Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove rougue Antivir


  • This topic is locked This topic is locked
79 replies to this topic

#1 John836

John836

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 22 February 2016 - 08:07 PM

Hi,

I started getting all kinds of problems with my (old) laptop that up until this point had been running fairly consistently. Avast didn't/couldn't find anything so I ran these malware scanning programs:

1. Spyware Blaster

2. Spybot Search & Destroy

3. Kaspersky TDSSKiller

4. HitmanPro

5. Zemana AntiMalware

6. Adware Cleaner

7. Junkware Removal Tool

Some of the above found various adware, PUPs etc, all of which were quarantined and then removed/deleted using the appropriate procedures. But was still experiencing problems...Avast started hanging and being non-responsive even after reboots, so decided to uninstall, and reinstall, but when trying to reinstall it gave this message:


 ‘Another antivirus program has been detected – AntiVir Desktop – It is strongly recommended to uninstall AntiVir Desktop before continuing with your Avast installation. Running 2 antiviruses at the same time will slow down your computer and might make it unusable.’


I definitely didn't install this, and couldn't find it in any program folders, or anywhere on the PC so Googled AntiVir and learned that it was malware…and additional searches brought me to the Bleeping Computers 'Antivir removal - Self Help Guide'. I followed the guide and ran RKIL and Malwarebytes and then tried reinstalling Avast again...but got the same  message about AntiVir.


The above was posted on BleepingComputer (http://www.bleepingcomputer.com/forums/t/605291/unable-to-remove-rogue-malware-antivir) – and I followed support advice from this forum post with the following actions :


Autoruns recommended and ran.  The scan results posted on #5 of the ‘unable to remove rogue malware antivir’ post.

MiniToolBox recommended and ran. The scan results posted on #7 of the ‘unable to remove rogue malware antivir’ post.


It was recommended that I delete some leftover files from Avira (antivirus). I tried doing as suggested, but Autorun wouldn't allow me, I get an Autoruns popup message or warning reading: Error changing item state: Access is denied. I then tried running as 'Administrator', but it wouldn't accept my password (I've been using for years), so I tried checking 'User Accounts' to see if the password has been changed, but when I go to User Accounts, I just got a blank/empty Window (stating that it is User Accounts Home), but no accounts or any information in the window. Getting a little worried, I decide to reboot into SafeMode, but I am still unable to access the User Accounts - so Google how to access User Accounts, and followed these instructions: Start / Run, and typed: 'control userpasswords2'. This brought up a User Accounts box with two tabs 'Users' and 'Advanced'. I was surprised to see that the User Account ‘Declan’ was listed under ‘Groups’ as ‘Administrators’, because this account has never been an administrators account, I have always configured the laptop to require me to log in as ‘Administrator’ requiring a password (to prevent malware) - this account was previously a ‘Standard user’ account.


Under the 'Advanced' tab (still in the User Account window), I selected 'Manage Passwords' but no accounts were generated in the new window headed 'Stored User Names and Passwords' ?,..so could only close out of this window and back to the 'Advanced' tab, where I selected the 'Advanced' button (in the ‘Advanced user management’ area of the window). This opened a window named 'Local Users and Groups'. I then selected ‘Users’ on the left window, and select the account 'Declan' in the right side panel, I right-click into Properties, the new window opens headed 'Declan Properties'. Under the 'General' tab it has 'Password never expires', all other fields are blank. Under 'Profile' all fields are blank (apart from 'Local path' showing as selected. Under the ‘Members of’ tab it shows ‘Administrators’…but as mentioned before this account was not an administrators account, but when I tried logging in as administrator it was not accepting my password, so I am assuming I have been hacked…after rebooting into safe mode I changed the password for the ‘Declan’ User Account (I’m a bit too nervous to change it back to ‘Standard User’ in case all kinds of problems kick off that I can’t deal with…I’m already beginning to struggle with all this passwords and accounts weirdness ), While in safe mode i changed the passwords and  I also set up a new/separate ‘Administrators’ account, and logged into this new account, and this time was able to run ‘Autoruns’ as Administrator but I still get the same message or warning reading: Error changing item state: Access is denied.


It was recommended that I run AntiVir Registry Cleaner. I ran the Avira Registry Cleaner, and rebooted as required – then I tried installing Avast again, but got the same message I was originally getting:


 ‘Another antivirus program has been detected – AntiVir Desktop – It is strongly recommended to uninstall AntiVir Desktop before continuing with your Avast installation. Running 2 antiviruses at the same time will slow down your computer and might make it unusable.’


The results of the Avira Registry Cleaner posted on #11 of the ‘unable to remove rogue malware antivir’ post.


It was recommended that I try deleting the following files manually:

c:\windows\system32\drivers\avipbb.sys

c:\windows\system32\drivers\avipbb.sys

c:\windows\system32\drivers\avgntflt.sys


My full reply can be seen at #11 – but in an attempt to reduce the length of this post, of essential relevance: I tried deleting the files but got the message ‘Cannot delete *** Access is denied’. I also tried changing the file names in the hope that I may then be able to delete them, but got the same message ‘‘Cannot rename  *** Access is denied’. I was also unable to wipe/shred using Glary Utilities, etc


Unlocker recommended and ran: Unlocker wasn’t able to delete the files or rename them.

During installation a pop-up message read ‘Unlocker Assistant – Some software running on your machine is conflicting with Unlocker Assistant. Unlocker Assistant will now be closed and disabled’


…not knowing whether the program needed the assistant, I just ran the program as you demo’d anyway. I tried the ‘Delete’ and then the ‘Rename’ options seperately with reboots for each, the original files were still there and no ‘renamed’ files were generated, so I’m guessing that the Unlocker Assistant is an essential element of the software. I tried it for both in case it was possible to delete one file, then allowing the other to be deleted, but no luck…and tried deleting or renaming by previous methods already tried, but again no luck.


 It was recommended I : go to Start=>Run, type regedit and click OK.
Registry Editor will open.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Right-Click Services and select Permissions...
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK. Restart computer and see if you can perform steps mentioned in my reply #8


I went to the ‘Services’ and selected ‘Permissions’, I couldn’t find ‘Everyone’, but have a ‘Users (M1210\Users)’ which I imagine is effectively the same – the settings were originally only ‘Read’ (Permissions), after changing to ‘Full Control’ I rebooted and tried deleting the files as per before, but it’s still not possible to delete or rename the files…under the ‘Owner’ tab of the same ‘Advanced Security Settings for Services’ screen, I also changed the ‘Current owner of this item’ from ‘Administrators (M1210\Administrators)’ to ‘Declan (M1210\Declan)’, rebooted, and tried all of the above again, but still no luck. (NB I have tried being logged into the Administrator/User and Declan/User).


It was recommended that I read the ‘Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help’ and follow instructions from #6 of the guide.


#6 of the Preparation Guide recommended I run Farbar Recovery Scan Tool (FRST).

Here are the FRST txt results:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-02-2016 01
Ran by Declan (administrator) on M1210 (22-02-2016 02:00:37)
Running from C:\Documents and Settings\Declan\Desktop\Farbar Recovery Scan Tool download 22-2-16
Loaded Profiles: Declan (Available Profiles: Declan & Fox & XPS ADMIN-2016 & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Microsoft Corporation) C:\WINDOWS\system32\netdde.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Iomega Corporation) C:\PROGRA~1\Iomega\System32\AppServices.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Creative Technology Ltd) C:\Program Files\Creative\Mixer\CTSVolFE.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Iomega) C:\Program Files\Iomega\DriveIcons\Imgicon.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Iomega Corporation) C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Iomega Corporation) C:\Program Files\Iomega\AutoDisk\ADService.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\SZDrvMon.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [995328 2007-10-08] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [1101824 2007-10-08] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1347584 2005-12-19] (Dell Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.)
HKLM\...\Run: [CTSVolFE.exe] => C:\Program Files\Creative\Mixer\CTSVolFE.exe [57344 2005-02-23] (Creative Technology Ltd)
HKLM\...\Run: [REGSHAVE] => C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [Clarus Drive Manager] => C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe [8135744 2013-12-18] (Clarus, Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [Iomega Drive Icons] => C:\Program Files\Iomega\DriveIcons\ImgIcon.exe [86016 2002-08-13] (Iomega)
HKLM\...\Run: [Deskup] => C:\Program Files\Iomega\DriveIcons\deskup.exe [32768 2002-07-16] (Iomega)
HKLM\...\Run: [ADUserMon] => C:\Program Files\Iomega\AutoDisk\ADUserMon.exe [147456 2002-09-24] (Iomega Corporation)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\Run: [Samsung Drive Manager] => C:\PROGRAM FILES\Clarus\SAMSUNG DRIVE MANAGER\DRIVE MANAGER.EXE [8135744 2013-12-18] (Clarus, Inc.)
HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37056 2016-02-01] (Glarysoft Ltd)
HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\MountPoints2: {1e374d82-5db8-11de-a8d3-001302ac25b3} - H:\InstallTomTomHOME.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2008-09-14]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2008-09-14]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk [2015-06-26]
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-73586283-2000478354-839522115-1003] => localhost:21320
AutoConfigURL: [S-1-5-21-73586283-2000478354-839522115-1003] => localhost:21320
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{414DDEF1-F943-4AB5-8A12-CD5A343A70E5}: [NameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-73586283-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/news
HKU\S-1-5-21-73586283-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope VWPT URL = hxxp://search.viewpoint.com/pl/search?tab=1&k={searchTerms}&addr=1&query=vb=1%26tn%3D0%26addr%3D1%26type%3Drel38w%26instid%3DViewpointV38w
SearchScopes: HKU\.DEFAULT -> VWPT URL = hxxp://search.viewpoint.com/pl/search?tab=1&k={searchTerms}&addr=1&query=vb=1%26tn%3D0%26addr%3D1%26type%3Drel38w%26instid%3DViewpointV38w
SearchScopes: HKU\S-1-5-21-73586283-2000478354-839522115-1003 -> DefaultScope {1D97782F-76A1-4C53-8519-D12D07CF4810} URL = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=
SearchScopes: HKU\S-1-5-21-73586283-2000478354-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-73586283-2000478354-839522115-1003 -> {1D97782F-76A1-4C53-8519-D12D07CF4810} URL = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: No Name -> {A7327C09-B521-4EDB-8509-7D2660C9EC98} -> No File
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-12-08] (Google Inc.)
Toolbar: HKLM - No Name - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {3041D03E-FD4B-44E0-B742-2D9B88305F98} -  No File
Toolbar: HKU\S-1-5-21-73586283-2000478354-839522115-1003 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-73586283-2000478354-839522115-1003 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {01113300-3E00-11D2-8470-0060089874ED} hxxp://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} hxxp://192.168.0.100:1080/AVC_AX_742.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Declan\Application Data\Mozilla\Firefox\Profiles\w1wqs26p.default-1452886103687
FF Homepage: hxxp://www.bbc.co.uk/news
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2009-07-21] (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-08-09] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-05] (Google)
FF Plugin: @pandasecurity.com/activescan -> C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll [2008-12-04] (Panda Security)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2008-04-04] (Viewpoint Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-04] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation) [File not signed]
S3 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [451840 2009-05-05] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Iomega App Services; C:\Program Files\Iomega\System32\AppServices.exe [73728 2002-09-04] (Iomega Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2006-03-03] (HP) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2613200 2015-10-12] (Paramount Software UK Ltd)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation) [File not signed]
S3 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1183744 2007-10-08] (Intel Corporation ) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.)
R2 SZDrvSvc; C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2013-12-18] (Clarus, Inc.) [File not signed]
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
R2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [356352 2007-10-08] (Intel Corporation) [File not signed]
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1200128 2005-12-19] (Dell Inc.) [File not signed]
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)
R2 _IOMEGA_ACTIVE_DISK_SERVICE_; C:\Program Files\Iomega\AutoDisk\ADService.exe [151552 2002-09-24] (Iomega Corporation) [File not signed]
S4 AntiVirSchedulerService; "E:\Downloads - XPS\Aviara updates\update July 09\Avira\AntiVir Desktop\sched.exe" [X]
S4 AntiVirService; "E:\Downloads - XPS\Aviara updates\update July 09\Avira\AntiVir Desktop\avguard.exe" [X]
S4 Iomega Activity Disk2; "" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2008-09-13] (Cisco Systems, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [56816 2009-12-07] (Avira GmbH)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH)
R0 BootDefragDriver; C:\WINDOWS\System32\drivers\BootDefragDriver.sys [14784 2015-03-30] (Glarysoft Ltd)
S3 camvid40; C:\WINDOWS\System32\DRIVERS\camdrv41.sys [1240576 2005-08-25] (Philips Consumer Electronics)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 EuDisk; C:\WINDOWS\System32\DRIVERS\EuDisk.sys [122504 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [17472 2015-12-30] (Glarysoft Ltd)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 hwusbfake; C:\WINDOWS\System32\DRIVERS\ewusbfake.sys [102656 2008-12-30] (Huawei Technologies Co., Ltd.)
R0 iomdisk; C:\WINDOWS\System32\DRIVERS\iomdisk.sys [30258 2002-09-04] (Iomega Corporation) [File not signed]
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2010-08-12] (Lavasoft AB)
R2 MASPINT; C:\WINDOWS\system32\Drivers\MASPINT.sys [8224 2002-06-21] (MicroStaff Co.,Ltd.) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 mdf16; C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys [18864 2012-06-21] ()
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
R3 mvd23; C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys [89008 2012-06-21] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2236032 2007-09-26] (Intel Corporation)
R1 networx; C:\WINDOWS\System32\drivers\networx.sys [55288 2014-11-03] (NetFilterSDK.com)
S3 nuvaudio; C:\WINDOWS\System32\DRIVERS\nuvaudio.sys [21088 2001-02-28] (Zoran Ltd.) [File not signed]
S3 NUVision; C:\WINDOWS\System32\DRIVERS\nuvision.sys [151616 2001-02-28] (Zoran Ltd.) [File not signed]
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16016 2015-10-12] (Windows ® Win 7 DDK provider)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12288 2007-08-27] (Intel Corporation)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [138384 2007-12-24] (Trend Micro Inc.)
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [565248 2009-02-27] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [522880 2009-02-27] (eMPIA Technology, Inc.)
S3 usbsermpt; C:\WINDOWS\System32\DRIVERS\usbsermpt.sys [22768 2008-09-27] (Microsoft Corporation) [File not signed]
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [534024 2014-08-13] (Check Point Software Technologies Ltd.)
S3 WIMMount; C:\Program Files\Macrium\Reflect\wimmount.sys [19024 2016-01-22] (Microsoft Corporation)
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S0 srescan; system32\ZoneLabs\srescan.sys [X]
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-22 01:59 - 2016-02-22 02:00 - 00000000 ____D C:\Documents and Settings\Declan\Desktop\Farbar Recovery Scan Tool download 22-2-16
2016-02-20 01:55 - 2016-02-20 01:55 - 00000000 ____D C:\Documents and Settings\XPS ADMIN-2016\Start Menu\Programs\Unlocker
2016-02-19 22:07 - 2016-02-20 02:13 - 00000000 ____D C:\Program Files\Unlocker
2016-02-19 22:07 - 2016-02-19 22:07 - 00000000 ____D C:\Documents and Settings\Declan\Start Menu\Programs\Unlocker
2016-02-18 02:40 - 2016-02-18 02:40 - 00000000 ____D C:\Documents and Settings\Declan\Desktop\Avira Registry Cleaner  18-2-16
2016-02-18 02:30 - 2016-02-18 02:32 - 00000000 ____D C:\Documents and Settings\XPS ADMIN-2016\Desktop\Avira registry cleaner
2016-02-18 01:37 - 2016-02-18 02:03 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-02-18 01:37 - 2016-02-18 01:37 - 00000000 ____D C:\Documents and Settings\Administrator
2016-02-18 01:37 - 2016-02-03 05:40 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
2016-02-18 01:37 - 2009-12-04 15:57 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2016-02-18 01:37 - 2008-09-13 23:12 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Intel
2016-02-18 01:37 - 2008-09-13 16:49 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents
2016-02-18 01:37 - 2008-09-13 16:49 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-02-18 01:37 - 2008-09-13 16:27 - 00001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2016-02-18 01:37 - 2008-09-13 16:27 - 00000792 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2016-02-18 00:28 - 2016-02-01 02:08 - 00704672 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\XPS ADMIN-2016\Desktop\Autoruns.exe
2016-02-18 00:23 - 2016-02-18 00:23 - 00000803 _____ C:\Documents and Settings\XPS ADMIN-2016\Start Menu\Programs\Internet Explorer.lnk
2016-02-18 00:23 - 2016-02-18 00:23 - 00000738 _____ C:\Documents and Settings\XPS ADMIN-2016\Start Menu\Programs\Outlook Express.lnk
2016-02-18 00:23 - 2016-02-18 00:23 - 00000000 ___RD C:\Documents and Settings\XPS ADMIN-2016\My Documents\My Pictures
2016-02-18 00:23 - 2016-02-18 00:23 - 00000000 ___RD C:\Documents and Settings\XPS ADMIN-2016\My Documents\My Music
2016-02-18 00:23 - 2016-02-18 00:23 - 00000000 ____D C:\Documents and Settings\XPS ADMIN-2016\Application Data\Active Disk
2016-02-18 00:22 - 2016-02-20 02:12 - 00000178 ___SH C:\Documents and Settings\XPS ADMIN-2016\ntuser.ini
2016-02-18 00:22 - 2016-02-20 01:54 - 00000000 ____D C:\Documents and Settings\XPS ADMIN-2016\Local Settings\Temp
2016-02-18 00:22 - 2016-02-18 00:23 - 00000788 _____ C:\Documents and Settings\XPS ADMIN-2016\Start Menu\Programs\Windows Media Player.lnk
2016-02-18 00:22 - 2016-02-18 00:23 - 00000000 ___RD C:\Documents and Settings\XPS ADMIN-2016\My Documents
2016-02-18 00:22 - 2016-02-18 00:22 - 00000000 ____D C:\Documents and Settings\XPS ADMIN-2016
2016-02-18 00:22 - 2016-02-03 05:40 - 00000000 ____D C:\Documents and Settings\XPS ADMIN-2016\Local Settings\Application Data\Temp
2016-02-18 00:22 - 2009-12-04 15:57 - 00000000 __SHD C:\Documents and Settings\XPS ADMIN-2016\IETldCache
2016-02-18 00:22 - 2008-09-13 23:12 - 00000000 ____D C:\Documents and Settings\XPS ADMIN-2016\Application Data\Intel
2016-02-18 00:22 - 2008-09-13 16:27 - 00001599 _____ C:\Documents and Settings\XPS ADMIN-2016\Start Menu\Programs\Remote Assistance.lnk
2016-02-15 14:32 - 2016-02-15 16:29 - 00000000 ____D C:\Documents and Settings\Declan\Desktop\Autoruns
2016-02-15 14:31 - 2016-02-14 04:00 - 00615478 _____ C:\Documents and Settings\Declan\Desktop\Autoruns.zip
2016-02-12 19:26 - 2016-02-12 20:41 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-12 19:26 - 2016-02-12 19:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-12 19:26 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-12 19:26 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-12 17:13 - 2016-02-22 02:00 - 00000000 ____D C:\FRST
2016-02-11 03:32 - 2016-02-14 20:09 - 00002465 _____ C:\Documents and Settings\All Users\Desktop\Sophos Virus Removal Tool.lnk
2016-02-11 03:32 - 2016-02-11 03:32 - 00000000 ____D C:\Program Files\Sophos
2016-02-11 03:32 - 2016-02-11 03:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
2016-02-11 02:15 - 2016-02-11 02:15 - 00000000 ____D C:\Program Files\Viewpoint
2016-02-11 02:15 - 2016-02-11 02:15 - 00000000 ____D C:\Program Files\Common Files\Viewpoint
2016-02-11 02:15 - 2016-02-11 02:15 - 00000000 ____D C:\Program Files\Check Point Software Technologies LTD
2016-02-11 02:15 - 2016-02-11 02:15 - 00000000 ____D C:\Documents and Settings\Declan\Local Settings\Application Data\Viewpoint
2016-02-11 02:15 - 2016-02-11 02:15 - 00000000 ____D C:\Documents and Settings\Declan\Application Data\Viewpoint
2016-02-11 02:15 - 2016-02-11 02:15 - 00000000 ____D C:\Documents and Settings\Declan\Application Data\Store
2016-02-11 02:15 - 2016-02-11 02:15 - 00000000 ____D C:\Documents and Settings\Declan\Application Data\Check Point Software Technologies LTD
2016-02-11 02:15 - 2016-02-11 02:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Viewpoint
2016-02-11 01:44 - 2016-02-03 01:14 - 00450796 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160211-014457.backup
2016-02-10 21:54 - 2016-02-11 02:15 - 00000000 ____D C:\AdwCleaner
2016-02-10 21:30 - 2016-02-11 02:16 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2016-02-10 21:29 - 2016-02-10 21:29 - 00000000 ____D C:\Documents and Settings\Declan\Local Settings\Application Data\Zemana
2016-02-10 21:10 - 2016-02-10 21:10 - 00043376 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-02-10 21:02 - 2016-02-10 21:02 - 00000000 ____D C:\Program Files\HitmanPro
2016-02-10 21:02 - 2016-02-10 21:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2016-02-10 20:52 - 2016-02-10 21:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2016-02-10 19:11 - 2016-02-12 19:26 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-02-10 19:11 - 2016-02-10 19:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-02-10 18:43 - 2016-02-12 19:13 - 00004808 _____ C:\Documents and Settings\Declan\Desktop\Rkill.txt
2016-02-10 18:34 - 2016-02-10 18:40 - 00158480 _____ C:\TDSSKiller.3.1.0.9_10.02.2016_18.34.03_log.txt
2016-02-09 17:01 - 2016-02-11 02:17 - 00000000 ___HD C:\Documents and Settings\Declan\Recent(2)
2016-02-05 03:51 - 2016-02-18 00:01 - 00000000 ____D C:\Documents and Settings\Declan\Desktop\Desktop folder
2016-02-03 06:01 - 2016-02-11 02:40 - 00000000 ____D C:\Documents and Settings\Declan\Application Data\WinPatrol
2016-02-03 05:40 - 2016-02-03 05:40 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Application Data\Temp
2016-02-03 05:26 - 2016-02-03 05:26 - 00000000 ____D C:\Documents and Settings\Declan\My Documents\ProcAlyzer Dumps
2016-02-03 01:14 - 2016-01-16 19:23 - 00450796 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160203-011425.backup
2016-02-02 14:38 - 2016-02-01 02:16 - 00101568 _____ (Glarysoft Ltd) C:\WINDOWS\system32\BootDefrag.exe
2016-02-02 14:38 - 2015-03-30 05:59 - 00014784 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\BootDefragDriver.sys
2016-01-23 00:53 - 2016-01-23 01:21 - 00000000 ____D C:\Documents and Settings\Declan\My Documents\Reflect

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-22 02:00 - 2008-09-13 16:34 - 00000000 ____D C:\Documents and Settings\Declan\Local Settings\Temp
2016-02-22 01:05 - 2015-07-17 21:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-21 19:57 - 2010-03-25 16:31 - 00001804 _____ C:\WINDOWS\ModemLog_Standard Modem.txt
2016-02-21 19:57 - 2008-09-13 23:02 - 00004274 _____ C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2016-02-21 19:56 - 2015-12-30 20:00 - 00000322 _____ C:\WINDOWS\Tasks\GlaryInitialize 5.job
2016-02-21 19:55 - 2015-06-06 04:33 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-02-21 19:55 - 2008-09-13 16:23 - 00000000 ____D C:\WINDOWS\Registration
2016-02-21 19:54 - 2008-09-13 16:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-21 19:53 - 2008-10-07 12:30 - 00032594 _____ C:\WINDOWS\SchedLgU.Txt
2016-02-21 19:53 - 2008-09-13 16:34 - 00000178 ___SH C:\Documents and Settings\Declan\ntuser.ini
2016-02-21 17:42 - 2008-09-14 01:04 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2016-02-21 04:06 - 2013-01-01 03:55 - 00000000 ____D C:\Documents and Settings\Declan\Application Data\vlc
2016-02-21 03:18 - 2004-08-10 11:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-20 02:45 - 2008-09-13 16:34 - 00000000 ____D C:\Documents and Settings\Declan
2016-02-20 01:46 - 2010-02-17 01:51 - 00000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2016-02-19 02:59 - 2008-09-13 16:33 - 00000000 ____D C:\WINDOWS\security
2016-02-19 02:53 - 2008-09-13 16:33 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-02-19 02:52 - 2008-09-13 16:33 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2016-02-18 02:04 - 2008-09-14 01:04 - 00000376 _____ C:\WINDOWS\ODBC.INI
2016-02-18 01:37 - 2008-09-13 16:48 - 00000000 ____D C:\Documents and Settings
2016-02-18 00:23 - 2004-08-10 11:00 - 00000860 _____ C:\WINDOWS\win.ini
2016-02-13 15:14 - 2015-12-30 20:00 - 00000000 ____D C:\Documents and Settings\Declan\Application Data\DiskDefrag
2016-02-12 20:45 - 2013-09-10 22:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-12 20:37 - 2008-09-14 07:47 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-12 20:35 - 2015-12-30 20:00 - 00000000 ____D C:\Program Files\Glary Utilities 5
2016-02-12 20:33 - 2012-11-28 17:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2016-02-12 15:45 - 2011-05-20 14:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2016-02-11 13:09 - 2009-12-08 00:42 - 00000820 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2016-02-11 08:48 - 2008-09-13 16:42 - 00000237 ___SH C:\boot.ini
2016-02-11 08:48 - 2004-08-10 11:00 - 00000227 _____ C:\WINDOWS\system.ini
2016-02-11 03:32 - 2009-09-25 15:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos
2016-02-11 02:24 - 2008-09-23 02:50 - 00000000 ____D C:\Documents and Settings\Fox
2016-02-11 02:24 - 2008-09-13 16:33 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-02-11 02:24 - 2008-09-13 16:32 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-02-11 02:18 - 2009-10-03 20:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CyberLink
2016-02-11 02:15 - 2012-11-27 23:35 - 00000000 ____D C:\Documents and Settings\Declan\Application Data\CheckPoint
2016-02-10 22:00 - 2014-03-28 02:14 - 00283682 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-02-10 20:40 - 2010-09-17 20:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2347290$
2016-02-10 20:39 - 2014-03-28 02:14 - 01481816 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-73586283-2000478354-839522115-1003-0.dat
2016-02-09 02:24 - 2008-09-13 16:34 - 00000000 ___RD C:\Documents and Settings\Declan\My Documents
2016-02-08 19:00 - 2008-09-26 01:43 - 00000000 ___RD C:\Documents and Settings\Declan\My Documents\My Videos
2016-02-06 23:42 - 2015-12-16 01:29 - 00000000 ____D C:\Documents and Settings\Declan\Local Settings\Application Data\Clarus
2016-02-05 23:37 - 2008-09-13 22:33 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-02-04 21:03 - 2008-11-03 00:02 - 00004054 _____ C:\WINDOWS\ModemLog_Motorola USB Modem #3.txt
2016-02-03 00:33 - 2015-06-06 04:33 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-02-02 22:27 - 2015-12-31 14:31 - 00000000 ____D C:\Documents and Settings\Declan\.VirtualBox
2016-02-02 15:16 - 2016-01-01 00:52 - 00000000 ____D C:\Documents and Settings\Declan\Application Data\Spotify
2016-02-02 15:11 - 2016-01-01 00:53 - 00000000 ____D C:\Documents and Settings\Declan\Local Settings\Application Data\Spotify
2016-02-02 14:17 - 2015-12-30 20:00 - 00000761 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities 5.lnk
2016-02-02 05:48 - 2012-05-16 20:31 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-02 05:48 - 2011-05-20 02:03 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-01-23 00:57 - 2008-09-13 16:33 - 00000000 ____D C:\WINDOWS\repair

==================== Files in the root of some directories =======

2015-12-20 15:52 - 2015-12-20 15:52 - 0000664 _____ () C:\Documents and Settings\Declan\Local Settings\Application Data\d3d9caps.dat
2008-09-14 20:30 - 2015-12-16 01:35 - 0145920 _____ () C:\Documents and Settings\Declan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-09-13 22:33 - 2008-09-13 22:33 - 0000129 _____ () C:\Documents and Settings\Declan\Local Settings\Application Data\fusioncache.dat
2008-09-14 07:02 - 2015-06-06 15:47 - 0006131 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================


Here are the Addition txt results:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-02-2016 01
Ran by Declan (2016-02-22 02:01:32)
Running from C:\Documents and Settings\Declan\Desktop\Farbar Recovery Scan Tool download 22-2-16
Microsoft Windows XP Professional Service Pack 3 (X86) (2008-09-13 16:31:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-73586283-2000478354-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-73586283-2000478354-839522115-1004 - Limited - Enabled)
Declan (S-1-5-21-73586283-2000478354-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Declan
Fox (S-1-5-21-73586283-2000478354-839522115-1006 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Fox
Guest (S-1-5-21-73586283-2000478354-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-73586283-2000478354-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-73586283-2000478354-839522115-1002 - Limited - Disabled)
XPS ADMIN-2016 (S-1-5-21-73586283-2000478354-839522115-1038 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\XPS ADMIN-2016

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AntiVir Desktop (Enabled - Out of date) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Active Disk (HKLM\...\Active Disk) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.1.601 - Adobe Systems, Inc.)
aTube Catcher version 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Audacity 2.1.1 (HKLM\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.05 - Avanquest Software)
BrainBooster (remove only) (HKLM\...\BrainBooster) (Version:  - )
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon MG4200 series On-screen Manual (HKLM\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG4200 series User Registration (HKLM\...\Canon MG4200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.10.47.3 - Dell Inc.)
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
FBackup 4 (HKLM\...\FBackup 4_is1) (Version:  -  Softland)
FinePixViewer Ver.4.0 (HKLM\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version:  - )
FlipShare (HKLM\...\{838DC5B4-2614-A98F-346B-B3BE3BE07CE7}) (Version: 4.1.2.38015 - Flip Video)
Freeware PDF Unlocker (HKLM\...\{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}) (Version: 1.0.4 - SMTguru)
FUJIFILM USB Driver (HKLM\...\{5490882C-6961-11D5-BAE5-00E0188E010B}) (Version:  - )
Glary Registry Repair 3.0 (HKLM\...\Glary Registry Repair_is1) (Version:  - GlarySoft.com)
Glary Utilities 5.44 (HKLM\...\Glary Utilities 5) (Version: 5.44.0.64 - Glarysoft Ltd)
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HouseCall 6.6 (HKLM\...\Trend Micro HouseCall 6.6) (Version: 6.6 - )
Huawei modem (HKLM\...\Huawei Modems) (Version:  - )
iDump (Backing up your iPod) (HKLM\...\iDump) (Version:  - Escsoft.com)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.5.0000 - Intel Corporation)
IomegaWare 4.0.2 (HKLM\...\IomegaWare) (Version:  - )
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.1.1023 - Paramount Software (UK) Ltd.) Hidden
Macromedia Dreamweaver MX (HKLM\...\{8B4AB829-DFD3-436D-B808-D9733D76C590}) (Version: 6.0 - Macromedia)
Macromedia Extension Manager (HKLM\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia)
Macromedia Flash MX (HKLM\...\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}) (Version: 6 - Macromedia)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
mCore (Version: 11.02.0000 - Intel Corporation) Hidden
mDriver (Version: 11.02.0000 - Intel) Hidden
mDrWiFi (Version: 11.02.0000 - Intel Corporation) Hidden
mHlpDell (Version: 11.02.0000 - Intel) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MicroStaff WINASPI NT (HKLM\...\MWASPINT) (Version:  - )
mIWA (Version: 11.02.0000 - Intel Corporation) Hidden
Mixer (HKLM\...\MIXERLITE) (Version:  - )
mLogView (Version: 11.02.0000 - Intel Corporation) Hidden
mMHouse (Version: 11.02.0000 - Intel Corporation) Hidden
MobTime Cell Phone Manager V6.6.5 (HKLM\...\MobTime Cell Phone Manager_is1) (Version:  - Singularity Software Ltd.)
Morpheus Photo Morpher v3.10 (HKLM\...\Morpheus Photo Morpher_is1) (Version:  - Morpheus Software, LLC)
Motorola Phone Tools (HKLM\...\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}) (Version: 4.1.2a 02-8-2006 - Avanquest Software)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
mPfMgr (Version: 11.02.0000 - Intel Corporation) Hidden
mPfWiz (Version: 11.02.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSCfg (Version: 11.02.0000 - Intel Corporation) Hidden
mSSO (Version: 11.02.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mWMI (Version: 11.02.0000 - Intel Corporation) Hidden
mZConfig (Version: 11.02.0000 - Intel Corporation) Hidden
NetWorx 5.3.3 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
NirSoft VideoCacheView (HKLM\...\NirSoft VideoCacheView) (Version:  - )
Oracle VM VirtualBox 5.0.12 (HKLM\...\{03909F3B-0C1A-47EE-8D07-14BB4423604A}) (Version: 5.0.12 - Oracle Corporation)
Philips SPC 900NC PC Camera (HKLM\...\{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}) (Version:  - )
PhotoNow! 1.0 (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 3.0.4004 - CyberLink Corporation)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version:  - )
PlayerLiteHJ 1.0.2.2.LHJ (HKLM\...\{B435433C-110A-4853-843A-7BD1EE59624E}_is1) (Version: 1.0.2.2.LHJ - AVTECH)
PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version:  - )
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
Professor Answers (HKLM\...\Professor Answers) (Version:  - Individual Software, Inc.)
Professor Teaches PowerPoint 2007 (HKLM\...\Professor Teaches PowerPoint 2007) (Version: 1.0 - Individual Software, Inc.)
RAW FILE CONVERTER LE (HKLM\...\{D680C913-5955-469D-9D88-C1940F7506D6}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Drive Manager (HKLM\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.172 - Clarus, Inc.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 2.2.00.09190 - Sony Corporation)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Sound Blaster Audigy ADVANCED MB Demo (HKLM\...\CTMBDemo_Audigy) (Version:  - )
Spotify (HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.4 (HKLM\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
Switch Sound File Converter (HKLM\...\Switch) (Version:  - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
TCDIT-1.0 (HKLM\...\TCDIT-1.0) (Version: 1.0.4.0 - Swinburne University Of Technology)
Test and Improve your Memory (HKLM\...\Test and Improve your Memory) (Version: 1.0 - SBT)
TypingMaster TypingTest (HKLM\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB874}_is1) (Version: 6.30 - TypingMaster Inc)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Video Viewer (HKLM\...\Video Viewer) (Version: 0.1.7.4 - )
Viewpoint Manager (Remove Only) (HKLM\...\Viewpoint Manager) (Version:  - )
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
What's Running 2.2 (HKLM\...\What's Running_is1) (Version: 2.2 - WhatsRunning.net)
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
ZoneAlarm Firewall (Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Critical Battery Alarm Program.job => Fj Declan
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2007-10-08 13:03 - 2007-10-08 13:03 - 00245760 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2008-09-14 04:57 - 2005-12-19 08:08 - 00018944 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2008-09-14 04:57 - 2005-12-19 08:08 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2004-08-10 11:00 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-10 11:00 - 2013-01-02 06:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-10 11:00 - 2008-04-14 00:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 11:00 - 2008-04-14 00:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-06-06 04:32 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-06 04:32 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-06 04:32 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-06 04:32 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-06 04:32 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-07-04 21:32 - 2010-07-04 21:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2010-07-04 21:32 - 2010-07-04 21:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2004-08-10 11:00 - 2008-03-25 04:50 - 00355112 _____ () C:\WINDOWS\system32\msjetoledb40.dll
2002-07-16 11:56 - 2002-07-16 09:55 - 00081920 _____ () C:\Program Files\Iomega\Common\IoATLDrv.dll
2010-07-04 19:51 - 2010-07-04 19:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE trusted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\mailonsunday.co.uk -> hxxps://www.mailonsunday.co.uk
IE trusted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\microsoft.com -> hxxps://*.update.microsoft.com
IE trusted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\windowsupdate.com -> hxxps://download.windowsupdate.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-73586283-2000478354-839522115-1003\...\1-2005-search.com -> www.1-2005-search.com

There are 12686 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 11:00 - 2016-02-11 01:44 - 00450927 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    localhost127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15469 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-73586283-2000478354-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Declan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: Media is not connected to internet.
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: kdx =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\ZoneLabs\vsmon.exe] => Enabled:vsmon
StandardProfile\AuthorizedApplications: [C:\Program Files\NetWorx\networx.exe] => Enabled:SoftPerfect NetWorx
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007

==================== Restore Points =========================

02-02-2016 13:20:38 System Checkpoint
03-02-2016 16:00:58 System Checkpoint
05-02-2016 04:32:46 System Checkpoint
08-02-2016 15:42:56 System Checkpoint
10-02-2016 19:46:18 System Checkpoint
10-02-2016 21:18:33 Checkpoint by HitmanPro
10-02-2016 21:26:09 Checkpoint by HitmanPro
11-02-2016 01:39:03 Revo Uninstaller's restore point - WinPatrol 2009
11-02-2016 02:14:55 Restore Operation
11-02-2016 02:38:11 Revo Uninstaller's restore point - WinPatrol 2009
11-02-2016 02:58:16 avast! antivirus system restore point
11-02-2016 03:32:03 Installed Sophos Virus Removal Tool.
12-02-2016 19:43:48 System Checkpoint
12-02-2016 20:37:13 Software Distribution Service 3.0
14-02-2016 04:03:23 System Checkpoint
15-02-2016 14:09:18 System Checkpoint
17-02-2016 17:11:08 System Checkpoint
21-02-2016 21:02:35 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Intel® PRO/Wireless 3945ABG Network Connection
Description: Intel® PRO/Wireless 3945ABG Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: NETw4x32
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2016 07:32:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (02/21/2016 07:32:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x016c0fef.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/20/2016 12:30:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x01680fef.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/19/2016 10:27:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x01620fef.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/19/2016 02:56:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (02/19/2016 02:55:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x02220fef.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/17/2016 05:02:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x00d80fef.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/16/2016 02:31:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (02/14/2016 03:44:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x00d80fef.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/13/2016 05:23:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]


System errors:
=============
Error: (02/21/2016 11:40:23 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 239 minutes.
NtpClient has no source of accurate time.

Error: (02/21/2016 11:40:23 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 240
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/21/2016 10:41:28 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (02/21/2016 09:40:23 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.

Error: (02/21/2016 09:40:23 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 120
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/21/2016 08:40:23 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Error: (02/21/2016 08:40:23 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 60
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/21/2016 08:10:23 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (02/21/2016 08:10:23 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/21/2016 07:57:47 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of memory in use: 22%
Total physical RAM: 3318.12 MB
Available physical RAM: 2568.38 MB
Total Virtual: 5202.07 MB
Available Virtual: 4555.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:10.44 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (New Volume) (Fixed) (Total:62.96 GB) (Free:54.67 GB) NTFS
Drive l: (New Volume) (Fixed) (Total:63.07 GB) (Free:62.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 002C002C)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=63 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=63.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=58 GB) - (Type=05)

==================== End of Addition.txt ============================


I have not done anything yet with FRST, as recommended, I will wait until instructed

I apologise for the length of this post!

Many thanks


 



BC AdBot (Login to Remove)

 


#2 John836

John836
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 22 February 2016 - 08:39 PM

Please note the above post has been posted twice by error. It has also been posted on this link: http://www.bleepingcomputer.com/forums/t/606165/unable-to-remove-rougue-antivir/

 

when I tried to post my query, it kept coming up with a 'Timed out' 'Error 524' page showing 'Bleeping computer / Host / Error', so I closed my browser, cleared the cache, and tried again, I still got the same message that I had been 'timed out' with the error 524, it was only when I was trying to see if other pages on Bleeping Computer were working that I noticed my posts had been posted in the 'Recent Topics' at the top right side of the 'Forums' page.

 

Could one of the posts be removed in case two people starting to work on the same post/query from the different links.

 

Thanks

 

Mod edit: Done. There were actually 5 posts, the hangs that look like your post hasn't gone through happen sometimes, not a problem.


Edited by Platypus, 22 February 2016 - 08:41 PM.


#3 John836

John836
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 22 February 2016 - 09:13 PM

wow!...I'm glad you picked up on that...thanks Platypus



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:52 PM

Posted 27 February 2016 - 08:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/606169 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:52 PM

Posted 27 February 2016 - 08:15 PM

Greetings John836 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ProxyServer: [S-1-5-21-73586283-2000478354-839522115-1003] => localhost:21320
AutoConfigURL: [S-1-5-21-73586283-2000478354-839522115-1003] => localhost:21320
SearchScopes: HKLM -> DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope VWPT URL = hxxp://search.viewpoint.com/pl/search?tab=1&k={searchTerms}&addr=1&query=vb=1%26tn%3D0%26addr%3D1%26type%3Drel38w%26instid%3DViewpointV38w
SearchScopes: HKU\.DEFAULT -> VWPT URL = hxxp://search.viewpoint.com/pl/search?tab=1&k={searchTerms}&addr=1&query=vb=1%26tn%3D0%26addr%3D1%26type%3Drel38w%26instid%3DViewpointV38w
SearchScopes: HKU\S-1-5-21-73586283-2000478354-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => No File
BHO: No Name -> {A7327C09-B521-4EDB-8509-7D2660C9EC98} -> No File
Toolbar: HKLM - No Name - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {3041D03E-FD4B-44E0-B742-2D9B88305F98} -  No File
Toolbar: HKU\S-1-5-21-73586283-2000478354-839522115-1003 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-73586283-2000478354-839522115-1003 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} hxxp://192.168.0.100:1080/AVC_AX_742.cab
S4 AntiVirSchedulerService; "E:\Downloads - XPS\Aviara updates\update July 09\Avira\AntiVir Desktop\sched.exe" [X]
S4 AntiVirService; "E:\Downloads - XPS\Aviara updates\update July 09\Avira\AntiVir Desktop\avguard.exe" [X]
S4 Iomega Activity Disk2; "" [X]
S4 IntelIde; no ImagePath
S0 srescan; system32\ZoneLabs\srescan.sys [X]
U1 WS2IFSL; no ImagePath
AV: AntiVir Desktop (Enabled - Out of date) {AD166499-45F9-482A-A743-FDD3350758C7}
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Upd
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 John836

John836
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 28 February 2016 - 08:13 PM

Hi Gary, thanks for taking the time to help me…my name is John (the ‘Declan’ you see in the laptop is used for identifying the laptop for wireless printing etc).

 

I have followed your instructions and ran FRST, here is the Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by Declan (2016-02-29 00:31:22) Run:1
Running from C:\Documents and Settings\Declan\Desktop
Loaded Profiles: Declan (Available Profiles: Declan & Fox & XPS ADMIN-2016 & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ProxyServer: [S-1-5-21-73586283-2000478354-839522115-1003] => localhost:21320
AutoConfigURL: [S-1-5-21-73586283-2000478354-839522115-1003] => localhost:21320
SearchScopes: HKLM -> DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope VWPT URL = hxxp://search.viewpoint.com/pl/search?tab=1&k={searchTerms}&addr=1&query=vb=1%26tn%3D0%26addr%3D1%26type%3Drel38w%26instid%3DViewpointV38w
SearchScopes: HKU\.DEFAULT -> VWPT URL = hxxp://search.viewpoint.com/pl/search?tab=1&k={searchTerms}&addr=1&query=vb=1%26tn%3D0%26addr%3D1%26type%3Drel38w%26instid%3DViewpointV38w
SearchScopes: HKU\S-1-5-21-73586283-2000478354-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => No File
BHO: No Name -> {A7327C09-B521-4EDB-8509-7D2660C9EC98} -> No File
Toolbar: HKLM - No Name - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {3041D03E-FD4B-44E0-B742-2D9B88305F98} -  No File
Toolbar: HKU\S-1-5-21-73586283-2000478354-839522115-1003 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-73586283-2000478354-839522115-1003 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} hxxp://192.168.0.100:1080/AVC_AX_742.cab
S4 AntiVirSchedulerService; "E:\Downloads - XPS\Aviara updates\update July 09\Avira\AntiVir Desktop\sched.exe" [X]
S4 AntiVirService; "E:\Downloads - XPS\Aviara updates\update July 09\Avira\AntiVir Desktop\avguard.exe" [X]
S4 Iomega Activity Disk2; "" [X]
S4 IntelIde; no ImagePath
S0 srescan; system32\ZoneLabs\srescan.sys [X]
U1 WS2IFSL; no ImagePath
AV: AntiVir Desktop (Enabled - Out of date) {AD166499-45F9-482A-A743-FDD3350758C7}
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Upd
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-73586283-2000478354-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\S-1-5-21-73586283-2000478354-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\VWPT" => key removed successfully.
HKCR\CLSID\VWPT => key not found.
"HKU\S-1-5-21-73586283-2000478354-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully.
"HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}" => key removed successfully.
HKCR\CLSID\{A7327C09-B521-4EDB-8509-7D2660C9EC98} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{F8AD5AA5-D966-4667-9DAF-2561D68B2012} => value removed successfully.
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012} => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} => value removed successfully.
HKCR\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98} => key not found.
HKU\S-1-5-21-73586283-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value removed successfully.
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found.
HKU\S-1-5-21-73586283-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value removed successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{971FC730-55F1-461F-83FD-B3BF5E1F039E}" => key removed successfully.
"HKCR\CLSID\{971FC730-55F1-461F-83FD-B3BF5E1F039E}" => key removed successfully.
AntiVirSchedulerService => service could not remove
AntiVirService => service could not remove
Iomega Activity Disk2 => service removed successfully.
IntelIde => service removed successfully.
srescan => service removed successfully.
WS2IFSL => service removed successfully.ri
AV: AntiVir Desktop (Enabled - Out of date) {AD166499-45F9-482A-A743-FDD3350758C7} => removed successfully.
C:\WINDOWS\Tasks\Google Software Updater.job => moved successfully


The system needed a reboot.

==== End of Fixlog 00:31:47 ====

 

After fully rebooting, I followed the instructions to get a System Summary file (via run), but msinfo32 didn't startup/nothing was generated - I tried a few times, but no luck. I have not tried anything else as instructed, and will wait until you let me know what I need to do to obtain the System Summary file.

 

Thanks again, John



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:52 PM

Posted 28 February 2016 - 09:06 PM

Thanks, don't worry about the System Summary report.

Please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook for 64 bit or 32 bit systems and save it to your Desktop.
  • Right click on SystemLook.exe and select Run As Administrator (Windows XP simply double click)
  • Copy the content of the following codebox into the main textfield:
:regfind
AntiVirSchedulerService
AntiVirService
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Copy and paste the contents of the report in your reply or, if necessary, zip and attach the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SystemLook report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 John836

John836
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 28 February 2016 - 09:44 PM

Hi Gary, I have done as recommended – here is the SystemLook results:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 02:19 on 29/02/2016 by Declan
Administrator - Elevation successful

========== regfind ==========

Searching for "AntiVirSchedulerService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE\0000]
"Service"="AntiVirSchedulerService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirSchedulerService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE\0000]
"Service"="AntiVirSchedulerService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirSchedulerService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE\0000]
"Service"="AntiVirSchedulerService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirSchedulerService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirSchedulerService\Enum]
"0"="Root\LEGACY_ANTIVIRSCHEDULERSERVICE\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE\0000]
"Service"="AntiVirSchedulerService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService\Enum]
"0"="Root\LEGACY_ANTIVIRSCHEDULERSERVICE\0000"

Searching for "AntiVirService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSERVICE\0000]
"Service"="AntiVirService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSERVICE\0000]
"Service"="AntiVirService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSERVICE\0000]
"Service"="AntiVirService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirService\Enum]
"0"="Root\LEGACY_ANTIVIRSERVICE\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSERVICE\0000]
"Service"="AntiVirService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService\Enum]
"0"="Root\LEGACY_ANTIVIRSERVICE\0000"

-= EOF =-

 

Just an additional update to the previous...I tried to see if I could get it (System Summary) via: Start -> Programs -> Accessories -> System Tools -> System Information…but no luck again.

 

Then did a Google on how to access the info from another method…interestingly I learned a new way by running ‘dxdiag’ from run – I have compressed the file generated, and attached.

 

Curiously…or should I say worryingly, I went to System Information via : Start -> Computer -> Manage…then clicked on Services in the Computer Management dialog screen, and for  

The first time ever, there is nothing there. I have also attached a copy of a print-screen taken.

 

Thanks, John

Attached Files


Edited by John836, 28 February 2016 - 09:46 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:52 PM

Posted 28 February 2016 - 10:00 PM

Thank you, let's work on this first.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Boot into Safe Mode
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirSchedulerService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirSchedulerService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirSchedulerService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService"
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 John836

John836
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 28 February 2016 - 10:11 PM

ok, have run FRST with the new fixlist - here is the scan results:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by Declan (2016-02-29 03:07:55) Run:2
Running from C:\Documents and Settings\Declan\Desktop
Loaded Profiles: Declan (Available Profiles: Declan & Fox & XPS ADMIN-2016 & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirSchedulerService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirSchedulerService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirSchedulerService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService"
*****************


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE" =========


Permanently delete the registry key SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirSchedulerService" =========


Permanently delete the registry key SYSTEM\ControlSet001\Services\AntiVirSchedulerService (Y/N)?
The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE" =========


Permanently delete the registry key SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirSchedulerService" =========


Permanently delete the registry key SYSTEM\ControlSet002\Services\AntiVirSchedulerService (Y/N)?
The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE" =========


Permanently delete the registry key SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirSchedulerService" =========


Permanently delete the registry key SYSTEM\ControlSet003\Services\AntiVirSchedulerService (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE" =========


Permanently delete the registry key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService" =========


Permanently delete the registry key SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSERVICE" =========


Permanently delete the registry key SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirService" =========


Permanently delete the registry key SYSTEM\ControlSet001\Services\AntiVirService (Y/N)?
The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSERVICE" =========


Permanently delete the registry key SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirService" =========


Permanently delete the registry key SYSTEM\ControlSet002\Services\AntiVirService (Y/N)?
The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSERVICE" =========


Permanently delete the registry key SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirService" =========


Permanently delete the registry key SYSTEM\ControlSet003\Services\AntiVirService (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSERVICE" =========


Permanently delete the registry key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService" =========


Permanently delete the registry key SYSTEM\CurrentControlSet\Services\AntiVirService (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


==== End of Fixlog 03:07:57 ====

 

Thanks, John



#11 John836

John836
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 28 February 2016 - 10:23 PM

Sorry Gary, I forgot to run it in Safe Mode..doing it now....



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:52 PM

Posted 28 February 2016 - 10:33 PM

Thanks John, those registry keys don't want to cooperate. Please do this.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • Copy and paste the following into the white box:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirSchedulerService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirService 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService
  • Check the Delete Keys/Values including Locked/Null embedded radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 John836

John836
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 28 February 2016 - 10:39 PM

Sorry Gary, before I run the MinRegTool (in case running the FRST/fixfile in SafeMode solves the problem) I've run the FRST again (as I should have done in before), these are the scan results after running in Safe Mode:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by Declan (2016-02-29 03:27:16) Run:3
Running from C:\Documents and Settings\Declan\Desktop
Loaded Profiles: Declan (Available Profiles: Declan & Fox & XPS ADMIN-2016 & Administrator)
Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:
*****************
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirSchedulerService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirSchedulerService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirSchedulerService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSERVICE"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService"
*****************


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE" =========


Permanently delete the registry key SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirSchedulerService" =========


Permanently delete the registry key SYSTEM\ControlSet001\Services\AntiVirSchedulerService (Y/N)?
Error:  The system was unable to find the specified registry key or value


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE" =========


Permanently delete the registry key SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirSchedulerService" =========


Permanently delete the registry key SYSTEM\ControlSet002\Services\AntiVirSchedulerService (Y/N)?
Error:  The system was unable to find the specified registry key or value


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE" =========


Permanently delete the registry key SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirSchedulerService" =========


Permanently delete the registry key SYSTEM\ControlSet003\Services\AntiVirSchedulerService (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE" =========


Permanently delete the registry key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSCHEDULERSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService" =========


Permanently delete the registry key SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSERVICE" =========


Permanently delete the registry key SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIVIRSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirService" =========


Permanently delete the registry key SYSTEM\ControlSet001\Services\AntiVirService (Y/N)?
Error:  The system was unable to find the specified registry key or value


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSERVICE" =========


Permanently delete the registry key SYSTEM\ControlSet002\Enum\Root\LEGACY_ANTIVIRSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirService" =========


Permanently delete the registry key SYSTEM\ControlSet002\Services\AntiVirService (Y/N)?
Error:  The system was unable to find the specified registry key or value


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSERVICE" =========


Permanently delete the registry key SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIVIRSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirService" =========


Permanently delete the registry key SYSTEM\ControlSet003\Services\AntiVirService (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSERVICE" =========


Permanently delete the registry key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIVIRSERVICE (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService" =========


Permanently delete the registry key SYSTEM\CurrentControlSet\Services\AntiVirService (Y/N)?
Error:  Access is denied.


========= End of Reg: =========


==== End of Fixlog 03:27:17 ====

 

Should, I run the MiniRegTool now?...



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:52 PM

Posted 28 February 2016 - 10:40 PM

Yes please run MiniRegTool.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 John836

John836
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 28 February 2016 - 10:43 PM

Should I run it in Safe or normal mode Gary






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users