www.123simsen.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 125sms.co.uk
127.0.0.1 www.125sms.co.uk

There are 15160 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-484763869-507921405-1343024091-1007\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.2.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\rapimgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\wcescomm.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
StandardProfile\AuthorizedApplications: [C:\Program Files\BitTorrent\bittorrent.exe] => Enabled:BitTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe] => Enabled:EasyShare
StandardProfile\AuthorizedApplications: [C:\Program Files\Juno\bin\juno.exe] => Enabled:Juno
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\Download\Utilities\BitTorrent Clients\uTorrent\utorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe] => Enabled:Veoh Web Player
StandardProfile\AuthorizedApplications: [C:\WINNT\Network Diagnostic\xpnetdiag.exe] => Disabled:@xpsp3res.dll,-20000
StandardProfile\AuthorizedApplications: [C:\WINNT\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Games\Age of Empires III\age3.exe] => Enabled:Age of Empires III: Complete Collection
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe] => Enabled:Age of Empires III: Complete Collection
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe] => Enabled:Age of Empires III: Complete Collection
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Games\Age of Empires III\autopatcher.exe] => Enabled:Age of Empires III: Complete Collection
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Games\Age of Empires III\autopatcher2.exe] => Enabled:Age of Empires III: Complete Collection
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Games\Age of Empires III\autopatcherx.exe] => Enabled:Age of Empires III: Complete Collection
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Games\Age of Empires III\autopatchery.exe] => Enabled:Age of Empires III: Complete Collection
StandardProfile\AuthorizedApplications: [C:\Program Files\McAfee\Common Framework\FrameworkService.exe] => Enabled:Framework Service
StandardProfile\AuthorizedApplications: [C:\Program Files\InterVideo\WinDVD4PR\WinDVD.exe] => Enabled:WinDVD
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\rapimgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\wcescomm.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\SkypeCallRecorder\SkypeCallRecorder.exe] => Enabled:SkypeCallRecorder
StandardProfile\AuthorizedApplications: [C:\dell\drivers\R96135\Upgrade.exe] => Enabled:Upgrade
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Fenix\Application Data\uTorrent\uTorrent.exe] => Enabled:μTorrent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Brother\Brmfl07b\FAXRX.exe] => Enabled:FAXRX.EXE
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe] => Enabled:NVIDIA Network Service TCP Exception (HTTPS)
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [26675:TCP] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [26675:TCP] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
StandardProfile\GloballyOpenPorts: [54925:UDP] => Enabled:Brother Network Scanner

==================== Restore Points =========================

08-01-2016 14:33:39 System Checkpoint
09-01-2016 12:56:50 System Checkpoint
10-01-2016 13:32:05 System Checkpoint
11-01-2016 15:29:11 System Checkpoint
12-01-2016 23:31:28 Software Distribution Service 3.0
14-01-2016 01:56:35 System Checkpoint
15-01-2016 02:03:05 System Checkpoint
16-01-2016 13:58:30 System Checkpoint
18-01-2016 01:45:52 System Checkpoint
19-01-2016 19:21:38 System Checkpoint
21-01-2016 01:46:18 System Checkpoint
22-01-2016 01:53:20 System Checkpoint
23-01-2016 04:18:05 System Checkpoint
24-01-2016 07:43:34 System Checkpoint
25-01-2016 07:47:08 System Checkpoint
26-01-2016 13:39:51 System Checkpoint
28-01-2016 02:12:04 System Checkpoint
29-01-2016 03:06:32 System Checkpoint
30-01-2016 09:02:21 System Checkpoint
31-01-2016 14:55:29 System Checkpoint
02-02-2016 00:57:59 System Checkpoint
03-02-2016 01:49:36 System Checkpoint
04-02-2016 04:58:02 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2016 12:24:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avscan.exe, version 15.0.15.122, faulting module , version 15.0.15.122, fault address 0x0006e8a0.
Processing media-specific event for [avscan.exe!ws!]

Error: (02/01/2016 12:23:50 AM) (Source: VSS) (EventID: 5013) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80080005 (converted to 0x800423f4).

Error: (02/01/2016 12:13:29 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{e99bd7d3-0dd7-11e1-a40c-001e90858ca1},0xc0000000,0x00000003,...). hr = 0x80070005.

Error: (02/01/2016 12:13:29 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{f51ed3d6-a3da-11e4-9cf8-806d6172696f},0xc0000000,0x00000003,...). hr = 0x80070005.

Error: (02/01/2016 12:13:24 AM) (Source: MSDTC) (EventID: 4112) (User: )
Description: Could not start the MS DTC Transaction Manager.

Error: (02/01/2016 12:13:24 AM) (Source: MSDTC) (EventID: 4185) (User: )
Description: MS DTC Transaction Manager start failed. LogInit returned error 0x5.

Error: (02/01/2016 12:13:24 AM) (Source: MSDTC) (EventID: 4163) (User: )
Description: MS DTC log file not found. After ensuring that all Resource Managers coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog to create the log file.

Error: (01/30/2016 07:05:57 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe, P4 11.1.5276.0, P5 mpsigstub.exe, P6 4.5.216.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/29/2016 05:01:10 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 409773071.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (01/29/2016 05:00:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avscan.exe, version 15.0.15.122, faulting module avscan.exe, version 15.0.15.122, fault address 0x0006e8a0.
Processing media-specific event for [avscan.exe!ws!]


System errors:
=============
Error: (02/04/2016 10:11:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mfetdik

Error: (02/04/2016 10:11:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The IPv6 Helper Service service hung on starting.

Error: (02/04/2016 10:09:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Seagate Scheduler2 Service service terminated with the following error:
%%1740

Error: (02/04/2016 10:09:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Pinnacle WDM PCTV Video Capture service failed to start due to the following error:
%%1058

Error: (02/04/2016 10:09:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Pinnacle WDM PCTV Audio Capture service failed to start due to the following error:
%%1058

Error: (02/04/2016 10:09:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hardlock service failed to start due to the following error:
%%1117

Error: (02/04/2016 10:09:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/04/2016 10:09:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (02/04/2016 10:09:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Conexant's BtPCI WDM Video Capture service failed to start due to the following error:
%%1058

Error: (02/04/2016 10:08:33 PM) (Source: 0) (EventID: 10270) (User: )
Description:


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5200+
Percentage of memory in use: 48%
Total physical RAM: 3455.23 MB
Available physical RAM: 1785.2 MB
Total Virtual: 6746.07 MB
Available Virtual: 4935.02 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:298.09 GB) (Free:30.18 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:114.49 GB) (Free:5.89 GB) NTFS
Drive l: (2GB_BLK_DRV) (Removable) (Total:1.97 GB) (Free:1.1 GB) FAT
Drive m: (1GB_PNY) (Removable) (Total:0.93 GB) (Free:0.05 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: CAABCAAB)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 114.5 GB) (Disk ID: 00143B91)
Partition 1: (Active) - (Size=114.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.

========================================================
Disk: 4 (Size: 953.5 MB) (Disk ID: 37423741)
Partition 1: (Active) - (Size=953 MB) - (Type=0E)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 20 February 2016 - 11:59 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 AM

Posted 21 February 2016 - 12:24 AM

Greetings Zhang Fei and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
ShortcutTarget: Registration-InstantCopy.lnk -> C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe (No File)
ShortcutTarget: Registration-InstantCopy.lnk -> C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe (No File)
ShortcutTarget: Registration-InstantCopy.lnk -> C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe (No File)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-484763869-507921405-1343024091-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> No File
Toolbar: HKU\S-1-5-21-484763869-507921405-1343024091-1007 -> No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-484763869-507921405-1343024091-1007: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-484763869-507921405-1343024091-1007: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Firefox\Extensions: [{86D92CB0-3EB2-4979-AD43-DF0341807D7F}] - C:\Program Files\Copernic Desktop Search 2\FirefoxToolbar => not found
CHR Plugin: (Native Client) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINNT\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll => No File
CHR Plugin: (Shockwave for Director) - C:\WINNT\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll => No File
S2 Avira.ServiceHost; "C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe" [X]
S4 aic116x; no ImagePath
S4 ami0nt; no ImagePath
S4 BusLogic; no ImagePath
S0 c2scsi; System32\DRIVERS\c2scsi.sys [X]
U4 Cdr4vsd; no ImagePath
S3 cmuda; system32\drivers\cmuda.sys [X]
S4 cpqarry2; no ImagePath
S4 cpqfcalm; no ImagePath
S4 cpqfws2e; no ImagePath
S4 deckzpsx; no ImagePath
S4 EFS; no ImagePath
S4 Fd16_700; no ImagePath
S4 fireport; no ImagePath
S4 flashpnt; no ImagePath
S4 IntelIde; no ImagePath
S4 ipsraidn; no ImagePath
S4 lp6nds35; no ImagePath
S3 MEMSWEEP2; \??\C:\WINNT\system32\151.tmp [X]
S3 MTK; System32\Drivers\fide.sys [X]
S4 Nbf; System32\DRIVERS\nbf.sys [X]
S4 Ncrc710; no ImagePath
S3 ossrv; system32\drivers\ctoss2k.sys [X]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
S4 Parallel; System32\DRIVERS\parallel.sys [X]
S4 ql2100; no ImagePath
S3 rtl8139; System32\DRIVERS\RTL8139.SYS [X]
U2 SchedulingAgent; no ImagePath
S3 SISNIC; system32\DRIVERS\sisnic.sys [X]
S3 smc8000n; system32\DRIVERS\smc8000n.sys [X]
S3 TESTCAP; System32\DRIVERS\PCTVAud.sys [X]
S1 tga; no ImagePath
S3 UCORESYS; \??\C:\Downloads\A74M0315\UCORESYS.SYS [X]
S4 ultra66; no ImagePath
S3 vvftav303; system32\drivers\vvftav303.sys [X]
2010-03-09 01:28 - 2010-03-09 01:45 - 0011172 ___SH () C:\Documents and Settings\Fenix\Local Settings\Application Data\2hP38sy7qD86M
2010-03-05 09:18 - 2010-03-05 10:20 - 0009638 ___SH () C:\Documents and Settings\Fenix\Local Settings\Application Data\2Y04MW11w
C:\Documents and Settings\Administrator\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Fenix\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Fenix\Local Settings\Temp\jre-8u73-windows-au.exe
C:\Documents and Settings\Fenix\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Fenix\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Gryphon\Local Settings\Temp\IadHide5.dll
C:\Documents and Settings\Gryphon\Local Settings\Temp\perplex.dll
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-108bd7bc.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-16a65d7b.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-179d6278.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1d771570.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-213453fe.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-506e102f.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-521d10b8.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-529df00.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-52ee4f1b.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-5c4a0a22.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-61d2573f.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-720b224.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-734886e6.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-755c8cad.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-865492c8.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8ea55615.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-9b53e4cb.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-9cc82710.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-9ed94759.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a7050972.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a747cec0.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d009e8b4.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d2284dca.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d56fbcb6.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d8fbd64d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-de8e5438.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-e23b02a5.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f392aeaa.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f78eae68.exe
.CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{44D93876-1803-5C3B-C316-2F113CBFDA84}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> no filepath
AlternateDataStreams: C:\WINNT:A26B22EFAAE52D4E
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Zoek by Smeenk - Running Commands and Performing a Scan

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected
  • Click More Options and place a check mark in the following boxes:

Do a Deep Scan
Auto Clean

  • Click Run Script and wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Combofix log
  • Zoek log
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Zhang Fei

Zhang Fei
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 22 February 2016 - 11:52 PM

Two hours ago, I created the fixlist.txt file on my Desktop with the recommended text, ran FRST and clicked on "fix". The dark blue status indicator consisting of 5 consecutive horizontal blocks is progressing from left to right, having completed at least one trip from left to right. My computer is frozen, apart from FRST's "fix" command. How long should FRST be taking to do this?
 
Update: After just less than 4 hours, FRST completed the fix. I have attached the fixlog.txt file. FYI, the computer froze up completely after the fix. I needed to force a power down using the power switch in order to shut down.
 
Combofix created log.txt, which I've attached.
 
Thanks for your kind assistance.

Fix result of Farbar Recovery Scan Tool (x86) Version:20-02-2016
Ran by Fenix (2016-02-22 20:32:33) Run:1
Running from C:\Documents and Settings\Fenix\Desktop
Loaded Profiles: Griffin & Fenix & Unicorn & Administrator & (Available Profiles: Gryphon & Griffin & Fenix & Unicorn & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ShortcutTarget: Registration-InstantCopy.lnk -> C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe (No File)
ShortcutTarget: Registration-InstantCopy.lnk -> C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe (No File)
ShortcutTarget: Registration-InstantCopy.lnk -> C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe (No File)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-484763869-507921405-1343024091-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> No File
Toolbar: HKU\S-1-5-21-484763869-507921405-1343024091-1007 -> No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-484763869-507921405-1343024091-1007: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-484763869-507921405-1343024091-1007: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF HKU\S-1-5-21-484763869-507921405-1343024091-1007\...\Firefox\Extensions: [{86D92CB0-3EB2-4979-AD43-DF0341807D7F}] - C:\Program Files\Copernic Desktop Search 2\FirefoxToolbar => not found
CHR Plugin: (Native Client) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINNT\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll => No File
CHR Plugin: (Shockwave for Director) - C:\WINNT\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll => No File
S2 Avira.ServiceHost; "C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe" [X]
S4 aic116x; no ImagePath
S4 ami0nt; no ImagePath
S4 BusLogic; no ImagePath
S0 c2scsi; System32\DRIVERS\c2scsi.sys [X]
U4 Cdr4vsd; no ImagePath
S3 cmuda; system32\drivers\cmuda.sys [X]
S4 cpqarry2; no ImagePath
S4 cpqfcalm; no ImagePath
S4 cpqfws2e; no ImagePath
S4 deckzpsx; no ImagePath
S4 EFS; no ImagePath
S4 Fd16_700; no ImagePath
S4 fireport; no ImagePath
S4 flashpnt; no ImagePath
S4 IntelIde; no ImagePath
S4 ipsraidn; no ImagePath
S4 lp6nds35; no ImagePath
S3 MEMSWEEP2; \??\C:\WINNT\system32\151.tmp [X]
S3 MTK; System32\Drivers\fide.sys [X]
S4 Nbf; System32\DRIVERS\nbf.sys [X]
S4 Ncrc710; no ImagePath
S3 ossrv; system32\drivers\ctoss2k.sys [X]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
S4 Parallel; System32\DRIVERS\parallel.sys [X]
S4 ql2100; no ImagePath
S3 rtl8139; System32\DRIVERS\RTL8139.SYS [X]
U2 SchedulingAgent; no ImagePath
S3 SISNIC; system32\DRIVERS\sisnic.sys [X]
S3 smc8000n; system32\DRIVERS\smc8000n.sys [X]
S3 TESTCAP; System32\DRIVERS\PCTVAud.sys [X]
S1 tga; no ImagePath
S3 UCORESYS; \??\C:\Downloads\A74M0315\UCORESYS.SYS [X]
S4 ultra66; no ImagePath
S3 vvftav303; system32\drivers\vvftav303.sys [X]
2010-03-09 01:28 - 2010-03-09 01:45 - 0011172 ___SH () C:\Documents and Settings\Fenix\Local Settings\Application Data\2hP38sy7qD86M
2010-03-05 09:18 - 2010-03-05 10:20 - 0009638 ___SH () C:\Documents and Settings\Fenix\Local Settings\Application Data\2Y04MW11w
C:\Documents and Settings\Administrator\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Fenix\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Fenix\Local Settings\Temp\jre-8u73-windows-au.exe
C:\Documents and Settings\Fenix\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Fenix\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Gryphon\Local Settings\Temp\IadHide5.dll
C:\Documents and Settings\Gryphon\Local Settings\Temp\perplex.dll
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-108bd7bc.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-16a65d7b.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-179d6278.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1d771570.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-213453fe.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-506e102f.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-521d10b8.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-529df00.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-52ee4f1b.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-5c4a0a22.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-61d2573f.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-720b224.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-734886e6.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-755c8cad.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-865492c8.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8ea55615.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-9b53e4cb.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-9cc82710.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-9ed94759.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a7050972.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a747cec0.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d009e8b4.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d2284dca.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d56fbcb6.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d8fbd64d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-de8e5438.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-e23b02a5.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f392aeaa.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f78eae68.exe
.CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{44D93876-1803-5C3B-C316-2F113CBFDA84}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> no filepath
AlternateDataStreams: C:\WINNT:A26B22EFAAE52D4E
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe => not found.
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe => not found.
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-484763869-507921405-1343024091-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}" => key removed successfully.
HKCR\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} => key not found.
HKU\S-1-5-21-484763869-507921405-1343024091-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{968631B6-4729-440D-9BF4-251F5593EC9A} => value removed successfully.
HKCR\CLSID\{968631B6-4729-440D-9BF4-251F5593EC9A} => key not found.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully.
"HKU\S-1-5-21-484763869-507921405-1343024091-1007\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully.
C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\npGoogleUpdate3.dll => not found.
"HKU\S-1-5-21-484763869-507921405-1343024091-1007\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully.
C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.28.15\npGoogleUpdate3.dll => not found.
HKU\S-1-5-21-484763869-507921405-1343024091-1007\Software\Mozilla\Firefox\Extensions\\{86D92CB0-3EB2-4979-AD43-DF0341807D7F} => value removed successfully.
C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => not found.
C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.86\pdf.dll => not found.
C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => not found.
C:\WINNT\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => not found.
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => not found.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => not found.
C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll => not found.
C:\WINNT\system32\Adobe\Director\np32dsw.dll => not found.
c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll => not found.
Avira.ServiceHost => service removed successfully.
aic116x => service removed successfully.
ami0nt => service removed successfully.
BusLogic => service removed successfully.
c2scsi => service removed successfully.
Cdr4vsd => service removed successfully.
cmuda => service removed successfully.
cpqarry2 => service removed successfully.
cpqfcalm => service removed successfully.
cpqfws2e => service removed successfully.
deckzpsx => service removed successfully.
EFS => service removed successfully.
Fd16_700 => service removed successfully.
fireport => service removed successfully.
flashpnt => service removed successfully.
IntelIde => service removed successfully.
ipsraidn => service removed successfully.
lp6nds35 => service removed successfully.
MEMSWEEP2 => service removed successfully.
MTK => service removed successfully.
Nbf => service removed successfully.
Ncrc710 => service removed successfully.
ossrv => service removed successfully.
PalmUSBD => service removed successfully.
Parallel => service removed successfully.
ql2100 => service removed successfully.
rtl8139 => service removed successfully.
SchedulingAgent => service removed successfully.
SISNIC => service removed successfully.
smc8000n => service removed successfully.
TESTCAP => service removed successfully.
tga => service removed successfully.
UCORESYS => service removed successfully.
ultra66 => service removed successfully.
vvftav303 => service removed successfully.
C:\Documents and Settings\Fenix\Local Settings\Application Data\2hP38sy7qD86M => moved successfully
C:\Documents and Settings\Fenix\Local Settings\Application Data\2Y04MW11w => moved successfully
C:\Documents and Settings\Administrator\Local Settings\Temp\AskSLib.dll => moved successfully
C:\Documents and Settings\Fenix\Local Settings\Temp\avgnt.exe => moved successfully
C:\Documents and Settings\Fenix\Local Settings\Temp\jre-8u73-windows-au.exe => moved successfully
C:\Documents and Settings\Fenix\Local Settings\Temp\SkypeSetup.exe => moved successfully
C:\Documents and Settings\Fenix\Local Settings\Temp\sqlite3.dll => moved successfully
C:\Documents and Settings\Gryphon\Local Settings\Temp\IadHide5.dll => moved successfully
C:\Documents and Settings\Gryphon\Local Settings\Temp\perplex.dll => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-108bd7bc.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-16a65d7b.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-179d6278.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1d771570.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-213453fe.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-506e102f.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-521d10b8.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-529df00.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-52ee4f1b.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-5c4a0a22.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-61d2573f.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-720b224.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-734886e6.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-755c8cad.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-865492c8.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8ea55615.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-9b53e4cb.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-9cc82710.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-9ed94759.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a7050972.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a747cec0.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d009e8b4.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d2284dca.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d56fbcb6.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d8fbd64d.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-de8e5438.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-e23b02a5.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f392aeaa.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f78eae68.exe => moved successfully
.HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB} => key could not remove. ErrorCode: 0xC000003B
"HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => key removed successfully.
"HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{44D93876-1803-5C3B-C316-2F113CBFDA84}" => key removed successfully.
"HKU\S-1-5-21-484763869-507921405-1343024091-1007_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => key removed successfully.
C:\WINNT => ":A26B22EFAAE52D4E" ADS removed successfully..


The system needed a reboot.

==== End of Fixlog 00:06:11 ====
ComboFix 16-02-23.01 - Fenix 02/23/2016 1:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.1617 [GMT -6:00]
Running from: c:\downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan Enterprise *Disabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\DVDSubEditLastFile.txt
c:\documents and settings\Administrator\Application Data\inst.exe
c:\documents and settings\Administrator\Application Data\Microsoft\AddIns\WordRMRComAddin.dll
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\Fenix\Application Data\DVDSubEditLastFile.txt
c:\documents and settings\Fenix\Application Data\Microsoft\AddIns\WordRMRComAddin.dll
c:\documents and settings\Fenix\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Fenix\WINDOWS
c:\documents and settings\Griffin\Application Data\DVDSubEditLastFile.txt
c:\documents and settings\Griffin\Application Data\inst.exe
c:\documents and settings\Griffin\Application Data\Microsoft\AddIns\WordRMRComAddin.dll
c:\documents and settings\Unicorn\Application Data\DVDSubEditLastFile.txt
c:\documents and settings\Unicorn\Application Data\inst.exe
c:\documents and settings\Unicorn\Application Data\Microsoft\AddIns\WordRMRComAddin.dll
c:\winnt\$msi31uninstall_kb893803v2$
c:\winnt\$msi31uninstall_kb893803v2$\msi.dll
c:\winnt\$msi31uninstall_kb893803v2$\msiexec.exe
c:\winnt\$msi31uninstall_kb893803v2$\msihnd.dll
c:\winnt\$msi31uninstall_kb893803v2$\msimsg.dll
c:\winnt\$msi31uninstall_kb893803v2$\msisip.dll
c:\winnt\$msi31uninstall_kb893803v2$\reg00003
c:\winnt\$msi31uninstall_kb893803v2$\reg00004
c:\winnt\$msi31uninstall_kb893803v2$\reg00005
c:\winnt\$msi31uninstall_kb893803v2$\reg00006
c:\winnt\$msi31uninstall_kb893803v2$\reg00007
c:\winnt\$msi31uninstall_kb893803v2$\reg00008
c:\winnt\$msi31uninstall_kb893803v2$\reg00009
c:\winnt\$msi31uninstall_kb893803v2$\reg00010
c:\winnt\$msi31uninstall_kb893803v2$\reg00011
c:\winnt\$msi31uninstall_kb893803v2$\reg00012
c:\winnt\$msi31uninstall_kb893803v2$\reg00013
c:\winnt\$msi31uninstall_kb893803v2$\reg00014
c:\winnt\$msi31uninstall_kb893803v2$\reg00015
c:\winnt\$msi31uninstall_kb893803v2$\reg00016
c:\winnt\$msi31uninstall_kb893803v2$\reg00017
c:\winnt\$msi31uninstall_kb893803v2$\reg00018
c:\winnt\$msi31uninstall_kb893803v2$\reg00019
c:\winnt\$msi31uninstall_kb893803v2$\reg00020
c:\winnt\$msi31uninstall_kb893803v2$\reg00021
c:\winnt\$msi31uninstall_kb893803v2$\reg00022
c:\winnt\$msi31uninstall_kb893803v2$\reg00023
c:\winnt\$msi31uninstall_kb893803v2$\reg00024
c:\winnt\$msi31uninstall_kb893803v2$\reg00025
c:\winnt\$msi31uninstall_kb893803v2$\reg00026
c:\winnt\$msi31uninstall_kb893803v2$\reg00027
c:\winnt\$msi31uninstall_kb893803v2$\reg00028
c:\winnt\$msi31uninstall_kb893803v2$\reg00029
c:\winnt\$msi31uninstall_kb893803v2$\reg00030
c:\winnt\$msi31uninstall_kb893803v2$\reg00031
c:\winnt\$msi31uninstall_kb893803v2$\reg00032
c:\winnt\$msi31uninstall_kb893803v2$\reg00033
c:\winnt\$msi31uninstall_kb893803v2$\reg00034
c:\winnt\$msi31uninstall_kb893803v2$\reg00035
c:\winnt\$msi31uninstall_kb893803v2$\reg00036
c:\winnt\$msi31uninstall_kb893803v2$\reg00037
c:\winnt\$msi31uninstall_kb893803v2$\reg00038
c:\winnt\$msi31uninstall_kb893803v2$\reg00039
c:\winnt\$msi31uninstall_kb893803v2$\reg00040
c:\winnt\$msi31uninstall_kb893803v2$\reg00041
c:\winnt\$msi31uninstall_kb893803v2$\reg00042
c:\winnt\$msi31uninstall_kb893803v2$\reg00043
c:\winnt\$msi31uninstall_kb893803v2$\reg00044
c:\winnt\$msi31uninstall_kb893803v2$\reg00045
c:\winnt\$msi31uninstall_kb893803v2$\reg00046
c:\winnt\$msi31uninstall_kb893803v2$\reg00047
c:\winnt\$msi31uninstall_kb893803v2$\reg00048
c:\winnt\$msi31uninstall_kb893803v2$\reg00051
c:\winnt\$msi31uninstall_kb893803v2$\reg00052
c:\winnt\$msi31uninstall_kb893803v2$\reg00053
c:\winnt\$msi31uninstall_kb893803v2$\reg00054
c:\winnt\$msi31uninstall_kb893803v2$\reg00055
c:\winnt\$msi31uninstall_kb893803v2$\reg00056
c:\winnt\$msi31uninstall_kb893803v2$\reg00057
c:\winnt\$msi31uninstall_kb893803v2$\reg00058
c:\winnt\$msi31uninstall_kb893803v2$\reg00059
c:\winnt\$msi31uninstall_kb893803v2$\reg00060
c:\winnt\$msi31uninstall_kb893803v2$\reg00061
c:\winnt\$msi31uninstall_kb893803v2$\reg00062
c:\winnt\$msi31uninstall_kb893803v2$\reg00063
c:\winnt\$msi31uninstall_kb893803v2$\reg00064
c:\winnt\$msi31uninstall_kb893803v2$\reg00065
c:\winnt\$msi31uninstall_kb893803v2$\reg00066
c:\winnt\$msi31uninstall_kb893803v2$\reg00067
c:\winnt\$msi31uninstall_kb893803v2$\reg00068
c:\winnt\$msi31uninstall_kb893803v2$\reg00069
c:\winnt\$msi31uninstall_kb893803v2$\reg00070
c:\winnt\$msi31uninstall_kb893803v2$\reg00071
c:\winnt\$msi31uninstall_kb893803v2$\reg00072
c:\winnt\$msi31uninstall_kb893803v2$\reg00073
c:\winnt\$msi31uninstall_kb893803v2$\reg00074
c:\winnt\$msi31uninstall_kb893803v2$\reg00075
c:\winnt\$msi31uninstall_kb893803v2$\reg00076
c:\winnt\$msi31uninstall_kb893803v2$\reg00077
c:\winnt\$msi31uninstall_kb893803v2$\reg00078
c:\winnt\$msi31uninstall_kb893803v2$\reg00079
c:\winnt\$msi31uninstall_kb893803v2$\reg00080
c:\winnt\$msi31uninstall_kb893803v2$\reg00081
c:\winnt\$msi31uninstall_kb893803v2$\reg00082
c:\winnt\$msi31uninstall_kb893803v2$\reg00083
c:\winnt\$msi31uninstall_kb893803v2$\reg00084
c:\winnt\$msi31uninstall_kb893803v2$\reg00085
c:\winnt\$msi31uninstall_kb893803v2$\reg00086
c:\winnt\$msi31uninstall_kb893803v2$\reg00087
c:\winnt\$msi31uninstall_kb893803v2$\reg00088
c:\winnt\$msi31uninstall_kb893803v2$\reg00089
c:\winnt\$msi31uninstall_kb893803v2$\reg00090
c:\winnt\$msi31uninstall_kb893803v2$\reg00091
c:\winnt\$msi31uninstall_kb893803v2$\reg00092
c:\winnt\$msi31uninstall_kb893803v2$\reg00093
c:\winnt\$msi31uninstall_kb893803v2$\reg00094
c:\winnt\$msi31uninstall_kb893803v2$\reg00095
c:\winnt\$msi31uninstall_kb893803v2$\reg00096
c:\winnt\$msi31uninstall_kb893803v2$\reg00097
c:\winnt\$msi31uninstall_kb893803v2$\reg00098
c:\winnt\$msi31uninstall_kb893803v2$\reg00099
c:\winnt\$msi31uninstall_kb893803v2$\reg00100
c:\winnt\$msi31uninstall_kb893803v2$\reg00101
c:\winnt\$msi31uninstall_kb893803v2$\reg00102
c:\winnt\$msi31uninstall_kb893803v2$\reg00103
c:\winnt\$msi31uninstall_kb893803v2$\reg00104
c:\winnt\$msi31uninstall_kb893803v2$\reg00105
c:\winnt\$msi31uninstall_kb893803v2$\reg00106
c:\winnt\$msi31uninstall_kb893803v2$\reg00107
c:\winnt\$msi31uninstall_kb893803v2$\reg00108
c:\winnt\$msi31uninstall_kb893803v2$\reg00109
c:\winnt\$msi31uninstall_kb893803v2$\reg00110
c:\winnt\$msi31uninstall_kb893803v2$\reg00111
c:\winnt\$msi31uninstall_kb893803v2$\reg00112
c:\winnt\$msi31uninstall_kb893803v2$\reg00113
c:\winnt\$msi31uninstall_kb893803v2$\reg00114
c:\winnt\$msi31uninstall_kb893803v2$\reg00115
c:\winnt\$msi31uninstall_kb893803v2$\reg00116
c:\winnt\$msi31uninstall_kb893803v2$\spuninst\empty.cat
c:\winnt\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\winnt\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\winnt\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\winnt\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\winnt\help\wmplayer.bak
c:\winnt\iun6002.exe
c:\winnt\msdownld.tmp
c:\winnt\patch.exe
c:\winnt\Readme.txt
c:\winnt\system32\AdobePDF.dll
c:\winnt\system32\drivers\SET2E4.tmp
c:\winnt\system32\drivers\SET2E6.tmp
c:\winnt\system32\drivers\SET2E8.tmp
c:\winnt\system32\drivers\SET2EA.tmp
c:\winnt\system32\drivers\SET2EC.tmp
c:\winnt\system32\drivers\SET2EE.tmp
c:\winnt\system32\drivers\SET61.tmp
c:\winnt\system32\drivers\SET63.tmp
c:\winnt\system32\drivers\SET65.tmp
c:\winnt\system32\drivers\SET67.tmp
c:\winnt\system32\drivers\SET69.tmp
c:\winnt\system32\drivers\SET6B.tmp
c:\winnt\system32\nv4_disp.dll.tmp
c:\winnt\system32\rnaph.dll
c:\winnt\Web\default.htt
c:\winnt\wininit.ini
c:\winnt\wmsysprx.prx
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NAIMSERVINST
-------\Legacy_NPF
-------\Service_IAS
.
.
((((((((((((((((((((((((( Files Created from 2016-01-23 to 2016-02-23 )))))))))))))))))))))))))))))))
.
.
2016-02-20 21:55 . 2016-02-20 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2016-02-19 22:56 . 2016-02-19 22:56 -------- d-----w- c:\program files\Common Files\Java
2016-02-05 05:24 . 2016-02-23 06:06 -------- d-----w- C:\FRST
2016-02-05 04:00 . 2016-02-05 04:04 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-20 21:55 . 2014-07-22 05:08 170200 ----a-w- c:\winnt\system32\drivers\MBAMSwissArmy.sys
2016-02-20 21:53 . 2014-07-22 05:07 121560 ----a-w- c:\winnt\system32\drivers\mbamchameleon.sys
2016-02-19 22:55 . 2015-01-25 00:29 95840 ----a-w- c:\winnt\system32\WindowsAccessBridge.dll
2016-02-19 22:55 . 2014-10-17 01:59 146432 ----a-w- c:\winnt\system32\javacpl.cpl
2016-02-19 18:41 . 2015-12-04 20:13 135760 ----a-w- c:\winnt\system32\drivers\avipbb.sys
2016-02-19 09:24 . 2016-02-19 09:24 811050403 ----a-w- C:\DATA.zip
2016-02-10 14:45 . 2012-04-02 05:54 796864 ----a-w- c:\winnt\system32\FlashPlayerApp.exe
2016-02-10 14:45 . 2011-05-31 18:13 142528 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2005-03-18 00:02 . 2016-02-13 07:17 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-08-09 389352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2016-01-25 6819232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2005-02-26 212992]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2015-07-13 248176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2016-02-10 50599552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2008-04-14 143360]
"CloneDVDElbyDelay"="c:\program files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 45056]
"PinnacleDriverCheck"="c:\winnt\system32\PSDrvCheck.exe" [2003-05-28 394240]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-05-12 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"IMJPMIG8.1"="c:\winnt\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\winnt\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IMEKRMIG6.1"="c:\winnt\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 44032]
"dla"="c:\winnt\system32\dla\tfswctrl.exe" [2005-02-25 127037]
"VMSnap3"="c:\winnt\VMSnap3.EXE" [2006-07-18 49152]
"Domino"="c:\winnt\Domino.EXE" [2006-06-28 49152]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-25 446571]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-17 1164912]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Maxtor Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472]
"MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2008-06-27 1325800]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]
"DiscWizardMonitor.exe"="c:\program files\Maxtor\MaxBlast\DiscWizardMonitor.exe" [2009-10-16 1325936]
"AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2008-06-27 904776]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2014-10-02 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2016-02-19 804168]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2015-04-08 15664272]
"NvMediaCenter"="NvMCTray.dll" [2015-04-08 375112]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2015-04-09 2591888]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-04-09 2673296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-01-30 594992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-03 44544]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\PalmOne\HOTSYNC.EXE [2004-4-13 299008]
.
c:\documents and settings\Griffin\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\PalmOne\HOTSYNC.EXE [2004-4-13 299008]
.
c:\documents and settings\Fenix\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\PalmOne\HOTSYNC.EXE [2004-4-13 299008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\winnt\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-1-11 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-7-13 113664]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2007-9-19 282624]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Juno\\bin\\juno.exe"=
"c:\\Download\\Utilities\\BitTorrent Clients\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\WINNT\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINNT\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher2.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcherx.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatchery.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SkypeCallRecorder\\SkypeCallRecorder.exe"=
"c:\\dell\\drivers\\R96135\\Upgrade.exe"=
"c:\\Documents and Settings\\Fenix\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Fenix\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Brother\\Brmfl07b\\FAXRX.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"54925:UDP"= 54925:UDP:Brother Network Scanner
.
R0 VOBID;VOBID;c:\winnt\system32\drivers\vobid.sys [8/1/2003 12:47 PM 29239]
R1 avkmgr;avkmgr;c:\winnt\system32\drivers\avkmgr.sys [12/4/2015 2:13 PM 37896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 5:38 PM 142648]
R2 amdfix;amdfix;c:\winnt\system32\drivers\amdfix.sys [12/28/2002 2:45 PM 4108]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/4/2015 2:14 PM 466408]
R2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [6/27/2008 4:03 PM 431384]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [12/3/2015 10:43 PM 1878672]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [7/13/2015 12:44 PM 93040]
R2 xinstall;xinstall;c:\winnt\system32\drivers\xinstall.sys [12/28/2002 2:45 PM 6143]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\winnt\system32\drivers\l151x86.sys [5/2/2008 1:43 AM 37376]
R3 pcouffin;VSO Software pcouffin;c:\winnt\system32\drivers\pcouffin.sys [9/14/2007 2:20 PM 47360]
R3 pctvvbi;PCTVVBI;c:\winnt\system32\drivers\pctvvbi.sys [12/21/2002 11:04 PM 6369]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [12/4/2015 2:13 PM 930944]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/4/2015 2:14 PM 1223920]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:\winnt\system32\drivers\BT848.sys [12/21/2002 11:19 AM 372309]
S2 Parclass;Parclass;c:\winnt\system32\drivers\PARCLASS.SYS [1/11/2003 9:45 AM 18832]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [6/27/2008 4:03 PM 431384]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/9/2015 12:14 PM 327296]
S3 MHIKEY10;MHIKEY10;c:\winnt\system32\drivers\MHIKEY10.sys [5/27/2008 2:52 AM 51072]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [6/19/2003 4:05 AM 49776]
S3 vmfilter303;vmfilter303;c:\winnt\system32\drivers\vmfilter303.sys [10/19/2008 12:26 AM 428160]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\winnt\system32\drivers\usbVM303.sys [6/30/2011 1:38 PM 392058]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-23 c:\winnt\Tasks\Adobe Flash Player Updater.job
- c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 14:45]
.
2016-02-12 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2016-02-23 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 04:51]
.
2016-02-23 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 04:51]
.
2016-02-22 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-507921405-1343024091-1007Core.job
- c:\documents and settings\Fenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 04:57]
.
2016-02-23 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-507921405-1343024091-1007UA.job
- c:\documents and settings\Fenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 04:57]
.
2016-02-20 c:\winnt\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2014-03-11 15:13]
.
2016-02-23 c:\winnt\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\winnt\system32\xp_eos.exe [2014-03-06 01:59]
.
2016-02-08 c:\winnt\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\winnt\system32\xp_eos.exe [2014-03-06 01:59]
.
2016-02-05 c:\winnt\Tasks\switchShakeIcon.job
- c:\program files\NCH Software\Switch\switch.exe [2012-01-31 22:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINNT/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-BigDog303 - c:\winnt\VM303_STI.EXE
HKLM-Run-Avira SystrayStartTrigger - c:\program files\Avira\Launcher\Avira.SystrayStartTrigger.exe
c:\documents and settings\Administrator\Start Menu\Programs\Startup\Registration-InstantCopy.lnk - c:\program files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe InstantCopy,INSCPY,register,EN,0,serial=AARTO-AAFHK-AJWJJ-ILLTA-AAAFA
c:\documents and settings\Griffin\Start Menu\Programs\Startup\Registration-InstantCopy.lnk - c:\program files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe InstantCopy,INSCPY,register,EN,0,serial=AARTO-AAFHK-AJWJJ-ILLTA-AAAFA
c:\documents and settings\Fenix\Start Menu\Programs\Startup\Registration-InstantCopy.lnk - c:\program files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe InstantCopy,INSCPY,register,EN,0,serial=AARTO-AAFHK-AJWJJ-ILLTA-AAAFA
AddRemove-CloneCD - c:\program files\Elaborate Bytes\CloneCD\Uninst.isu
AddRemove-Coupon Printer for Windows5.0.0.4 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-02-23 01:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\Fenix\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\JAH0LVKS\Darla[1].swf 1224 bytes
c:\docume~1\Fenix\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\JAH0LVKS\Darla[2].swf 1224 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,de,bd,c1,6a,27,04,49,a6,53,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,de,bd,c1,6a,27,04,49,a6,53,3e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\winnt\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(848)
c:\winnt\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(1428)
c:\winnt\system32\WININET.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\msi.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\Ati2evxx.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\winnt\system32\Ati2evxx.exe
c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
.
**************************************************************************
.
Completion time: 2016-02-23 01:31:39 - machine was rebooted
ComboFix-quarantined-files.txt 2016-02-23 07:31
.
Pre-Run: 40,255,406,592 bytes free
Post-Run: 41,327,591,424 bytes free
.
- - End Of File - - 137FB1AAC31BEDCB8B3B612A072482F5
8F558EB6672622401DA993E1E865C861

Attached Files


Edited by Oh My!, 23 February 2016 - 08:41 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 AM

Posted 23 February 2016 - 08:50 AM

Greetings,

Please post the Zoek report and attach the System Summary Report.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Zhang Fei

Zhang Fei
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 23 February 2016 - 10:36 AM

I have attached the Zoek report here:


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Fenix on Tue 02/23/2016 at 3:04:39.54.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Downloads\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

2/23/2016 3:21:08 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\Motive deleted successfully
C:\Program Files\TomTom DesktopSuite deleted successfully
C:\Program Files\Verizon Online deleted successfully
C:\Program Files\Common Files\MGI Shared deleted successfully
C:\Program Files\Common Files\NSV deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Package Cache deleted successfully
C:\Documents and Settings\Fenix\Application Data\AdobeUM deleted successfully
C:\Documents and Settings\Fenix\Application Data\Vso deleted successfully
C:\Documents and Settings\Griffin\Application Data\Newsbin deleted successfully
C:\Documents and Settings\Gryphon\Application Data\AdobeUM deleted successfully
C:\Documents and Settings\Gryphon\Application Data\NetMedia Providers deleted successfully
C:\Documents and Settings\Gryphon\Application Data\Publish Providers deleted successfully
C:\Documents and Settings\LocalService\Application Data\Apple Computer deleted successfully
C:\Documents and Settings\Unicorn\Application Data\AdobeUM deleted successfully
C:\Documents and Settings\Unicorn\Application Data\Vso deleted successfully
C:\Documents and Settings\Fenix\Local Settings\Application Data\CutePDF Writer deleted successfully
C:\Documents and Settings\Fenix\Local Settings\Application Data\KodakGallery deleted successfully
C:\Documents and Settings\Fenix\Local Settings\Application Data\Skype deleted successfully
C:\Documents and Settings\Fenix\Local Settings\Application Data\WMTools Downloaded Files deleted successfully
C:\Documents and Settings\Griffin\Local Settings\Application Data\Real deleted successfully
C:\Documents and Settings\LocalService\Local Settings\Application Data\Google deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-484763869-507921405-1343024091-1007\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully
HKEY_USERS\S-1-5-21-484763869-507921405-1343024091-1007\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_USERS\S-1-5-21-484763869-507921405-1343024091-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_USERS\S-1-5-21-484763869-507921405-1343024091-1007\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully
HKEY_USERS\S-1-5-21-484763869-507921405-1343024091-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully
HKEY_USERS\S-1-5-21-484763869-507921405-1343024091-1007\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\spoolsv.exe
c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\WINNT\VMSnap3.EXE
C:\WINNT\Domino.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\Yahoo\Messenger\YahooMessenger.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\PalmOne\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\PROGRA~1\Yahoo\Messenger\YahooMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\taskmgr.exe
C:\Downloads\zoek.exe
C:\WINNT\system32\svchost.exe -k DcomLaunch
C:\WINNT\system32\svchost.exe -k rpcss
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k WudfServiceGroup
C:\WINNT\system32\svchost.exe -k NetworkService
C:\WINNT\system32\svchost.exe -k LocalService
C:\WINNT\system32\svchost.exe -k LocalService
C:\WINNT\system32\svchost.exe -k imgsvc
C:\WINNT\system32\svchost.exe -k netsvcs

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_20160223_0412_.backup

ProfilePath: C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("browser.contentHandlers.auto.application/vnd.mozilla.maybe.feed", "http://add.my.yahoo.com/rss?url=%s");
user_pref("browser.feeds.handlers.webservice", "http://add.my.yahoo.com/rss?url=%s");
user_pref("flashblock.whitelist", "www.amazon.com,https://invest.ameritrade.com,wwws.ameritrade.com,maps.google.com,www.google.com,http://www.macmilla
user_pref("yahoo.ytff.general.dontshowhpoffer", true);
user_pref("yahoo.ytffp.installer._u", "2de4aa6a0e5c46ef8898e8e259cdd2be");
user_pref("yahoo.ytffp.installer.nd", 2);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_20160223_0412_.backup

ProfilePath: C:\Documents and Settings\Fenix\Application Data\TomTom\HOME\Profiles\ro10vgo7.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20160223_0412_.backup

ProfilePath: C:\Documents and Settings\Griffin\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_20160223_0412_.backup

ProfilePath: C:\Documents and Settings\Gryphon\Application Data\Mozilla\Firefox\Profiles\0m6e2uhr.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20160223_0412_.backup

ProfilePath: C:\Documents and Settings\Unicorn\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("browser.contentHandlers.auto.application/vnd.mozilla.maybe.feed", "http://add.my.yahoo.com/rss?url=%s");
user_pref("browser.feeds.handlers.webservice", "http://add.my.yahoo.com/rss?url=%s");
user_pref("browser.startup.homepage", "http://my.yahoo.com");
user_pref("yahoo.ytff.general.dontshowhpoffer", true);
user_pref("yahoo.ytffp.installer._u", "2de4aa6a0e5c46ef8898e8e259cdd2be");
user_pref("yahoo.ytffp.installer.nd", 2);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_20160223_0412_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\Motive not found
C:\Program Files\TomTom DesktopSuite not found
C:\Program Files\Verizon Online not found
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
C:\Program Files\File Scanner Library (Spybot - Search & Destroy) deleted
C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) deleted
C:\Program Files\Universal Extractor deleted
C:\Documents and Settings\Administrator\Application Data\DVDSubEdit.ini deleted
C:\Documents and Settings\Administrator\Application Data\pcouffin.log deleted
C:\Documents and Settings\Administrator\Application Data\Yahoo! deleted
C:\Documents and Settings\Fenix\Application Data\AutoGK.ini deleted
C:\Documents and Settings\Fenix\Application Data\DVDSubEdit.ini deleted
C:\Documents and Settings\Fenix\Application Data\temp23076.txt deleted
C:\Documents and Settings\Fenix\Application Data\pcouffin.log deleted
C:\Documents and Settings\Fenix\Application Data\Yahoo! deleted
C:\Documents and Settings\Griffin\Application Data\DVDSubEdit.ini deleted
C:\Documents and Settings\Griffin\Application Data\pcouffin.log deleted
C:\Documents and Settings\Unicorn\Application Data\DVDSubEdit.ini deleted
C:\Documents and Settings\Unicorn\Application Data\temp23076.txt deleted
C:\Documents and Settings\Unicorn\Application Data\pcouffin.log deleted
C:\Documents and Settings\Unicorn\Application Data\Yahoo! deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! deleted
C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050} deleted
C:\Documents and Settings\Griffin\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050} deleted
C:\Documents and Settings\Gryphon\Local Settings\Application Data\FASTWiz.log deleted
C:\WINNT\003508_.tmp deleted
C:\WINNT\S9AD8A7BB.tmp deleted
C:\WINNT\SET11B.tmp deleted
C:\WINNT\SET12E.tmp deleted
C:\WINNT\SET29.tmp deleted
C:\WINNT\SET38.tmp deleted
C:\WINNT\SET52.tmp deleted
C:\WINNT\SET85.tmp deleted
C:\WINNT\SET86.tmp deleted
C:\WINNT\SET87.tmp deleted
C:\WINNT\SET93.tmp deleted
C:\WINNT\SET9A.tmp deleted
C:\WINNT\system32\GroupPolicy\Adm deleted
C:\WINNT\system32\GroupPolicy\Machine deleted
C:\WINNT\system32\GroupPolicy\User deleted
C:\WINNT\system32\GroupPolicy\gpt.ini deleted
C:\WINNT\System32\VDM19.tmp deleted
C:\WINNT\System32\VDM1A.tmp deleted
C:\WINNT\System32\_r_a_p_.tmp deleted
C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\jetpack deleted
C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\extensions\abs@avira.com deleted
C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\Yahoo Inc deleted

==== System Specs ======================

Windows: Windows XP Professional Service Pack 3 (Build 2600)
Memory (RAM): 3456 MB
CPU Info: AMD Athlon™ 64 X2 Dual Core Processor 5200+
CPU Speed: 2616.3 MHz
Sound Card: IDT Audio1 |
Display Adapters: ATI Radeon 2100 | ATI Radeon 2100 | NetMeeting driver | RDPDD Chained DD
Monitors: 1x; Plug and Play Monitor | Plug and Play Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller
CD / DVD Drives: 3x (E: | F: | J: | ) E: _NEC DVD_RW ND-3520AW | F: | J: NERO IMAGEDRIVE2
Ports: COM1 LPT1
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 298.1GB | D: 114.5GB
Hard Disks - Free: C: 38.3GB | D: 9.4GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 03/15/10 | 031510 - 20100315
Time Zone: Central Standard Time
Motherboard *: ECS A740GM-M
Country: United States
Language: ENU

==== System Specs (Software) ======================

AV: Avira Antivirus *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee VirusScan Enterprise *Disabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
Internet Explorer version: 8.0.6001.18702
Mozilla Firefox version: 44.0.2 (x86 en-US)
Google Chrome version: 46.0.2490.86
Adobe Reader version: 11.0.8.4
Sun Java version: 1.8.0_73 (32-bit)
Flash Player version: 20.0.0.306
Shockwave Player version: 12.1r150

==== Files Recently Created / Modified ======================

====== C:\WINNT ====
2016-02-23 06:56:05 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINNT\PEV.exe
2016-02-23 06:56:05 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINNT\grep.exe
2016-02-23 06:56:05 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINNT\zip.exe
2016-02-23 06:56:05 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINNT\SWSC.exe
2016-02-23 06:56:05 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINNT\MBR.exe
====== C:\DOCUME~1\Fenix\LOCALS~1\Temp ====
====== Java Cache =====
====== C:\WINNT\system32 =====
====== C:\WINNT\system32\drivers =====
====== C:\WINNT\Tasks ======
2016-02-05 03:49:45 29B52AF942A1EB0A25FFFDE250FA8805 272 ----a-w- C:\WINNT\Tasks\switchShakeIcon.job
====== C:\WINNT\Temp ======
======= C:\Program Files =====
2016-02-19 22:56:01 -------- d-----w- C:\Program Files\Common Files\Java
======= C: =====
====== C:\Documents and Settings\Fenix\Application Data ======
====== C:\Documents and Settings\Fenix ======
2016-02-23 08:31:55 -------- d-sh--w- C:\Documents and Settings\NetworkService\Cookies
2016-02-23 07:36:23 -------- d-sh--w- C:\Documents and Settings\LocalService\Cookies
2016-02-23 02:32:19 B5F738D5D037C69221ABA5FFE3CBA69E 1722368 ----a-w- C:\Documents and Settings\Fenix\Desktop\FRST.exe

====== C: exe-files ==
2016-02-23 02:32:19 B5F738D5D037C69221ABA5FFE3CBA69E 1722368 ----a-w- C:\Documents and Settings\Fenix\Desktop\FRST.exe
2016-02-19 22:56:19 5B98DCE4893425BA4F08C2BE134CABE5 191584 ----a-w- C:\Documents and Settings\All Users\Application Data\Oracle\Java\javapath_target_809718\javaw.exe
2016-02-19 22:56:19 5B98DCE4893425BA4F08C2BE134CABE5 191584 ----a-w- C:\Documents and Settings\All Users\Application Data\Oracle\Java\javapath\javaw.exe
2016-02-19 22:56:19 249C1C8BD8AC9568E5C5A0EC2FB39018 191072 ----a-w- C:\Documents and Settings\All Users\Application Data\Oracle\Java\javapath_target_809718\java.exe
2016-02-19 22:56:19 249C1C8BD8AC9568E5C5A0EC2FB39018 191072 ----a-w- C:\Documents and Settings\All Users\Application Data\Oracle\Java\javapath\java.exe
2016-02-19 22:56:19 2211C51BABE577798343D69F818E25AB 278624 ----a-w- C:\Documents and Settings\All Users\Application Data\Oracle\Java\javapath_target_809718\javaws.exe
2016-02-19 22:56:19 2211C51BABE577798343D69F818E25AB 278624 ----a-w- C:\Documents and Settings\All Users\Application Data\Oracle\Java\javapath\javaws.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe"
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t"

[HKEY_USERS\S-1-5-21-484763869-507921405-1343024091-1007\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_9 -reboot 1"
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
"Messenger (Yahoo\PROGRA~1\Yahoo\Messenger\YahooMessenger.exe -quiet"
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe"
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe"
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Runonce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop"
"RunNarrator"="Narrator.exe"
"tscuninstall"="%systemroot%\system32\tscupgrd.exe "

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Runonce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop"
"RunNarrator"="Narrator.exe"
"tscuninstall"="%systemroot%\system32\tscupgrd.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe /L ElbyDelay"
"PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe"
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE"
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE /STANDALONE"
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe /StartedFromRunKey"
"IMJPMIG8.1"="C:\WINNT\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName"
"IMEKRMIG6.1"="C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE"
"dla"="C:\WINNT\system32\dla\tfswctrl.exe"
"VMSnap3"="C:\WINNT\VMSnap3.EXE"
"Domino"="C:\WINNT\Domino.EXE"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
"Seagate Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
"Maxtor Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
"MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe"
"eFax 4.4"="C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe /R"
"DiscWizardMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\DiscWizardMonitor.exe"
"AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe"
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN"
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe -atboottime"
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min"
"NvCplDaemon"="RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login"
"nwiz"="C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet"
"NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SysTrayApp"="%ProgramFiles%\IDT\WDM\sttray.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_9 -reboot 1"
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
"Messenger (Yahoo\PROGRA~1\Yahoo\Messenger\YahooMessenger.exe -quiet"
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe"
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe"

==== Startup Folders ======================

2005-02-26 06:13:30 1381 ----a-w- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HotSync Manager.lnk
2014-08-24 20:57:05 1500 ----a-w- C:\Documents and Settings\Fenix\Start Menu\Programs\Startup\HotSync Manager.lnk
2008-05-04 20:49:57 1381 ----a-w- C:\Documents and Settings\Griffin\Start Menu\Programs\Startup\HotSync Manager.lnk

==== Task Scheduler Jobs ======================

C:\WINNT\tasks\Adobe Flash Player Updater.job --a------ C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02/10/2016 08:45 AM]
C:\WINNT\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\Apple Software Update\SoftwareUpdate.exe [06/01/2011 05:57 PM]
C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11/16/2015 10:51 PM]
C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11/16/2015 10:51 PM]
C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-507921405-1343024091-1007Core.job --a------ C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [11/16/2015 10:57 PM]
C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-507921405-1343024091-1007UA.job --a------ C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [11/16/2015 10:57 PM]
C:\WINNT\tasks\Microsoft Antimalware Scheduled Scan.job --ah----- C:\Program Files\Microsoft Security Client\MpCmdRun.exe [03/11/2014 09:13 AM]
C:\WINNT\tasks\Microsoft Windows XP End of Service Notification Logon.job --a------ C:\WINNT\system32\xp_eos.exe [02/25/2014 07:59 PM]
C:\WINNT\tasks\Microsoft Windows XP End of Service Notification Monthly.job --a------ C:\WINNT\system32\xp_eos.exe [02/25/2014 07:59 PM]
C:\WINNT\tasks\switchShakeIcon.job --a------ C:\Program Files\NCH Software\Switch\switch.exe [01/31/2012 04:20 PM]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default
user_pref("browser.startup.homepage", "http://www.google.com/");

ProfilePath: C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.defaultenginename.US", "Google");

ProfilePath: C:\Documents and Settings\Griffin\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default
user_pref("browser.startup.homepage", "http://www.google.com/");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [08/16/2009 11:21 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default
- Undetermined - C:\Program Files\Copernic Desktop Search 2\FirefoxToolbar
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org
- Flashblock - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
- iFox Smooth - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- iFox Smooth - %ProfilePath%\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}

ProfilePath: C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- Google search link fix - %ProfilePath%\extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi
- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Documents and Settings\Fenix\Application Data\TomTom\HOME\Profiles\ro10vgo7.default
- Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.8.080.9662@tomtom.com

ProfilePath: C:\Documents and Settings\Griffin\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default
- Undetermined - C:\Program Files\Copernic Desktop Search 2\FirefoxToolbar
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org
- Flashblock - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
- iFox Smooth - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- Undetermined - %ProfilePath%\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
- iFox Smooth - %ProfilePath%\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}

ProfilePath: C:\Documents and Settings\Gryphon\Application Data\Mozilla\Firefox\Profiles\0m6e2uhr.default
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
- iFox Smooth - %ProfilePath%\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}

ProfilePath: C:\Documents and Settings\Unicorn\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default
- Undetermined - C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
- Undetermined - C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Flashblock - C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- EPUBReader - %ProfilePath%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Undetermined - %AppDir%\extensions\installed-extensions-processed.txt

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Fenix\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
D937A4645EFF8CB4F123E3C899C052B2 - C:\Program Files\QuickTime Alternative\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.6
6EE8EA06FC795709C54159413F5B73E3 - C:\Program Files\QuickTime Alternative\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.6
1B3E082A7CEAA708FAB406787EBB84C1 - C:\Program Files\QuickTime Alternative\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.6
7BD0B20CE623238606D34519438C26AB - C:\Program Files\QuickTime Alternative\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.6
4363A7545F358607B1012A3F141EB3B7 - C:\Program Files\QuickTime Alternative\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.6
421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
B4FC40CBAD284F09207CF06BA2C341BC - C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll - Veoh Web Player Beta
65FB4909BD29CAAA81FDC69AD21BB905 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll - RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)
01F0264937036BD962563F1ADF35CE72 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
9EA6FA4806BB45185FE743D534CEE9E6 - C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll - Java™ Platform SE 8 U73
843AE18C93C6DFD214AB7EAF338B4D6F - C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.730.2
7EFDDC0CA345922C425203FE49138CE9 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll - DivX Player Netscape Plugin
E14F0925B4ECE11FF0C1D53B155266C4 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll - DivX® Content Upload Plugin
A13D7CD76E026BA041E9EBA4EEF1EBA0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX® Web Player
54740489C66AFC8B78CF9A2893A5DA63 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
0E8B2D0D9E3415A91EF259CE1112C579 - C:\WINNT\system32\Adobe\Director\np32dsw_1210150.dll - Shockwave for Director / Shockwave for Director
6FE651F6E3025AD51CC1D54913AEEADC - C:\WINNT\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll - Shockwave Flash
4F3E3995C017C2A9925CEF5AD566B78D - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll - AmazonMP3DownloaderPlugin
8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

YouTube - Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
FlashBlock - Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl
Chrome Web Store Payments - Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.atm.youku.com_0.localstorage deleted successfully
C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.atm.youku.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{43DCF766-6838-4F9A-8C91-D92DA586DFA7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\667FCD348386A9F4C8199DD25A68FD7A deleted successfully

==== HijackThis Entries ======================

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VMSnap3] C:\WINNT\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINNT\Domino.EXE
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Maxtor Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Maxtor\MaxBlast\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\PalmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209728398623
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209735346468
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Scheduler2 Service (MaxSch2Svc) - Maxtor - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Maxtor - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

==== Empty IE Cache ======================

C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Fenix\Local Settings\Temp\Temporary Internet Files\Content.IE5\1QYV8RZH will be deleted at reboot
C:\Documents and Settings\Fenix\Local Settings\Temp\Temporary Internet Files\Content.IE5\JAH0LVKS will be deleted at reboot
C:\Documents and Settings\Fenix\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Fenix\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\Cache emptied successfully
C:\Documents and Settings\Fenix\Local Settings\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\cache2 emptied successfully
C:\Documents and Settings\Griffin\Local Settings\Application Data\Mozilla\Firefox\Profiles\l7hvrhwa.default\Cache emptied successfully
C:\Documents and Settings\Gryphon\Local Settings\Application Data\Mozilla\Firefox\Profiles\0m6e2uhr.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Fenix\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=360 folders=41 48001476 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Administrator\Local Settings\temp emptied successfully
C:\Documents and Settings\Default User\Local Settings\temp emptied successfully
C:\Documents and Settings\Fenix\Local Settings\Temp will be emptied at reboot
C:\Documents and Settings\Griffin\Local Settings\temp emptied successfully
C:\Documents and Settings\Gryphon\Local Settings\temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully
C:\Documents and Settings\Unicorn\Local Settings\temp emptied successfully
C:\Documents and Settings\UpdatusUser\Local Settings\temp emptied successfully
C:\WINNT\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINNT\Temp successfully emptied
C:\DOCUME~1\Fenix\LOCALS~1\Temp successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Fenix\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\Fenix\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\Fenix\Local Settings\Temp\Temporary Internet Files\Content.IE5\1QYV8RZH" not found
"C:\Documents and Settings\Fenix\Local Settings\Temp\Temporary Internet Files\Content.IE5\JAH0LVKS" not found

==== EOF on Tue 02/23/2016 at 9:25:51.78 ======================

Attached Files


Edited by Oh My!, 23 February 2016 - 01:51 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 AM

Posted 23 February 2016 - 02:27 PM

Thank you for the information. Please copy and paste your information in your reply unlesss you are requested to attach a file.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can uninstall the program(s) via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Avira Antivirus
Microsoft Security Essentials
McAfee VirusScan Enterprise


===================================================

Uploading Minidump Files

--------------------
  • Press the Windows Key + E at the same time then navigate to the following location:

C:\WINDOWS\Minidump

  • If they exist, upload the last 3 most recently dated files here
  • Notify me on the post when the files have been successfully uploaded
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did you uninstall 2 antivirus programs?
  • Uploaded Minidump files
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 AM

Posted 23 February 2016 - 07:38 PM

Did you uninstall the antivirus programs and can you update me on your computer performance.

Please carefully read my posts and reply as requested. You routinely don't complete all that I have asked for.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Zhang Fei

Zhang Fei
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 24 February 2016 - 09:42 PM

Many thanks for your patience. Here's my response to your recent queries:
 

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. clip_image001.gif

  • Did you uninstall 2 antivirus programs?

 
I uninstalled Microsoft Security Essentials, but left McAfee installed. I've always run McAfee with On Access Scan disabled, i.e. I only use it for passive weekly virus scans, which I run along with a monthly Malwarebytes scan, in lieu of Avira's weekly Luke Filewalker scan, which always errors out. Prior to posting my issue on this forum, I had spent many hours configuring my computer so that only one antivirus program - Microsoft Security Essentials, McAfee or Avira was installed. Nothing worked. In any event, only one program has ever had on access scan enabled, so as to de-conflict the different applications.
 

  • Uploaded Minidump files

 
I've uploaded the single file I found in the minidump folder.
 

  • Update on computer behavior

 
My hibernation problem has recurred. Here are a couple of screen shots, with the fuzzed out controls emphasized in red ovals. One strange problem I encountered was fuzzed out blocks in place of my wallpaper when I rebooted out of hibernation.  This went away after I reinstalled the display drivers for the on-board display chipset. However, the fuzzed-out controls continue to be a recurring problem after recovery from hibernation, even after about a dozen reboots.

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 AM

Posted 24 February 2016 - 11:03 PM

Please do this.

===================================================

Rebuilding Icon Cache Windows XP

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press enter
  • Copy and paste the following into the Notepad document:
@echo off
taskkill /f /im explorer.exe
attrib -H "%userprofile%\Local Settings\Application Data\IconCache.db"
del "%userprofile%\Local Settings\Application Data\IconCache.db"
explorer.exe 
shutdown /r /f /t 10
del %0
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input icon.bat.
  • Click Save.
  • Close the Notepad and any other open items
  • Locate and double-click icon.bat on the desktop
  • A black CMD window will flash, then disappear
  • Your computer will reboot in 10 seconds after the completion of the command
  • Check your desktop icons
===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Icons?
  • BSOD.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Zhang Fei

Zhang Fei
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 25 February 2016 - 02:22 AM

Please do this.

===================================================

Rebuilding Icon Cache Windows XP

--------------------

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press enter
  • Copy and paste the following into the Notepad document:
@echo off
taskkill /f /im explorer.exe
attrib -H "%userprofile%\Local Settings\Application Data\IconCache.db"
del "%userprofile%\Local Settings\Application Data\IconCache.db"
explorer.exe 
shutdown /r /f /t 10
del %0
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input icon.bat.
  • Click Save.
  • Close the Notepad and any other open items
  • Locate and double-click icon.bat on the desktop
  • A black CMD window will flash, then disappear
  • Your computer will reboot in 10 seconds after the completion of the command
  • Check your desktop icons
===================================================

 

The fuzzed-out controls have stopped recurring when the computer resumes after hibernation. Given that this remained the case after 6 consecutive hibernate and resume cycles, this aspect is looking good. However, I'm still getting issues shown in the attached image files as follows:

  1. When I resume from hibernation, the startup screen alternates between fuzzed wallpaper and green, rather than the desert wallpaper I've selected (e.g. fuzzed wallpaper from logon screen.jpg).
  2. Display attributes tabs for themes and wallpaper are partially fuzzed out (e.g. fuzzed display properties theme tab.jpg & fuzzed display properties wallpaper tab.jpg).
  3. The first two files previously loaded in the Windows picture viewer system application are fuzzed out, but become viewable again after right-arrowing, then left-arrowing twice (e.g. Windows picture viewer 1 - jpg file is fuzzed out.jpg & Windows picture viewer 2 - same jpg file after toggling 2 pictures down and then back.jpg)
     

BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Icons?
  • BSOD.txt

 

The contents of BSOD.txt are as follows: 

==================================================
Dump File         : Mini122515-01.dmp
Crash Time        : 12/25/2015 4:12:46 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 0x000433e0
Parameter 2       : 0x00000002
Parameter 3       : 0x00000000
Parameter 4       : 0x80537580
Caused By Driver  : hal.dll
Caused By Address : hal.dll+2410
File Description  : Hardware Abstraction Layer DLL
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5512 (xpsp.080413-2111)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+6d80c
Stack Address 1   : ntkrnlpa.exe+60580
Stack Address 2   : ntkrnlpa.exe+60b42
Stack Address 3   : ntkrnlpa.exe+f8fee
Computer Name     :
Full Path         : C:\WINNT\Minidump\Mini122515-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 65,536
Dump File Time    : 12/25/2015 4:19:35 PM
==================================================

 

I have had more recent BSOD's prior to posting to this forum, but the ones I remember were dead stops where it attempted to create a dump file, but the drive light remained unlit (upon which I held down the power switch to force a shut down). There *might* have been some shutdowns where it was taking significant time to create a dump file. However, since I had no knowledge of how to use the dump files, I generally aborted the process by holding down the power button if the process took more than 5 minutes.

Attached Files



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 AM

Posted 25 February 2016 - 09:59 AM

This is not malware related so I may be referring you to another more appropriate forum soon.

Please uninstall and reinstall the video card drivers. In addition, change the screen resolution to something different then change it back to your current configuration.

Let me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Zhang Fei

Zhang Fei
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 27 February 2016 - 01:06 AM

This is not malware related so I may be referring you to another more appropriate forum soon.

Please uninstall and reinstall the video card drivers. In addition, change the screen resolution to something different then change it back to your current configuration.

Let me know.

 

Thanks for confirming that it's not malware related. I uninstalled and reinstalled the video card driver. The hibernation problem with the fuzzed out wallpaper and the fuzzed out control panel samples recurred. This one's a real head scratcher.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 AM

Posted 27 February 2016 - 08:48 AM

Did you change the screen resolution settings? I provided a link above with directions.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Zhang Fei

Zhang Fei
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 27 February 2016 - 03:44 PM

Did you change the screen resolution settings? I provided a link above with directions.

 

Yup. I went through different resolutions along with hibernation and resume cycles. Same problem at lower resolutions (current one being the max at 1920 x 1080).



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 AM

Posted 27 February 2016 - 05:12 PM

Do you have an external monitor you can attach to your computer?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users