Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows components suddenly missing after popups but all scans clean (XP)


  • This topic is locked This topic is locked
25 replies to this topic

#1 meeshemee

meeshemee

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 AM

Posted 02 April 2017 - 09:41 PM

this past week my windows media player went missing. i added it via the installation cd. today my volume is missing from the taskbar.when i tried to click the button to add it to the taskbar it says i cannot because it is not installed (my audio was fine 15 mins. ago).

 

my malwarebytes scans (malwarebytes, adwcleaner and malwarebytes anti rootkit) have ALL always been clean but ESET constantly says 5 results - win32 computrace.. regardless how many times i 'clean' them the scan is the same each time. i have adblockers activated but this week for some reason there were tons of ads popping up and links redirected (though my blockers say they stopped it) and it's since then that things are going missing.

 

(for the past few months my avast free has been saying that there is a virus in system volume information (BAK files)/system restore files but someone on bleeping ran me through a dozen trsts and scans and he said that he didn't see why it would be saying that (it says it after turning system restore on and off a dozen times with no change - it has never been solved but computer ran fine regardless until now and i stopped running avast scans).

 

not skilled in finding where on the driver cd is my audio in order to replace it.

thanks - LOG below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Meesh (administrator) on MEESH (02-04-2017 22:26:38)
Running from C:\Documents and Settings\Michelle\Desktop
Loaded Profiles: Meesh (Available Profiles: Meesh & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Flux Software LLC) C:\Documents and Settings\Michelle\Local Settings\Application Data\FluxSoftware\Flux\flux.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2220032 2008-10-24] (Dell Inc.)
HKLM\...\Run: [AESTFltr] => C:\WINDOWS\system32\AESTFltr.exe [729088 2009-02-20] (Andrea Electronics Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-03-30] (AVAST Software)
HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\Policies\Explorer: [NoInstrumentation] 1
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-03-30] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Flux.lnk [2014-04-25]
ShortcutTarget: Flux.lnk -> C:\Documents and Settings\Michelle\Local Settings\Application Data\FluxSoftware\Flux\flux.exe (Flux Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.197.128.2 209.197.128.5
Tcpip\..\Interfaces\{DBBE1544-E486-4338-93FA-79A615A21BC7}: [DhcpNameServer] 209.197.128.2 209.197.128.5

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-602162358-706699826-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-602162358-706699826-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-602162358-706699826-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
SearchScopes: HKU\S-1-5-21-602162358-706699826-1801674531-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468 [2017-04-02]
FF Extension: (Disconnect) - C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468\Extensions\2.0@disconnect.me.xpi [2017-03-31]
FF Extension: (Adguard AdBlocker) - C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468\Extensions\adguardadblocker@adguard.com.xpi [2017-03-31]
FF Extension: (Yahoo Mail Hide Ad Panel) - C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2017-03-31]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-31]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Program Files\Mozilla Firefox\browser\extensions\adblockpopups@jessehakanen.net.xpi [2016-05-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-21] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)

Chrome:
=======
CHR Profile: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-04-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-14]
CHR Extension: (Adguard AdBlocker) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-03-10]
CHR Extension: (YouTube) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-14]
CHR Extension: (Disconnect) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2017-04-01]
CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-03-10]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-01]
CHR Extension: (Gmail) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Asset Management Daemon; C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe [114688 2008-02-13] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5758120 2017-03-29] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-03-30] (AVAST Software)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [139632 2012-09-26] (Portrait Displays, Inc.)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
S4 O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [72224 2009-01-08] (O2Micro International)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [123248 2012-09-18] (Portrait Displays, Inc.)
R2 rpcnet; C:\WINDOWS\system32\rpcnet.exe [78032 2017-01-24] (Absolute Software Corp.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1961984 2008-10-24] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [112512 2009-02-20] (Andrea Electronics Corporation)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [255184 2017-03-29] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [148208 2017-03-29] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [267528 2017-03-29] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [41176 2017-03-29] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34136 2017-03-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [106904 2017-03-30] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [60760 2017-03-30] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [62152 2017-03-30] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [764064 2017-03-30] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [472760 2017-03-30] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184208 2017-03-30] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35144 2014-07-04] (The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [279800 2017-03-30] (AVAST Software)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1287552 2008-10-24] (Broadcom Corporation)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-03-23] (Broadcom Corporation.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59904 2017-04-01] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [148256 2017-03-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39360 2017-04-02] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220088 2017-04-02] (Malwarebytes)
R3 O2MDGRDR; C:\WINDOWS\System32\DRIVERS\o2mdg.sys [51616 2009-01-08] (O2Micro )
R3 O2SDGRDR; C:\WINDOWS\System32\DRIVERS\o2sdg.sys [41760 2009-01-08] (O2Micro )
R3 PdiPorts; C:\WINDOWS\System32\Drivers\PdiPorts.sys [17136 2010-05-14] (Portrait Displays, Inc.)
S1 Pivot; C:\WINDOWS\System32\drivers\pivot.sys [17465 2010-05-13] (Portrait Displays, Inc.) [File not signed]
S3 pivotmou; C:\WINDOWS\System32\drivers\pivotmou.sys [11323 2010-05-13] (Portrait Displays, Inc.) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1548339 2009-02-20] (IDT, Inc.)
S3 catchme; \??\C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-02 22:26 - 2017-04-02 22:27 - 00011975 _____ C:\Documents and Settings\Michelle\Desktop\FRST.txt
2017-04-02 22:25 - 2017-04-02 22:26 - 00000000 ___DC C:\FRST
2017-04-02 22:25 - 2017-04-02 22:25 - 01766912 _____ (Farbar) C:\Documents and Settings\Michelle\Desktop\FRST.exe
2017-04-02 21:48 - 2017-04-02 21:58 - 00001891 _____ C:\WINDOWS\imsins.BAK
2017-04-02 21:34 - 2017-04-02 21:34 - 00000000 ____D C:\WINDOWS\system32\vmm32
2017-04-02 17:15 - 2017-04-02 21:26 - 00003040 _____ C:\Documents and Settings\Michelle\Desktop\Rkill.txt
2017-04-02 13:47 - 2017-04-02 16:21 - 00128306 _____ C:\WINDOWS\ntbtlog.txt
2017-04-01 23:24 - 2017-04-01 23:24 - 00001373 _____ C:\Documents and Settings\Michelle\Desktop\cmd.exe.lnk
2017-04-01 23:11 - 2017-04-01 23:11 - 00000000 _____ C:\Documents and Settings\Michelle\Desktop\sfcdetails.txt
2017-04-01 23:10 - 2003-03-24 16:52 - 00020540 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET11E0.tmp
2017-04-01 23:10 - 2003-03-24 16:52 - 00020540 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET11D7.tmp
2017-04-01 23:08 - 2001-08-17 22:36 - 00023040 ____C (Xerox Corporation) C:\WINDOWS\system32\dllcache\SET11BE.tmp
2017-04-01 23:07 - 2001-08-17 22:37 - 00099865 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\SET11B0.tmp
2017-04-01 23:07 - 2001-08-17 22:37 - 00027648 ____C () C:\WINDOWS\system32\dllcache\SET11B6.tmp
2017-04-01 23:07 - 2001-08-17 22:37 - 00004608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET11B3.tmp
2017-04-01 23:06 - 2001-08-17 22:36 - 00087040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET1164.tmp
2017-04-01 23:04 - 2008-04-14 05:42 - 00053760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET10CC.tmp
2017-04-01 23:03 - 2001-08-17 22:36 - 00094720 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET1085.tmp
2017-04-01 23:03 - 2001-08-17 22:36 - 00050688 ____C (UMAX DATA SYSTEMS INC.) C:\WINDOWS\system32\dllcache\SET1077.tmp
2017-04-01 23:03 - 2001-08-17 22:36 - 00050176 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET1070.tmp
2017-04-01 23:03 - 2001-08-17 22:36 - 00047616 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET106D.tmp
2017-04-01 23:03 - 2001-08-17 22:36 - 00026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET107E.tmp
2017-04-01 23:02 - 2001-08-17 22:36 - 00031744 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\SET102B.tmp
2017-04-01 23:02 - 2001-08-17 22:35 - 00042496 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\SET1032.tmp
2017-04-01 23:01 - 2001-08-17 22:36 - 00094293 ____C (Perle Systems Ltd. ) C:\WINDOWS\system32\dllcache\SETFC5.tmp
2017-04-01 23:01 - 2001-08-17 22:36 - 00053760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETFB4.tmp
2017-04-01 23:01 - 2001-08-17 22:36 - 00053248 ____C (Stallion Technologies) C:\WINDOWS\system32\dllcache\SETFA2.tmp
2017-04-01 23:01 - 2001-08-17 22:36 - 00010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETFBA.tmp
2017-04-01 23:01 - 2001-08-17 22:36 - 00010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETFB7.tmp
2017-04-01 23:00 - 2001-08-17 22:36 - 00114688 ____C (Sony Corporation) C:\WINDOWS\system32\dllcache\SETF69.tmp
2017-04-01 23:00 - 2001-08-17 22:36 - 00106584 ____C (Perle Systems Ltd.) C:\WINDOWS\system32\dllcache\SETF77.tmp
2017-04-01 23:00 - 2001-08-17 22:36 - 00099328 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETF88.tmp
2017-04-01 23:00 - 2001-08-17 22:36 - 00024660 ____C (Perle Systems Ltd.) C:\WINDOWS\system32\dllcache\SETF81.tmp
2017-04-01 23:00 - 2001-08-17 22:36 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETF50.tmp
2017-04-01 23:00 - 2001-08-17 12:51 - 00037040 ____C (Sony Corporation) C:\WINDOWS\system32\dllcache\SETF6C.tmp
2017-04-01 23:00 - 2001-08-17 12:51 - 00020752 ____C (Sony Corporation) C:\WINDOWS\system32\dllcache\SETF65.tmp
2017-04-01 22:59 - 2008-04-14 05:42 - 00286792 ____C (Smart Link) C:\WINDOWS\system32\dllcache\SETEA3.tmp
2017-04-01 22:59 - 2008-04-14 05:42 - 00032866 ____C (Smart Link) C:\WINDOWS\system32\dllcache\SETEBA.tmp
2017-04-01 22:59 - 2001-08-17 22:36 - 00045568 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETEF3.tmp
2017-04-01 22:59 - 2001-08-17 22:36 - 00028672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETEE9.tmp
2017-04-01 22:59 - 2001-08-17 22:36 - 00028160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETEDD.tmp
2017-04-01 22:59 - 2001-08-17 22:36 - 00012288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETF2C.tmp
2017-04-01 22:58 - 2008-04-13 22:05 - 00032768 ____C (SiS Corporation) C:\WINDOWS\system32\dllcache\SETE88.tmp
2017-04-01 22:58 - 2001-08-17 22:36 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETE3D.tmp
2017-04-01 22:57 - 2001-08-17 22:36 - 00082432 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\SETDD4.tmp
2017-04-01 22:56 - 2008-04-14 05:42 - 00027648 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\SETDC4.tmp
2017-04-01 22:56 - 2001-08-17 22:36 - 00079872 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\SETDD1.tmp
2017-04-01 22:56 - 2001-08-17 22:36 - 00023040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETD84.tmp
2017-04-01 22:56 - 2001-08-17 22:36 - 00009216 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\SETDA6.tmp
2017-04-01 22:55 - 2001-08-17 22:36 - 00041472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETD6A.tmp
2017-04-01 22:54 - 2008-04-14 05:42 - 00363520 ____C C:\WINDOWS\system32\dllcache\SETD24.tmp
2017-04-01 22:54 - 2001-08-17 22:37 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETCD3.tmp
2017-04-01 22:54 - 2001-08-17 22:36 - 00121344 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETCEC.tmp
2017-04-01 22:54 - 2001-08-17 22:36 - 00035328 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETD27.tmp
2017-04-01 22:54 - 2001-08-17 22:36 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETCD6.tmp
2017-04-01 22:53 - 2001-08-17 22:36 - 00116736 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETC64.tmp
2017-04-01 22:53 - 2001-08-17 22:36 - 00086016 ____C (PCtel, Inc.) C:\WINDOWS\system32\dllcache\SETCAF.tmp
2017-04-01 22:52 - 2001-08-17 22:36 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETC26.tmp
2017-04-01 22:50 - 2001-08-17 22:36 - 00019968 ____C (Moxa Technologies Co., Ltd) C:\WINDOWS\system32\dllcache\SETBB0.tmp
2017-04-01 22:49 - 2001-08-17 22:36 - 00047616 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETB23.tmp
2017-04-01 22:48 - 2001-08-17 22:36 - 00065536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETB0D.tmp
2017-04-01 22:48 - 2001-08-17 22:36 - 00058368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETB03.tmp
2017-04-01 22:47 - 2008-04-14 05:42 - 00091136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETAA6.tmp
2017-04-01 22:47 - 2008-04-14 05:41 - 00048640 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETA8E.tmp
2017-04-01 22:46 - 2008-04-14 05:41 - 00028160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET9EB.tmp
2017-04-01 22:46 - 2001-08-17 22:36 - 00090200 ____C (Perle Systems Ltd. ) C:\WINDOWS\system32\dllcache\SET9CC.tmp
2017-04-01 22:45 - 2001-08-17 22:36 - 00372824 ____C (Xircom) C:\WINDOWS\system32\dllcache\SET93F.tmp
2017-04-01 22:45 - 2001-08-17 22:36 - 00091136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET92A.tmp
2017-04-01 22:45 - 2001-08-17 22:36 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET92D.tmp
2017-04-01 22:45 - 2001-08-17 22:36 - 00045056 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET934.tmp
2017-04-01 22:45 - 2001-08-17 22:36 - 00026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET927.tmp
2017-04-01 22:44 - 2008-04-14 05:41 - 00032285 ____C (Conexant Systems, Inc.) C:\WINDOWS\system32\dllcache\SET8D6.tmp
2017-04-01 22:44 - 2001-08-17 22:34 - 00009216 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\SET914.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00324608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET886.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00165888 ____C () C:\WINDOWS\system32\dllcache\SET877.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00126976 ____C (Hewlett Packard) C:\WINDOWS\system32\dllcache\SET86E.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00123392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET861.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00101376 ____C () C:\WINDOWS\system32\dllcache\SET86B.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00093696 ____C () C:\WINDOWS\system32\dllcache\SET871.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00089088 ____C () C:\WINDOWS\system32\dllcache\SET864.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00083968 ____C () C:\WINDOWS\system32\dllcache\SET85E.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00068608 ____C (Avisioin) C:\WINDOWS\system32\dllcache\SET87A.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00031232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET874.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET890.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET889.tmp
2017-04-01 22:42 - 2003-03-24 16:52 - 00094208 ____C C:\WINDOWS\system32\dllcache\SET7A4.tmp
2017-04-01 22:42 - 2001-08-17 22:36 - 00092160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET7C2.tmp
2017-04-01 22:41 - 2001-08-17 22:36 - 00071680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET78D.tmp
2017-04-01 22:41 - 2001-08-17 22:36 - 00051200 ____C (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\SET70C.tmp
2017-04-01 22:41 - 2001-08-17 22:36 - 00045568 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\SET748.tmp
2017-04-01 22:41 - 2001-08-17 22:36 - 00034816 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\SET73E.tmp
2017-04-01 22:40 - 2001-08-17 13:28 - 00634134 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\SET6C4.tmp
2017-04-01 22:40 - 2001-08-17 13:28 - 00241206 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\SET6CB.tmp
2017-04-01 22:39 - 2001-08-17 22:36 - 00614429 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\SET64D.tmp
2017-04-01 22:39 - 2001-08-17 22:36 - 00419357 ____C (Digi International) C:\WINDOWS\system32\dllcache\SET619.tmp
2017-04-01 22:39 - 2001-08-17 22:36 - 00229462 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\SET633.tmp
2017-04-01 22:39 - 2001-08-17 22:36 - 00102484 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\SET63A.tmp
2017-04-01 22:39 - 2001-08-17 22:36 - 00038985 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\SET65C.tmp
2017-04-01 22:39 - 2001-08-17 22:36 - 00029768 ____C C:\WINDOWS\system32\dllcache\SET66A.tmp
2017-04-01 22:39 - 2001-08-17 22:36 - 00006216 ____C C:\WINDOWS\system32\dllcache\SET663.tmp
2017-04-01 22:38 - 2001-08-17 22:36 - 00216064 ____C (COMPAQ Inc.) C:\WINDOWS\system32\dllcache\SET580.tmp
2017-04-01 22:38 - 2001-08-17 22:36 - 00086016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET5F6.tmp
2017-04-01 22:38 - 2001-08-17 22:36 - 00028672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET5C3.tmp
2017-04-01 22:38 - 2001-08-17 22:36 - 00027648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET5D6.tmp
2017-04-01 22:38 - 2001-08-17 22:36 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET5EB.tmp
2017-04-01 22:36 - 2008-04-14 05:41 - 00121856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET4B8.tmp
2017-04-01 22:36 - 2001-08-17 22:36 - 00236032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET4B1.tmp
2017-04-01 22:36 - 2001-08-17 22:36 - 00102400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET372.tmp
2017-04-01 22:36 - 2001-08-17 22:36 - 00032256 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\SET39D.tmp
2017-04-01 22:35 - 2008-04-14 05:42 - 00018432 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET368.tmp
2017-04-01 22:35 - 2008-04-14 05:42 - 00009728 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\SET2E6.tmp
2017-04-01 22:35 - 2008-04-14 05:41 - 00229376 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\SET268.tmp
2017-04-01 22:35 - 2008-04-14 05:41 - 00032768 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\SET2F1.tmp
2017-04-01 22:35 - 2001-08-17 22:36 - 00144384 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\SET32B.tmp
2017-04-01 22:35 - 2001-08-17 22:36 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET293.tmp
2017-04-01 22:33 - 2003-03-24 16:52 - 00020536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET122.tmp
2017-04-01 22:33 - 2003-03-24 16:52 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET136.tmp
2017-04-01 22:32 - 2004-05-13 00:39 - 00184435 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETB5.tmp
2017-04-01 22:32 - 2003-03-24 16:52 - 00208896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETEA.tmp
2017-04-01 22:32 - 2003-03-24 16:52 - 00188480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETAC.tmp
2017-04-01 22:32 - 2003-03-24 16:52 - 00041020 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETC8.tmp
2017-04-01 22:32 - 2003-03-24 16:52 - 00020540 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET91.tmp
2017-04-01 22:32 - 2003-03-24 16:52 - 00014608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETD7.tmp
2017-04-01 22:13 - 2017-04-02 22:03 - 00011786 _____ C:\WINDOWS\SchedLgU.Txt
2017-04-01 21:53 - 2017-04-01 21:53 - 00303298 _____ C:\Documents and Settings\Administrator\Desktop\MalwareBytes 3.0 Web Protection not working - Malwarebytes 3.0 - Malwarebytes Forums.htm
2017-04-01 21:53 - 2017-04-01 21:53 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\MalwareBytes 3.0 Web Protection not working - Malwarebytes 3.0 - Malwarebytes Forums_files
2017-04-01 21:01 - 2017-04-01 21:01 - 00000788 _____ C:\Documents and Settings\Michelle\Start Menu\Programs\Windows Media Player.lnk
2017-03-31 00:15 - 2017-03-31 00:15 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-31 00:15 - 2017-03-31 00:15 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2017-03-31 00:15 - 2017-03-31 00:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-30 23:47 - 2017-03-30 23:47 - 03967946 _____ C:\Documents and Settings\Michelle\Desktop\bookmarks_03_30.html
2017-03-30 18:40 - 2017-03-30 18:40 - 00330256 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-03-29 17:48 - 2017-03-29 17:48 - 00000000 ____D C:\Documents and Settings\Michelle\Application Data\AVAST Software
2017-03-29 17:42 - 2017-03-29 17:42 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVAST Software
2017-03-29 17:41 - 2017-03-29 17:41 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2017-03-29 17:41 - 2017-03-29 17:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2017-03-29 17:40 - 2017-03-30 18:40 - 00764064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00472760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00279800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00184208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00106904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00062152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00060760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00034136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-03-29 17:38 - 2017-03-29 17:38 - 00000000 ____D C:\Program Files\AVAST Software
2017-03-29 16:32 - 2017-03-29 16:32 - 00000039 _____ C:\Documents and Settings\Administrator\Stats.ini
2017-03-29 16:03 - 2017-03-29 16:03 - 00005120 ___SH C:\WINDOWS\system32\Thumbs.db
2017-03-29 15:08 - 2017-03-29 15:13 - 00000000 ___DC C:\ec53926f308986d76f54f65028
2017-03-29 13:48 - 2017-04-02 22:27 - 00000000 ____D C:\Documents and Settings\Michelle\Local Settings\temp
2017-03-29 13:48 - 2017-04-02 16:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-03-29 13:48 - 2017-03-29 13:48 - 00015210 ____C C:\ComboFix.txt
2017-03-29 13:48 - 2017-03-29 13:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-03-29 13:39 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2017-03-29 13:39 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2017-03-29 13:39 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2017-03-29 13:37 - 2017-03-29 13:48 - 00000000 ___DC C:\Qoobox
2017-03-29 13:37 - 2017-03-29 13:47 - 00000000 ____D C:\WINDOWS\erdnt
2017-03-29 12:18 - 2017-03-29 12:18 - 00000000 ____D C:\Documents and Settings\Michelle\Desktop\passport
2017-03-28 11:22 - 2017-04-02 22:06 - 00000358 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-03-28 11:22 - 2017-03-29 17:40 - 00267528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-03-28 11:22 - 2017-03-29 17:40 - 00255184 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-03-28 11:22 - 2017-03-29 17:40 - 00148208 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-03-28 11:22 - 2017-03-29 17:40 - 00041176 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-03-26 02:01 - 2017-04-02 22:07 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-26 02:01 - 2017-04-02 22:07 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-26 02:01 - 2017-04-01 19:21 - 00059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-03-26 02:01 - 2017-03-29 13:54 - 00148256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-26 02:01 - 2017-03-26 02:01 - 00001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-03-26 02:01 - 2017-03-26 02:01 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-26 02:01 - 2017-03-26 02:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-03-23 12:57 - 2017-03-23 12:59 - 00012419 _____ C:\Documents and Settings\Michelle\Desktop\VOLUNTEER comparison.xlsx
2017-03-23 12:11 - 2017-03-23 12:11 - 08670089 _____ C:\Documents and Settings\Michelle\Desktop\maximonivel_volunteer.pdf
2017-03-07 03:14 - 2017-04-02 11:50 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\credit check
2017-03-03 12:57 - 2017-03-03 12:57 - 00000900 _____ C:\Documents and Settings\Michelle\Desktop\Shortcut to month MARCH.docx.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-02 22:26 - 2016-01-24 16:52 - 00000000 ____D C:\Program Files\antivius programs
2017-04-02 22:07 - 2013-09-11 05:53 - 00017920 ____C C:\WINDOWS\system32\rpcnetp.exe
2017-04-02 22:07 - 2008-04-13 19:00 - 00002206 ____C C:\WINDOWS\system32\wpa.dbl
2017-04-02 22:06 - 2013-09-12 03:18 - 00078032 ____C (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.dll
2017-04-02 22:06 - 2013-09-11 10:05 - 00017920 ____C C:\WINDOWS\system32\rpcnetp.dll
2017-04-02 22:06 - 2013-09-11 10:05 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-04-02 22:03 - 2013-09-11 10:08 - 00000178 __SHC C:\Documents and Settings\Michelle\ntuser.ini
2017-04-02 22:03 - 2013-09-11 10:08 - 00000000 ____D C:\Documents and Settings\Michelle
2017-04-02 21:54 - 2016-11-05 13:10 - 00001129 _____ C:\WINDOWS\UPGRADE.TXT
2017-04-02 21:54 - 2016-11-05 13:10 - 00000000 ____D C:\WINDOWS\setup.pss
2017-04-02 21:34 - 2017-01-19 19:33 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-04-02 19:43 - 2013-09-13 23:18 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\BOOKS
2017-04-02 17:12 - 2015-12-28 02:27 - 00013824 ___SH C:\WINDOWS\Thumbs.db
2017-04-02 17:02 - 2014-03-30 08:28 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2017-04-02 16:20 - 2016-12-03 16:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-04-02 13:48 - 2014-06-25 16:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-04-02 12:03 - 2013-09-11 10:08 - 00000000 ___RD C:\Documents and Settings\Michelle\My Documents
2017-04-02 10:02 - 2013-09-11 05:48 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2017-04-01 22:10 - 2017-02-22 02:32 - 00000000 ___DC C:\AdwCleaner
2017-04-01 21:26 - 2014-03-30 08:28 - 00000000 ____D C:\Documents and Settings\Administrator
2017-04-01 21:08 - 2013-09-11 09:59 - 00000000 ____D C:\Program Files\Windows NT
2017-04-01 21:08 - 2013-09-11 05:55 - 00604180 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-01 21:08 - 2013-09-11 05:48 - 00000000 ____D C:\WINDOWS\Help
2017-04-01 21:08 - 2013-09-11 05:48 - 00000000 ____D C:\WINDOWS\Cursors
2017-03-31 00:34 - 2014-10-01 11:36 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\computers_mice_software_hardware how to's
2017-03-31 00:15 - 2016-10-21 00:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-30 23:54 - 2013-09-13 23:09 - 00000000 ____D C:\Documents and Settings\Michelle\Application Data\Mozilla
2017-03-30 18:46 - 2013-09-13 23:19 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\JOBS STUFF
2017-03-30 18:41 - 2013-09-11 05:48 - 00000000 ___HD C:\WINDOWS\inf
2017-03-30 17:17 - 2013-09-13 23:22 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\model releases & contracts
2017-03-29 19:38 - 2013-09-11 10:05 - 00000000 __SHD C:\Documents and Settings\NetworkService
2017-03-29 17:22 - 2016-12-31 15:43 - 00000000 ___DC C:\Program Files\CC Cleaner backups
2017-03-29 17:19 - 2014-06-13 21:19 - 00000239 ___SH C:\boot.ini
2017-03-29 17:19 - 2013-09-13 23:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-03-29 14:19 - 2013-09-11 16:27 - 00000000 ____D C:\WINDOWS\ie8updates
2017-03-29 13:47 - 2008-04-13 19:00 - 00000227 ____C C:\WINDOWS\system.ini
2017-03-29 12:17 - 2013-09-11 10:08 - 00000000 ___RD C:\Documents and Settings\Michelle\My Documents\My Pictures
2017-03-29 11:51 - 2013-10-27 10:54 - 00222720 ____C C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-28 00:49 - 2013-09-13 23:18 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\CALENDARS...card pics
2017-03-21 16:10 - 2015-11-10 11:30 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\account invoices_receipts
2017-03-21 11:34 - 2016-03-10 22:32 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-03-21 11:34 - 2016-03-10 22:32 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-03-21 11:34 - 2013-09-13 23:53 - 00000000 ____D C:\Documents and Settings\Michelle\Local Settings\Application Data\Adobe
2017-03-21 11:34 - 2013-09-11 10:01 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-20 21:35 - 2014-07-28 15:32 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\recipes
2017-03-15 21:10 - 2016-11-05 13:46 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2017-03-15 01:19 - 2014-03-21 19:55 - 00000000 ____D C:\Documents and Settings\Michelle\Local Settings\Application Data\Temp
2017-03-13 18:59 - 2016-08-18 10:09 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\APTS
2017-03-03 23:55 - 2016-06-08 20:37 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\SKETCHING

==================== Files in the root of some directories =======

2013-09-25 19:19 - 2013-09-25 19:19 - 0936168 ____C (Microsoft Corporation) C:\Program Files\SaveAsPDF.exe
2013-09-25 19:11 - 2013-09-25 19:11 - 0956344 ____C (Microsoft Corporation) C:\Program Files\SaveAsPDFandXPS.exe
2014-04-24 23:25 - 2014-04-24 23:25 - 0000460 ___HC () C:\Documents and Settings\Michelle\Application Data\iColorDisplay3.lic
2014-04-24 23:25 - 2014-04-24 23:25 - 0000606 ____C () C:\Documents and Settings\Michelle\Application Data\iColorDisplay3.prefs
2013-10-27 10:54 - 2017-03-29 11:51 - 0222720 ____C () C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-02 22:00 - 2017-04-02 22:00 - 0087871 _____ () C:\Documents and Settings\Michelle\Local Settings\Application Data\FASTWiz.log
2014-04-24 23:17 - 2014-04-24 23:17 - 0000131 ____C () C:\Documents and Settings\Michelle\Local Settings\Application Data\fusioncache.dat
2013-11-14 14:30 - 2013-11-14 14:30 - 0000268 __RHC () C:\Documents and Settings\All Users\Application Data\Jazz
2013-11-14 14:31 - 2013-11-14 14:31 - 0000268 __RHC () C:\Documents and Settings\All Users\Application Data\Jazz Kit
2013-11-14 14:30 - 2013-11-14 14:30 - 0000268 __RHC () C:\Documents and Settings\All Users\Application Data\Jingles
2013-11-14 14:30 - 2013-11-14 14:30 - 0000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLeo.DAT
2013-11-14 14:31 - 2013-11-14 14:42 - 0000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
2013-11-14 14:30 - 2014-02-11 20:58 - 0000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
2013-11-14 14:30 - 2014-02-11 20:59 - 0000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Meesh (02-04-2017 22:27:49)
Running from C:\Documents and Settings\Michelle\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-09-11 14:04:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-602162358-706699826-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-602162358-706699826-1801674531-1010 - Limited - Enabled)
Guest (S-1-5-21-602162358-706699826-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-602162358-706699826-1801674531-1000 - Limited - Disabled)
Meesh (S-1-5-21-602162358-706699826-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Michelle
SUPPORT_388945a0 (S-1-5-21-602162358-706699826-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version:  - )
Canon MG4100 series On-screen Manual (HKLM\...\Canon MG4100 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.18 - Dell Inc.)
f.lux (HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\Flux) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6147.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version:  - )
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 52.0.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.0.2 ESR (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
Nikon Movie Editor (HKLM\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.0 - Nikon)
O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{348E6CDF-A6AE-45E6-B0AB-65A07B3C715E}) (Version: 2.0.03 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.03 - O2Micro International LTD.) Hidden
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.15 - Nikon)
Pivot Pro Plugin (Version: 9.50.110 - Portrait Displays, Inc.) Hidden
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - CyberLink Corp.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
SDK (Version: 1.41.070 - Portrait Displays, Inc.) Hidden
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.8.2 - Nikon)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3400 - Dell)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\Michelle\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2013-09-11 14:53 - 2008-10-24 13:00 - 00024064 ____C () C:\WINDOWS\System32\WLTRYSVC.EXE
2013-09-11 14:53 - 2008-10-24 13:00 - 00753664 ____C () C:\WINDOWS\System32\bcm1xsup.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-02 10:04 - 2017-04-02 10:04 - 05908480 _____ () C:\Program Files\AVAST Software\Avast\defs\17040200\algo.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2013-09-11 14:53 - 2008-10-24 13:00 - 00143360 ____C () C:\WINDOWS\system32\preflib.dll
2017-03-29 17:40 - 2017-03-29 17:40 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-03-26 02:01 - 2017-04-01 19:21 - 01736992 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00230632 _____ () c:\Program Files\AVAST Software\Avast\StreamBack.dll
2008-04-13 19:00 - 2013-01-02 02:49 - 01292288 ____C () C:\WINDOWS\system32\quartz.dll
2017-03-21 11:34 - 2017-03-21 11:34 - 20078680 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7863 more sites.

IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\1-2005-search.com -> www.1-2005-search.com

There are 12678 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-13 19:00 - 2017-03-29 13:47 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-602162358-706699826-1801674531-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 209.197.128.2 - 209.197.128.5
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuatoCalibrationLoader.lnk => C:\WINDOWS\pss\QuatoCalibrationLoader.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Michelle^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DT VSC => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -VSC
MSCONFIG\startupreg: DWQueuedReporting => "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Disabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Disabled:@xpsp3res.dll,-20000
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Disabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management

==================== Restore Points =========================

29-03-2017 13:01:05 System Checkpoint
29-03-2017 13:01:19 good
29-03-2017 13:06:49 Installed Windows XP Wdf01009.
29-03-2017 14:19:32 Software Distribution Service 3.0
29-03-2017 15:04:40 Software Distribution Service 3.0
29-03-2017 15:14:38 Software Distribution Service 3.0
29-03-2017 17:21:16 good after anti& registry
30-03-2017 17:35:07 System Checkpoint
30-03-2017 18:41:26 Installed Windows XP Wdf01009.
31-03-2017 19:19:09 System Checkpoint
01-04-2017 20:43:13 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1397 WLAN Mini-Card
Description: Dell Wireless 1397 WLAN Mini-Card
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth LAN Access Server Driver
Description: Bluetooth LAN Access Server Driver
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: BTWDNDIS
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2017 01:55:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.0.2.6291, faulting module mozglue.dll, version 52.0.2.6291, fault address 0x0000f76f.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/29/2017 03:08:28 PM) (Source: VSSetup) (EventID: 5000) (User: )
Description: EventType vssetup, P1 kb2898855v2, P2 10.0.30319, P3 10.0.30319.1022, P4 1, P5 ndp40-kb2898855.msp, P6 install_i_silent_error, P7 1603, P8 0, P9 processassembly, P10 NIL.

Error: (03/29/2017 03:08:27 PM) (Source: MsiInstaller) (EventID: 1023) (User: MEESH)
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2898855v2' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\Michelle\LOCALS~1\Temp\KB2898855v2_20170329_150448093-Microsoft .NET Framework 4 Client Profile-MSP0.txt.

Error: (03/29/2017 03:07:11 PM) (Source: MsiInstaller) (EventID: 10005) (User: MEESH)
Description: Product: Microsoft .NET Framework 4 Client Profile -- There is a problem with this Windows Installer package. Please refer to the setup log for more information.

Error: (03/29/2017 02:39:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020

Error: (03/29/2017 02:28:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.0.1.6284, faulting module mozglue.dll, version 52.0.1.6284, fault address 0x0000f74f.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/26/2017 01:45:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application firefox.exe, version 52.0.1.6284, faulting module mozglue.dll, version 52.0.1.6284, fault address 0x0000f74f.
Processing media-specific event for [firefox.exe!ws!]

Error: (03/26/2017 01:45:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.0.1.6284, faulting module mozglue.dll, version 52.0.1.6284, fault address 0x0000f74f.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/26/2017 01:41:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.0.1.6284, faulting module mozglue.dll, version 52.0.1.6284, fault address 0x0000f74f.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/21/2017 08:12:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application firefox.exe, version 52.0.1.6284, faulting module mozglue.dll, version 52.0.1.6284, fault address 0x0000f74f.
Processing media-specific event for [firefox.exe!ws!]


System errors:
=============
Error: (04/02/2017 05:15:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/02/2017 05:03:54 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/02/2017 05:02:29 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/02/2017 01:48:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswRvrt
aswSnx
aswSP
aswVmm
ESProtectionDriver
Fips
intelppm

Error: (04/02/2017 01:47:37 PM) (Source: DCOM) (EventID: 10005) (User: MEESH)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (04/02/2017 01:47:36 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/02/2017 01:42:28 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/02/2017 12:20:44 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/01/2017 10:12:56 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/01/2017 10:11:34 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 59%
Total physical RAM: 3032.88 MB
Available physical RAM: 1226.92 MB
Total Virtual: 10871.62 MB
Available Virtual: 9249.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:90.09 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (RESOURCE_CD) (CDROM) (Total:1.53 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: A42D04A3)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,207 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:40 PM

Posted 05 April 2017 - 02:48 PM

Hi meeshemee,

 

Welcome to Bleeping Computer's Malware Removal Logs area. My name is Tenis. I will assist you with your problem.

  • I am currently in training and logs that you will post will take time for me to analyze, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.

  • Please do not seek assistance elsewhere without letting me know.

  • Please do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.

  • If you wish to do other interventions, please let me know. I will assist you if possible.

  • Make sure to read my instructions fully before attempting a step.

  • Please understand that I am a volunteer, so I may get busy in real life, and that can further delay my responses

  • Backup your data! Malware removal can be tricky and can result in unpredictable behaviour including losing all your data!

---

Please post a fresh FRST log.

 

Edit: Post addition.txt as well.

 

Regards,

Tenis


Edited by Tenis, 05 April 2017 - 03:28 PM.


#3 meeshemee

meeshemee
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 AM

Posted 05 April 2017 - 04:41 PM

thanks.

 

computer seems slightly better so i'm not sure (media player went missing AFTER a scan with eset (after popup fiasco) so i might've accidentally deleted a false positive which somehow deleted media player and i restored via installation disc). had help on this forum a few months ago for similar problems and was told no virus but my scans are STILL showing malware/virus/unwanted files in system volume information/restore points/autochk so any help would be appreciated - or direct me to another forum if i don;t have virus/malware.

 

log below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Meesh (administrator) on MEESH (05-04-2017 17:31:18)
Running from C:\Documents and Settings\Michelle\Desktop
Loaded Profiles: Meesh (Available Profiles: Meesh & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IDT, Inc.) C:\Program Files\IDT\XPV10_6147v005\WDM\stacsv.exe
(Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFltr.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Flux Software LLC) C:\Documents and Settings\Michelle\Local Settings\Application Data\FluxSoftware\Flux\flux.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2220032 2008-10-24] (Dell Inc.)
HKLM\...\Run: [AESTFltr] => C:\WINDOWS\system32\AESTFltr.exe [729088 2009-02-20] (Andrea Electronics Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-03-30] (AVAST Software)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2009-02-20] (IDT, Inc.)
HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\Policies\Explorer: [NoInstrumentation] 1
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-03-30] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Flux.lnk [2014-04-25]
ShortcutTarget: Flux.lnk -> C:\Documents and Settings\Michelle\Local Settings\Application Data\FluxSoftware\Flux\flux.exe (Flux Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.197.128.2 209.197.128.5
Tcpip\..\Interfaces\{DBBE1544-E486-4338-93FA-79A615A21BC7}: [DhcpNameServer] 209.197.128.2 209.197.128.5

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-602162358-706699826-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-602162358-706699826-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-602162358-706699826-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
SearchScopes: HKU\S-1-5-21-602162358-706699826-1801674531-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468 [2017-04-05]
FF Extension: (Disconnect) - C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468\Extensions\2.0@disconnect.me.xpi [2017-04-04]
FF Extension: (Adguard AdBlocker) - C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468\Extensions\adguardadblocker@adguard.com.xpi [2017-03-31]
FF Extension: (Popup Blocker Ultimate) - C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2017-04-03]
FF Extension: (Yahoo Mail Hide Ad Panel) - C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2017-03-31]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-31]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Program Files\Mozilla Firefox\browser\extensions\adblockpopups@jessehakanen.net.xpi [2016-05-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-21] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)

Chrome:
=======
CHR Profile: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-04-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-14]
CHR Extension: (Adguard AdBlocker) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-03-10]
CHR Extension: (YouTube) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-14]
CHR Extension: (Disconnect) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2017-04-01]
CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-01]
CHR Extension: (Gmail) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Asset Management Daemon; C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe [114688 2008-02-13] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5758120 2017-03-29] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-03-30] (AVAST Software)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [139632 2012-09-26] (Portrait Displays, Inc.)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
S4 O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [72224 2009-01-08] (O2Micro International)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [123248 2012-09-18] (Portrait Displays, Inc.)
R2 rpcnet; C:\WINDOWS\system32\rpcnet.exe [78032 2017-01-24] (Absolute Software Corp.)
R2 STacSV; c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe [249938 2009-02-20] (IDT, Inc.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1961984 2008-10-24] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [112512 2009-02-20] (Andrea Electronics Corporation)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [255184 2017-03-29] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [148208 2017-03-29] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [267528 2017-03-29] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [41176 2017-03-29] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34136 2017-03-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [106904 2017-03-30] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [60760 2017-03-30] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [62152 2017-03-30] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [764064 2017-03-30] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [472760 2017-03-30] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184208 2017-03-30] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35144 2014-07-04] (The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [279800 2017-03-30] (AVAST Software)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1287552 2008-10-24] (Broadcom Corporation)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-03-23] (Broadcom Corporation.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59904 2017-04-01] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [148256 2017-03-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39360 2017-04-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220088 2017-04-05] (Malwarebytes)
R3 O2MDGRDR; C:\WINDOWS\System32\DRIVERS\o2mdg.sys [51616 2009-01-08] (O2Micro )
R3 O2SDGRDR; C:\WINDOWS\System32\DRIVERS\o2sdg.sys [41760 2009-01-08] (O2Micro )
R3 PdiPorts; C:\WINDOWS\System32\Drivers\PdiPorts.sys [17136 2010-05-14] (Portrait Displays, Inc.)
S1 Pivot; C:\WINDOWS\System32\drivers\pivot.sys [17465 2010-05-13] (Portrait Displays, Inc.) [File not signed]
S3 pivotmou; C:\WINDOWS\System32\drivers\pivotmou.sys [11323 2010-05-13] (Portrait Displays, Inc.) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1548339 2009-02-20] (IDT, Inc.)
S3 catchme; \??\C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-03 19:04 - 2017-04-03 19:04 - 03996342 _____ C:\Documents and Settings\Michelle\Desktop\bookmarks_04_03.html
2017-04-03 02:38 - 2017-04-03 02:38 - 00000900 _____ C:\Documents and Settings\Michelle\Desktop\Shortcut to month APRIL.docx.lnk
2017-04-03 00:58 - 2008-04-14 05:42 - 00539136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dialer.exe
2017-04-03 00:58 - 2008-04-14 05:42 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\accwiz.exe
2017-04-03 00:58 - 2008-04-14 05:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\accwiz.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00347136 _____ (Hilgraeve, Inc.) C:\WINDOWS\system32\hypertrm.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00343040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mspaint.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00227840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avtapi.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\avtapi.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00214528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wordpad.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00131584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sndrec32.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sndrec32.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00123392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mplay32.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mplay32.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00114688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\calc.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00073216 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avwav.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\avwav.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00068608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\access.cpl
2017-04-03 00:58 - 2008-04-13 19:00 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\access.cpl
2017-04-03 00:58 - 2008-04-13 19:00 - 00044544 _____ (Hilgraeve, Inc.) C:\WINDOWS\system32\hticons.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avmeter.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\avmeter.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00013312 ____C (Hilgraeve, Inc.) C:\WINDOWS\system32\dllcache\htrn_jis.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\write.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\write.exe
2017-04-03 00:58 - 2001-08-17 22:37 - 00035328 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\winchat.exe
2017-04-03 00:58 - 2001-08-17 22:37 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winchat.exe
2017-04-02 23:40 - 2001-08-17 22:36 - 00138752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sndvol32.exe
2017-04-02 23:40 - 2001-08-17 22:36 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe
2017-04-02 22:26 - 2017-04-05 17:32 - 00012634 _____ C:\Documents and Settings\Michelle\Desktop\FRST.txt
2017-04-02 22:25 - 2017-04-05 17:31 - 00000000 ___DC C:\FRST
2017-04-02 22:25 - 2017-04-02 22:25 - 01766912 _____ (Farbar) C:\Documents and Settings\Michelle\Desktop\FRST.exe
2017-04-02 21:34 - 2017-04-02 21:34 - 00000000 ____D C:\WINDOWS\system32\vmm32
2017-04-01 23:10 - 2003-03-24 16:52 - 00020540 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET11E0.tmp
2017-04-01 23:10 - 2003-03-24 16:52 - 00020540 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET11D7.tmp
2017-04-01 23:08 - 2001-08-17 22:36 - 00023040 ____C (Xerox Corporation) C:\WINDOWS\system32\dllcache\SET11BE.tmp
2017-04-01 23:07 - 2001-08-17 22:37 - 00099865 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\SET11B0.tmp
2017-04-01 23:07 - 2001-08-17 22:37 - 00027648 ____C () C:\WINDOWS\system32\dllcache\SET11B6.tmp
2017-04-01 23:07 - 2001-08-17 22:37 - 00004608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET11B3.tmp
2017-04-01 23:06 - 2001-08-17 22:36 - 00087040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET1164.tmp
2017-04-01 23:04 - 2008-04-14 05:42 - 00053760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET10CC.tmp
2017-04-01 23:03 - 2001-08-17 22:36 - 00094720 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET1085.tmp
2017-04-01 23:03 - 2001-08-17 22:36 - 00050688 ____C (UMAX DATA SYSTEMS INC.) C:\WINDOWS\system32\dllcache\SET1077.tmp
2017-04-01 23:03 - 2001-08-17 22:36 - 00050176 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET1070.tmp
2017-04-01 23:03 - 2001-08-17 22:36 - 00047616 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET106D.tmp
2017-04-01 23:03 - 2001-08-17 22:36 - 00026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET107E.tmp
2017-04-01 23:02 - 2001-08-17 22:36 - 00031744 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\SET102B.tmp
2017-04-01 23:02 - 2001-08-17 22:35 - 00042496 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\SET1032.tmp
2017-04-01 23:01 - 2001-08-17 22:36 - 00094293 ____C (Perle Systems Ltd. ) C:\WINDOWS\system32\dllcache\SETFC5.tmp
2017-04-01 23:01 - 2001-08-17 22:36 - 00053760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETFB4.tmp
2017-04-01 23:01 - 2001-08-17 22:36 - 00053248 ____C (Stallion Technologies) C:\WINDOWS\system32\dllcache\SETFA2.tmp
2017-04-01 23:01 - 2001-08-17 22:36 - 00010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETFBA.tmp
2017-04-01 23:01 - 2001-08-17 22:36 - 00010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETFB7.tmp
2017-04-01 23:00 - 2001-08-17 22:36 - 00114688 ____C (Sony Corporation) C:\WINDOWS\system32\dllcache\SETF69.tmp
2017-04-01 23:00 - 2001-08-17 22:36 - 00106584 ____C (Perle Systems Ltd.) C:\WINDOWS\system32\dllcache\SETF77.tmp
2017-04-01 23:00 - 2001-08-17 22:36 - 00099328 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETF88.tmp
2017-04-01 23:00 - 2001-08-17 22:36 - 00024660 ____C (Perle Systems Ltd.) C:\WINDOWS\system32\dllcache\SETF81.tmp
2017-04-01 23:00 - 2001-08-17 22:36 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETF50.tmp
2017-04-01 23:00 - 2001-08-17 12:51 - 00037040 ____C (Sony Corporation) C:\WINDOWS\system32\dllcache\SETF6C.tmp
2017-04-01 23:00 - 2001-08-17 12:51 - 00020752 ____C (Sony Corporation) C:\WINDOWS\system32\dllcache\SETF65.tmp
2017-04-01 22:59 - 2008-04-14 05:42 - 00286792 ____C (Smart Link) C:\WINDOWS\system32\dllcache\SETEA3.tmp
2017-04-01 22:59 - 2008-04-14 05:42 - 00032866 ____C (Smart Link) C:\WINDOWS\system32\dllcache\SETEBA.tmp
2017-04-01 22:59 - 2001-08-17 22:36 - 00045568 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETEF3.tmp
2017-04-01 22:59 - 2001-08-17 22:36 - 00028672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETEE9.tmp
2017-04-01 22:59 - 2001-08-17 22:36 - 00028160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETEDD.tmp
2017-04-01 22:59 - 2001-08-17 22:36 - 00012288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETF2C.tmp
2017-04-01 22:58 - 2008-04-13 22:05 - 00032768 ____C (SiS Corporation) C:\WINDOWS\system32\dllcache\SETE88.tmp
2017-04-01 22:58 - 2001-08-17 22:36 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETE3D.tmp
2017-04-01 22:57 - 2001-08-17 22:36 - 00082432 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\SETDD4.tmp
2017-04-01 22:56 - 2008-04-14 05:42 - 00027648 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\SETDC4.tmp
2017-04-01 22:56 - 2001-08-17 22:36 - 00079872 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\SETDD1.tmp
2017-04-01 22:56 - 2001-08-17 22:36 - 00023040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETD84.tmp
2017-04-01 22:56 - 2001-08-17 22:36 - 00009216 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\SETDA6.tmp
2017-04-01 22:55 - 2001-08-17 22:36 - 00041472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETD6A.tmp
2017-04-01 22:54 - 2008-04-14 05:42 - 00363520 ____C C:\WINDOWS\system32\dllcache\SETD24.tmp
2017-04-01 22:54 - 2001-08-17 22:37 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETCD3.tmp
2017-04-01 22:54 - 2001-08-17 22:36 - 00121344 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETCEC.tmp
2017-04-01 22:54 - 2001-08-17 22:36 - 00035328 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETD27.tmp
2017-04-01 22:54 - 2001-08-17 22:36 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETCD6.tmp
2017-04-01 22:53 - 2001-08-17 22:36 - 00116736 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETC64.tmp
2017-04-01 22:53 - 2001-08-17 22:36 - 00086016 ____C (PCtel, Inc.) C:\WINDOWS\system32\dllcache\SETCAF.tmp
2017-04-01 22:52 - 2001-08-17 22:36 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETC26.tmp
2017-04-01 22:50 - 2001-08-17 22:36 - 00019968 ____C (Moxa Technologies Co., Ltd) C:\WINDOWS\system32\dllcache\SETBB0.tmp
2017-04-01 22:49 - 2001-08-17 22:36 - 00047616 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETB23.tmp
2017-04-01 22:48 - 2001-08-17 22:36 - 00065536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETB0D.tmp
2017-04-01 22:48 - 2001-08-17 22:36 - 00058368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETB03.tmp
2017-04-01 22:47 - 2008-04-14 05:42 - 00091136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETAA6.tmp
2017-04-01 22:47 - 2008-04-14 05:41 - 00048640 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETA8E.tmp
2017-04-01 22:46 - 2008-04-14 05:41 - 00028160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET9EB.tmp
2017-04-01 22:46 - 2001-08-17 22:36 - 00090200 ____C (Perle Systems Ltd. ) C:\WINDOWS\system32\dllcache\SET9CC.tmp
2017-04-01 22:45 - 2001-08-17 22:36 - 00372824 ____C (Xircom) C:\WINDOWS\system32\dllcache\SET93F.tmp
2017-04-01 22:45 - 2001-08-17 22:36 - 00091136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET92A.tmp
2017-04-01 22:45 - 2001-08-17 22:36 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET92D.tmp
2017-04-01 22:45 - 2001-08-17 22:36 - 00045056 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET934.tmp
2017-04-01 22:45 - 2001-08-17 22:36 - 00026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET927.tmp
2017-04-01 22:44 - 2008-04-14 05:41 - 00032285 ____C (Conexant Systems, Inc.) C:\WINDOWS\system32\dllcache\SET8D6.tmp
2017-04-01 22:44 - 2001-08-17 22:34 - 00009216 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\SET914.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00324608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET886.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00165888 ____C () C:\WINDOWS\system32\dllcache\SET877.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00126976 ____C (Hewlett Packard) C:\WINDOWS\system32\dllcache\SET86E.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00123392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET861.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00101376 ____C () C:\WINDOWS\system32\dllcache\SET86B.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00093696 ____C () C:\WINDOWS\system32\dllcache\SET871.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00089088 ____C () C:\WINDOWS\system32\dllcache\SET864.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00083968 ____C () C:\WINDOWS\system32\dllcache\SET85E.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00068608 ____C (Avisioin) C:\WINDOWS\system32\dllcache\SET87A.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00031232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET874.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET890.tmp
2017-04-01 22:43 - 2001-08-17 22:36 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET889.tmp
2017-04-01 22:42 - 2003-03-24 16:52 - 00094208 ____C C:\WINDOWS\system32\dllcache\SET7A4.tmp
2017-04-01 22:42 - 2001-08-17 22:36 - 00092160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET7C2.tmp
2017-04-01 22:41 - 2001-08-17 22:36 - 00071680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET78D.tmp
2017-04-01 22:41 - 2001-08-17 22:36 - 00051200 ____C (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\SET70C.tmp
2017-04-01 22:41 - 2001-08-17 22:36 - 00045568 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\SET748.tmp
2017-04-01 22:41 - 2001-08-17 22:36 - 00034816 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\SET73E.tmp
2017-04-01 22:40 - 2001-08-17 13:28 - 00634134 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\SET6C4.tmp
2017-04-01 22:40 - 2001-08-17 13:28 - 00241206 ____C (3Com Corporation) C:\WINDOWS\system32\dllcache\SET6CB.tmp
2017-04-01 22:39 - 2001-08-17 22:36 - 00614429 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\SET64D.tmp
2017-04-01 22:39 - 2001-08-17 22:36 - 00419357 ____C (Digi International) C:\WINDOWS\system32\dllcache\SET619.tmp
2017-04-01 22:39 - 2001-08-17 22:36 - 00229462 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\SET633.tmp
2017-04-01 22:39 - 2001-08-17 22:36 - 00102484 ____C (Digi International Inc.) C:\WINDOWS\system32\dllcache\SET63A.tmp
2017-04-01 22:39 - 2001-08-17 22:36 - 00038985 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\SET65C.tmp
2017-04-01 22:39 - 2001-08-17 22:36 - 00029768 ____C C:\WINDOWS\system32\dllcache\SET66A.tmp
2017-04-01 22:39 - 2001-08-17 22:36 - 00006216 ____C C:\WINDOWS\system32\dllcache\SET663.tmp
2017-04-01 22:38 - 2001-08-17 22:36 - 00216064 ____C (COMPAQ Inc.) C:\WINDOWS\system32\dllcache\SET580.tmp
2017-04-01 22:38 - 2001-08-17 22:36 - 00086016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET5F6.tmp
2017-04-01 22:38 - 2001-08-17 22:36 - 00028672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET5C3.tmp
2017-04-01 22:38 - 2001-08-17 22:36 - 00027648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET5D6.tmp
2017-04-01 22:38 - 2001-08-17 22:36 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET5EB.tmp
2017-04-01 22:36 - 2008-04-14 05:41 - 00121856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET4B8.tmp
2017-04-01 22:36 - 2001-08-17 22:36 - 00236032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET4B1.tmp
2017-04-01 22:36 - 2001-08-17 22:36 - 00102400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET372.tmp
2017-04-01 22:36 - 2001-08-17 22:36 - 00032256 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\SET39D.tmp
2017-04-01 22:35 - 2008-04-14 05:42 - 00018432 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET368.tmp
2017-04-01 22:35 - 2008-04-14 05:42 - 00009728 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\SET2E6.tmp
2017-04-01 22:35 - 2008-04-14 05:41 - 00229376 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\SET268.tmp
2017-04-01 22:35 - 2008-04-14 05:41 - 00032768 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\SET2F1.tmp
2017-04-01 22:35 - 2001-08-17 22:36 - 00144384 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\SET32B.tmp
2017-04-01 22:35 - 2001-08-17 22:36 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET293.tmp
2017-04-01 22:33 - 2003-03-24 16:52 - 00020536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET122.tmp
2017-04-01 22:33 - 2003-03-24 16:52 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET136.tmp
2017-04-01 22:32 - 2004-05-13 00:39 - 00184435 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETB5.tmp
2017-04-01 22:32 - 2003-03-24 16:52 - 00208896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETEA.tmp
2017-04-01 22:32 - 2003-03-24 16:52 - 00188480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETAC.tmp
2017-04-01 22:32 - 2003-03-24 16:52 - 00041020 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETC8.tmp
2017-04-01 22:32 - 2003-03-24 16:52 - 00020540 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET91.tmp
2017-04-01 22:32 - 2003-03-24 16:52 - 00014608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETD7.tmp
2017-04-01 22:13 - 2017-04-05 10:20 - 00032480 _____ C:\WINDOWS\SchedLgU.Txt
2017-04-01 21:53 - 2017-04-01 21:53 - 00303298 _____ C:\Documents and Settings\Administrator\Desktop\MalwareBytes 3.0 Web Protection not working - Malwarebytes 3.0 - Malwarebytes Forums.htm
2017-04-01 21:53 - 2017-04-01 21:53 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\MalwareBytes 3.0 Web Protection not working - Malwarebytes 3.0 - Malwarebytes Forums_files
2017-04-01 21:01 - 2017-04-01 21:01 - 00000788 _____ C:\Documents and Settings\Michelle\Start Menu\Programs\Windows Media Player.lnk
2017-03-31 00:15 - 2017-03-31 00:15 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-31 00:15 - 2017-03-31 00:15 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2017-03-31 00:15 - 2017-03-31 00:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-30 18:40 - 2017-03-30 18:40 - 00330256 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-03-29 17:48 - 2017-03-29 17:48 - 00000000 ____D C:\Documents and Settings\Michelle\Application Data\AVAST Software
2017-03-29 17:42 - 2017-03-29 17:42 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVAST Software
2017-03-29 17:41 - 2017-03-29 17:41 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2017-03-29 17:41 - 2017-03-29 17:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2017-03-29 17:40 - 2017-03-30 18:40 - 00764064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00472760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00279800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00184208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00106904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00062152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00060760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00034136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-03-29 17:38 - 2017-03-29 17:38 - 00000000 ____D C:\Program Files\AVAST Software
2017-03-29 16:32 - 2017-03-29 16:32 - 00000039 _____ C:\Documents and Settings\Administrator\Stats.ini
2017-03-29 16:03 - 2017-04-02 23:41 - 00005120 ___SH C:\WINDOWS\system32\Thumbs.db
2017-03-29 15:08 - 2017-03-29 15:13 - 00000000 ___DC C:\ec53926f308986d76f54f65028
2017-03-29 13:48 - 2017-04-05 17:32 - 00000000 ____D C:\Documents and Settings\Michelle\Local Settings\temp
2017-03-29 13:48 - 2017-04-02 16:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-03-29 13:48 - 2017-03-29 13:48 - 00015210 ____C C:\ComboFix.txt
2017-03-29 13:48 - 2017-03-29 13:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-03-29 13:39 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2017-03-29 13:39 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2017-03-29 13:39 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2017-03-29 13:37 - 2017-03-29 13:48 - 00000000 ___DC C:\Qoobox
2017-03-29 13:37 - 2017-03-29 13:47 - 00000000 ____D C:\WINDOWS\erdnt
2017-03-29 12:18 - 2017-03-29 12:18 - 00000000 ____D C:\Documents and Settings\Michelle\Desktop\passport
2017-03-28 11:22 - 2017-04-05 12:21 - 00000358 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-03-28 11:22 - 2017-03-29 17:40 - 00267528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-03-28 11:22 - 2017-03-29 17:40 - 00255184 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-03-28 11:22 - 2017-03-29 17:40 - 00148208 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-03-28 11:22 - 2017-03-29 17:40 - 00041176 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-03-26 02:01 - 2017-04-05 12:23 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-26 02:01 - 2017-04-05 12:22 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-26 02:01 - 2017-04-01 19:21 - 00059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-03-26 02:01 - 2017-03-29 13:54 - 00148256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-26 02:01 - 2017-03-26 02:01 - 00001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-03-26 02:01 - 2017-03-26 02:01 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-26 02:01 - 2017-03-26 02:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-03-23 12:57 - 2017-03-23 12:59 - 00012419 _____ C:\Documents and Settings\Michelle\Desktop\VOLUNTEER comparison.xlsx
2017-03-23 12:11 - 2017-03-23 12:11 - 08670089 _____ C:\Documents and Settings\Michelle\Desktop\maximonivel_volunteer.pdf
2017-03-07 03:14 - 2017-04-02 11:50 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\credit check

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-05 16:34 - 2017-01-19 19:33 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-04-05 12:22 - 2013-09-11 10:05 - 00017920 ____C C:\WINDOWS\system32\rpcnetp.dll
2017-04-05 12:22 - 2013-09-11 05:53 - 00017920 ____C C:\WINDOWS\system32\rpcnetp.exe
2017-04-05 12:22 - 2008-04-13 19:00 - 00002206 ____C C:\WINDOWS\system32\wpa.dbl
2017-04-05 12:21 - 2013-09-12 03:18 - 00078032 ____C (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.dll
2017-04-05 12:21 - 2013-09-11 10:05 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-04-05 10:20 - 2013-09-11 10:08 - 00000178 __SHC C:\Documents and Settings\Michelle\ntuser.ini
2017-04-05 10:20 - 2013-09-11 10:08 - 00000000 ____D C:\Documents and Settings\Michelle
2017-04-04 18:53 - 2013-09-11 15:06 - 00000000 ___RD C:\Documents and Settings\Michelle\My Documents\My Videos
2017-04-04 18:52 - 2016-12-03 16:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-04-04 18:30 - 2015-12-28 02:27 - 00013824 ___SH C:\WINDOWS\Thumbs.db
2017-04-04 14:23 - 2014-07-27 22:16 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\KNITTING
2017-04-04 03:34 - 2017-02-22 02:32 - 00000000 ___DC C:\AdwCleaner
2017-04-03 20:13 - 2013-09-13 23:18 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\BOOKS
2017-04-03 19:05 - 2016-01-24 16:52 - 00000000 ____D C:\Program Files\antivius programs
2017-04-03 01:06 - 2013-09-11 05:48 - 00000000 ____D C:\WINDOWS\security
2017-04-03 00:58 - 2013-09-11 09:59 - 00000000 ____D C:\Program Files\Windows NT
2017-04-03 00:58 - 2013-09-11 05:55 - 00604180 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-03 00:58 - 2013-09-11 05:48 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2017-04-03 00:58 - 2013-09-11 05:48 - 00000000 ____D C:\WINDOWS\Help
2017-04-03 00:58 - 2013-09-11 05:48 - 00000000 ____D C:\WINDOWS\Cursors
2017-04-02 23:50 - 2014-10-01 11:36 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\computers_mice_software_hardware how to's
2017-04-02 23:24 - 2013-09-11 10:16 - 00000000 ____D C:\Program Files\IDT
2017-04-02 23:24 - 2013-09-11 10:11 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2017-04-02 21:54 - 2016-11-05 13:10 - 00001129 _____ C:\WINDOWS\UPGRADE.TXT
2017-04-02 21:54 - 2016-11-05 13:10 - 00000000 ____D C:\WINDOWS\setup.pss
2017-04-02 17:02 - 2014-03-30 08:28 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2017-04-02 13:48 - 2014-06-25 16:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-04-02 12:03 - 2013-09-11 10:08 - 00000000 ___RD C:\Documents and Settings\Michelle\My Documents
2017-04-01 21:26 - 2014-03-30 08:28 - 00000000 ____D C:\Documents and Settings\Administrator
2017-03-31 00:15 - 2016-10-21 00:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-30 23:54 - 2013-09-13 23:09 - 00000000 ____D C:\Documents and Settings\Michelle\Application Data\Mozilla
2017-03-30 18:46 - 2013-09-13 23:19 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\JOBS STUFF
2017-03-30 18:41 - 2013-09-11 05:48 - 00000000 ___HD C:\WINDOWS\inf
2017-03-30 17:17 - 2013-09-13 23:22 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\model releases & contracts
2017-03-29 19:38 - 2013-09-11 10:05 - 00000000 __SHD C:\Documents and Settings\NetworkService
2017-03-29 17:22 - 2016-12-31 15:43 - 00000000 ___DC C:\Program Files\CC Cleaner backups
2017-03-29 17:19 - 2014-06-13 21:19 - 00000239 ___SH C:\boot.ini
2017-03-29 17:19 - 2013-09-13 23:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-03-29 14:19 - 2013-09-11 16:27 - 00000000 ____D C:\WINDOWS\ie8updates
2017-03-29 13:47 - 2008-04-13 19:00 - 00000227 ____C C:\WINDOWS\system.ini
2017-03-29 12:17 - 2013-09-11 10:08 - 00000000 ___RD C:\Documents and Settings\Michelle\My Documents\My Pictures
2017-03-29 11:51 - 2013-10-27 10:54 - 00222720 ____C C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-28 00:49 - 2013-09-13 23:18 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\CALENDARS...card pics
2017-03-21 16:10 - 2015-11-10 11:30 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\account invoices_receipts
2017-03-21 11:34 - 2016-03-10 22:32 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-03-21 11:34 - 2016-03-10 22:32 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-03-21 11:34 - 2013-09-13 23:53 - 00000000 ____D C:\Documents and Settings\Michelle\Local Settings\Application Data\Adobe
2017-03-21 11:34 - 2013-09-11 10:01 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-20 21:35 - 2014-07-28 15:32 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\recipes
2017-03-15 21:10 - 2016-11-05 13:46 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2017-03-15 01:19 - 2014-03-21 19:55 - 00000000 ____D C:\Documents and Settings\Michelle\Local Settings\Application Data\Temp
2017-03-13 18:59 - 2016-08-18 10:09 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\APTS

==================== Files in the root of some directories =======

2013-09-25 19:19 - 2013-09-25 19:19 - 0936168 ____C (Microsoft Corporation) C:\Program Files\SaveAsPDF.exe
2013-09-25 19:11 - 2013-09-25 19:11 - 0956344 ____C (Microsoft Corporation) C:\Program Files\SaveAsPDFandXPS.exe
2014-04-24 23:25 - 2014-04-24 23:25 - 0000460 ___HC () C:\Documents and Settings\Michelle\Application Data\iColorDisplay3.lic
2014-04-24 23:25 - 2014-04-24 23:25 - 0000606 ____C () C:\Documents and Settings\Michelle\Application Data\iColorDisplay3.prefs
2013-10-27 10:54 - 2017-03-29 11:51 - 0222720 ____C () C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-02 22:00 - 2017-04-02 22:00 - 0087871 _____ () C:\Documents and Settings\Michelle\Local Settings\Application Data\FASTWiz.log
2014-04-24 23:17 - 2014-04-24 23:17 - 0000131 ____C () C:\Documents and Settings\Michelle\Local Settings\Application Data\fusioncache.dat
2013-11-14 14:30 - 2013-11-14 14:30 - 0000268 __RHC () C:\Documents and Settings\All Users\Application Data\Jazz
2013-11-14 14:31 - 2013-11-14 14:31 - 0000268 __RHC () C:\Documents and Settings\All Users\Application Data\Jazz Kit
2013-11-14 14:30 - 2013-11-14 14:30 - 0000268 __RHC () C:\Documents and Settings\All Users\Application Data\Jingles
2013-11-14 14:30 - 2013-11-14 14:30 - 0000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLeo.DAT
2013-11-14 14:31 - 2013-11-14 14:42 - 0000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
2013-11-14 14:30 - 2014-02-11 20:58 - 0000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
2013-11-14 14:30 - 2014-02-11 20:59 - 0000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Meesh (05-04-2017 17:33:00)
Running from C:\Documents and Settings\Michelle\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-09-11 14:04:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-602162358-706699826-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-602162358-706699826-1801674531-1010 - Limited - Enabled)
Guest (S-1-5-21-602162358-706699826-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-602162358-706699826-1801674531-1000 - Limited - Disabled)
Meesh (S-1-5-21-602162358-706699826-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Michelle
SUPPORT_388945a0 (S-1-5-21-602162358-706699826-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version:  - )
Canon MG4100 series On-screen Manual (HKLM\...\Canon MG4100 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.18 - Dell Inc.)
f.lux (HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\Flux) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6147.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version:  - )
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 52.0.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.0.2 ESR (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
Nikon Movie Editor (HKLM\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.0 - Nikon)
O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{348E6CDF-A6AE-45E6-B0AB-65A07B3C715E}) (Version: 2.0.03 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.03 - O2Micro International LTD.) Hidden
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.15 - Nikon)
Pivot Pro Plugin (Version: 9.50.110 - Portrait Displays, Inc.) Hidden
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - CyberLink Corp.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
SDK (Version: 1.41.070 - Portrait Displays, Inc.) Hidden
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.8.2 - Nikon)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3400 - Dell)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\Michelle\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2013-09-11 14:53 - 2008-10-24 13:00 - 00024064 ____C () C:\WINDOWS\System32\WLTRYSVC.EXE
2013-09-11 14:53 - 2008-10-24 13:00 - 00753664 ____C () C:\WINDOWS\System32\bcm1xsup.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-04-05 12:23 - 2017-04-05 12:23 - 06021808 _____ () C:\Program Files\AVAST Software\Avast\defs\17040502\algo.dll
2017-03-26 02:01 - 2017-04-01 19:21 - 01736992 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00230632 _____ () c:\Program Files\AVAST Software\Avast\StreamBack.dll
2013-09-11 14:53 - 2008-10-24 13:00 - 00143360 ____C () C:\WINDOWS\system32\preflib.dll
2017-03-29 17:40 - 2017-03-29 17:40 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-04-13 19:00 - 2013-01-02 02:49 - 01292288 ____C () C:\WINDOWS\system32\quartz.dll
2017-03-21 11:34 - 2017-03-21 11:34 - 20078680 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7863 more sites.

IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\1-2005-search.com -> www.1-2005-search.com

There are 12678 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-13 19:00 - 2017-03-29 13:47 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-602162358-706699826-1801674531-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 209.197.128.2 - 209.197.128.5
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuatoCalibrationLoader.lnk => C:\WINDOWS\pss\QuatoCalibrationLoader.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Michelle^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DT VSC => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -VSC
MSCONFIG\startupreg: DWQueuedReporting => "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Disabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Disabled:@xpsp3res.dll,-20000
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Disabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management

==================== Restore Points =========================

29-03-2017 13:01:05 System Checkpoint
29-03-2017 13:01:19 good
29-03-2017 13:06:49 Installed Windows XP Wdf01009.
29-03-2017 14:19:32 Software Distribution Service 3.0
29-03-2017 15:04:40 Software Distribution Service 3.0
29-03-2017 15:14:38 Software Distribution Service 3.0
29-03-2017 17:21:16 good after anti& registry
30-03-2017 17:35:07 System Checkpoint
30-03-2017 18:41:26 Installed Windows XP Wdf01009.
31-03-2017 19:19:09 System Checkpoint
01-04-2017 20:43:13 System Checkpoint
02-04-2017 23:25:09 Configured IDT Audio
04-04-2017 12:26:08 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1397 WLAN Mini-Card
Description: Dell Wireless 1397 WLAN Mini-Card
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth LAN Access Server Driver
Description: Bluetooth LAN Access Server Driver
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: BTWDNDIS
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2017 03:37:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.0.2.6291, faulting module mozglue.dll, version 52.0.2.6291, fault address 0x0000f76f.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (04/01/2017 01:55:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.0.2.6291, faulting module mozglue.dll, version 52.0.2.6291, fault address 0x0000f76f.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/29/2017 03:08:28 PM) (Source: VSSetup) (EventID: 5000) (User: )
Description: EventType vssetup, P1 kb2898855v2, P2 10.0.30319, P3 10.0.30319.1022, P4 1, P5 ndp40-kb2898855.msp, P6 install_i_silent_error, P7 1603, P8 0, P9 processassembly, P10 NIL.

Error: (03/29/2017 03:08:27 PM) (Source: MsiInstaller) (EventID: 1023) (User: MEESH)
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2898855v2' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\Michelle\LOCALS~1\Temp\KB2898855v2_20170329_150448093-Microsoft .NET Framework 4 Client Profile-MSP0.txt.

Error: (03/29/2017 03:07:11 PM) (Source: MsiInstaller) (EventID: 10005) (User: MEESH)
Description: Product: Microsoft .NET Framework 4 Client Profile -- There is a problem with this Windows Installer package. Please refer to the setup log for more information.

Error: (03/29/2017 02:39:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020

Error: (03/29/2017 02:28:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.0.1.6284, faulting module mozglue.dll, version 52.0.1.6284, fault address 0x0000f74f.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/26/2017 01:45:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application firefox.exe, version 52.0.1.6284, faulting module mozglue.dll, version 52.0.1.6284, fault address 0x0000f74f.
Processing media-specific event for [firefox.exe!ws!]

Error: (03/26/2017 01:45:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.0.1.6284, faulting module mozglue.dll, version 52.0.1.6284, fault address 0x0000f74f.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/26/2017 01:41:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.0.1.6284, faulting module mozglue.dll, version 52.0.1.6284, fault address 0x0000f74f.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (04/04/2017 08:47:24 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/04/2017 11:27:02 AM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/03/2017 03:55:32 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/02/2017 11:27:03 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/02/2017 05:15:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/02/2017 05:03:54 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/02/2017 05:02:29 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/02/2017 01:48:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswRvrt
aswSnx
aswSP
aswVmm
ESProtectionDriver
Fips
intelppm

Error: (04/02/2017 01:47:37 PM) (Source: DCOM) (EventID: 10005) (User: MEESH)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (04/02/2017 01:47:36 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 50%
Total physical RAM: 3032.88 MB
Available physical RAM: 1509.21 MB
Total Virtual: 10871.61 MB
Available Virtual: 9279.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:81.36 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: A42D04A3)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,207 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:40 PM

Posted 07 April 2017 - 11:21 PM

Hi,

 

I'm still working on this log with my instructor .Please hold on a bit.


Edited by Tenis, 07 April 2017 - 11:22 PM.


#5 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,207 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:40 PM

Posted 08 April 2017 - 09:48 AM

Hi there,

 

Quote

had help on this forum a few months ago for similar problems and was told no virus but my scans are STILL showing malware/virus/unwanted files in system volume information/restore points/autochk so any help would be appreciated 

Okay don't worry we will figure that out why scans showing those alerts.

 

About missing media player that could be the case that you told.

-----------

 

Windows XP - Outdated

I would recommend you to upgrade to latest operating system as windows XP is no longer supported.

If you continue to use Windows XP now that support has ended, your computer will still work but it might become more vulnerable to security risks and viruses. Internet Explorer 8 is also no longer supported, so if your Windows XP PC is connected to the Internet and you use Internet Explorer 8 to surf the web, you might be exposing your PC to additional threats. Choice is all your's.

 

===========================

 

Please do all the following steps in order.

 

Delfix

-------------

Download Delfix from here and save it to your desktop.

  • Checkmark ONLY these two:
    • Create registry backup
    • Purge system restore
  • Click the Run button.

Please post the log contents in your next reply.

 

----------------

 

 Farbar's Recovery Scan Tool

  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]
C:\WINDOWS\System32\dllcache\*.tmp
EmptyTemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed tool will create a log on same directory as FRST.exe called Fixlog.txt. Please copy and paste the contents of the file in your reply.

 

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.

 

 

=====================================

Since you getting threat detection in Avast and ESET so i need scan log of them.

 

Things I would like to see in your next reply.

 -ESET scan log

 -AVAST scan log

 -ComboFix log (C:\ComboFix.txt)

 -Delfix log

 -Fixlog



#6 meeshemee

meeshemee
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 AM

Posted 09 April 2017 - 10:38 AM

it won't let me run frst.exe as administrator but i will do the rest and post (waiting to use the computer for a bit first because scans are always clean right AFTER deleting restore points but then they always come up as malware once new ones have been automatically made).

 

**bleepingcomputer stalls when trying to post results.. still trying..stalls on "saving post".***


Edited by meeshemee, 09 April 2017 - 02:09 PM.


#7 meeshemee

meeshemee
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 AM

Posted 09 April 2017 - 02:17 PM

tried three times to reply.... either stalls on 'saving post" or will not allow me to paste logs.. still trying



#8 meeshemee

meeshemee
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 AM

Posted 09 April 2017 - 02:21 PM

apologies - will try posting each separately...

 

i don't know if it went through - i replied but it says it didn't.

i was wrong - eset and avast scans showing malware/viruses immediately after deleting previous restore points.
do you want me to download combofix?? and rescan delfix?

below are the logs:

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Meesh (09-04-2017 11:27:04) Run:1
Running from C:\Documents and Settings\Michelle\Desktop
Loaded Profiles: Meesh (Available Profiles: Meesh & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]
C:\WINDOWS\System32\dllcache\*.tmp
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully.
ZAM => service removed successfully.
HKLM\System\CurrentControlSet\Services\ZAM_Guard => key removed successfully.
ZAM_Guard => service removed successfully.

=========== "C:\WINDOWS\System32\dllcache\*.tmp" ==========

C:\WINDOWS\System32\dllcache\OLDB68.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDB6C.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDB70.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDB74.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDB78.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDB7C.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDB80.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDB84.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDB88.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDB8C.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDB90.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDB94.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDB98.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDB9C.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBA0.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBA4.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBA8.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBAC.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBB0.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBB4.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBB6.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBBA.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBBC.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBC0.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBC4.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBC6.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBC9.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBCD.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBD1.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBD5.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBD9.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBDD.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBE1.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBE5.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBEB.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBEF.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBF1.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBF3.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBF5.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBF7.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBF9.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBFB.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDBFF.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC03.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC07.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC0B.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC0F.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC13.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC17.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC1B.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC1F.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC23.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC27.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC2B.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC2D.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC30.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC32.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC36.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC3A.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC3E.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC40.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC44.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC46.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC48.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC4C.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC50.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC54.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC58.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC5C.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC60.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC64.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC68.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC6C.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC70.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC74.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC78.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC7C.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC80.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC84.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC88.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC8C.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC90.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC94.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC98.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDC9C.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDCA0.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDCA4.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDCA8.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDCAC.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDCB0.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDCB4.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDCB8.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDCBC.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDCC0.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDCC4.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDCC8.tmp => moved successfully
C:\WINDOWS\System32\dllcache\OLDCCC.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET102B.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET1032.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET106D.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET1070.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET1077.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET107E.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET1085.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET10CC.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET1164.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET11B0.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET11B3.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET11B6.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET11BE.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET11D7.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET11E0.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET122.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET136.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET268.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET293.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET2E6.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET2F1.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET32B.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET36.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET368.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET372.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET39D.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET4B1.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET4B8.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET580.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET5C3.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET5D6.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET5EB.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET5F6.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET619.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET633.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET63A.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET64D.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET65C.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET663.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET66A.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET6C4.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET6CB.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET70C.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET73E.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET748.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET78D.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET7A4.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET7C2.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET85E.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET861.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET864.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET86B.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET86E.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET871.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET874.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET877.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET87A.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET886.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET889.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET890.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET8D6.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET91.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET914.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET927.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET92A.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET92D.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET934.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET93F.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET9CC.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SET9EB.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETA8E.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETAA6.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETAC.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETB03.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETB0D.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETB23.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETB5.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETBB0.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETC26.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETC64.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETC7E.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETC8.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETCAF.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETCCA.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETCCD.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETCD3.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETCD6.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETCEC.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETD24.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETD27.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETD6A.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETD7.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETD84.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETDA6.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETDC4.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETDD1.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETDD4.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETE3D.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETE88.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETEA.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETEA3.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETEBA.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETEDD.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETEE9.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETEF3.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETF2C.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETF50.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETF65.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETF69.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETF6C.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETF77.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETF81.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETF88.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETFA2.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETFB4.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETFB7.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETFBA.tmp => moved successfully
C:\WINDOWS\System32\dllcache\SETFC5.tmp => moved successfully

========= End -> "C:\WINDOWS\System32\dllcache\*.tmp" ========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 42539 B
Java, Flash, Steam htmlcache => 523 B
Windows/system/dllcache/drivers => 322296 B
Edge => 0 B
Chrome => 427008 B
Firefox => 22603715 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 0 B
All Users => 0 B
systemprofile => 0 B
LocalService => 66172 B
NetworkService => 66228 B
Michelle => 163405 B
Administrator => 249957 B

RecycleBin => 0 B
EmptyTemp: => 22.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:27:34 ====


eset results after frst:

C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP104\A0039742.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP104\A0039890.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP104\A0039957.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP104\A0040029.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP105\A0040146.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP105\A0040177.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP105\A0040239.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP106\A0040345.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP106\A0040407.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP106\A0040474.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP107\A0040564.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP107\A0040594.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP109\A0040632.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
 



#9 meeshemee

meeshemee
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 AM

Posted 09 April 2017 - 02:43 PM

set avast to save log of virus results but can't find it anywhere.. can only find FULL log (ALL results) and too long to paste so pasting parts:

 

avast report after frst  (avast found over 15 instances (as usual) of malware or virus in "system volume information...exe:BAK" files "severity: high....threat:rootkit:hidden file" :

 

avast! Antirootkit, version 1.0 [Full]

Scan finished: Sunday, April 09, 2017 1:31:36 PM
Hidden files found: 15
Hidden registry items found: 119
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0

Process  [0]
Process  [4]
Process C:\WINDOWS\system32\smss.exe [980]
Process C:\WINDOWS\system32\csrss.exe [1172]
Process C:\WINDOWS\system32\winlogon.exe [1404]
Process C:\WINDOWS\system32\services.exe [1544]
Process C:\WINDOWS\system32\lsass.exe [1572]
Process C:\WINDOWS\system32\svchost.exe [1816]
Process C:\WINDOWS\system32\svchost.exe [1948]
Process C:\WINDOWS\system32\svchost.exe [204]
Process C:\WINDOWS\system32\svchost.exe [304]
Process C:\WINDOWS\system32\svchost.exe [556]
Process C:\WINDOWS\system32\WLTRYSVC.EXE [696]
Process C:\WINDOWS\system32\BCMWLTRY.EXE [720]
Process C:\Program Files\AVAST Software\Avast\AvastSvc.exe [756]
Process C:\WINDOWS\explorer.exe [1028]
Process C:\WINDOWS\system32\spoolsv.exe [1308]
Process C:\Program Files\IDT\XPV10_6147v005\WDM\stacsv.exe [1420]
Process C:\WINDOWS\system32\WLTRAY.EXE [1488]
Process C:\WINDOWS\system32\AESTFltr.exe [1496]
Process C:\WINDOWS\system32\hkcmd.exe [1832]
Process C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [1960]
Process C:\Program Files\AVAST Software\Avast\AvastUI.exe [804]
Process C:\Program Files\IDT\WDM\sttray.exe [840]
Process C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [960]
Process C:\WINDOWS\system32\rpcnet.exe [1516]
Process C:\Documents and Settings\Michelle\Local Settings\Application Data\FluxSoftware\Flux\flux.exe [1628]
Process C:\WINDOWS\system32\svchost.exe [752]
Process C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [1512]
Process C:\WINDOWS\system32\alg.exe [3264]
Process C:\Program Files\AVAST Software\Avast\aswidsagent.exe [3644]
Process C:\Program Files\antivius programs\esetonlinescanner_enu.exe [1756]
Process C:\Program Files\Mozilla Firefox\firefox.exe [3844]
Process C:\WINDOWS\system32\notepad.exe [3968]
Process C:\WINDOWS\system32\notepad.exe [648]
Process C:\Program Files\AVAST Software\Avast\AvastUI.exe [3952]
Process C:\WINDOWS\system32\notepad.exe [300]
VM: Intel CPU BiosDisabled
Disk 0 MBR read successfully
Disk 0 MBR scan
Disk 0 default boot code
File C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP103\A0034706.exe:BAK  **HIDDEN**
File C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP103\A0039495.exe:BAK  **HIDDEN**
File C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP104\A0039742.exe:BAK  **HIDDEN**
File C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP104\A0039890.exe:BAK  **HIDDEN**
File C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP104\A0039957.exe:BAK  **HIDDEN**
File C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP104\A0040029.exe:BAK  **HIDDEN**
File C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP105\A0040146.exe:BAK  **HIDDEN**
File C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP105\A0040177.exe:BAK  **HIDDEN**
File C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP105\A0040239.exe:BAK  **HIDDEN**
File C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP106\A0040345.exe:BAK  **HIDDEN**
File C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP106\A0040407.exe:BAK  **HIDDEN**
File C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP106\A0040474.exe:BAK  **HIDDEN**
File C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP107\A0040564.exe:BAK  **HIDDEN**
File C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP107\A0040594.exe:BAK  **HIDDEN**
File C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP109\A0040632.exe:BAK  **HIDDEN**
File C:\WINDOWS\system32
File C:\WINDOWS\system32\$winnt$.inf
File C:\WINDOWS\system32\1025
File C:\WINDOWS\system32\1028
File C:\WINDOWS\system32\1031
File C:\WINDOWS\system32\1033
File C:\WINDOWS\system32\1033\dwintl.dll
File C:\WINDOWS\system32\1037
File C:\WINDOWS\system32\1041
File C:\WINDOWS\system32\1042
File C:\WINDOWS\system32\1054
File C:\WINDOWS\system32\12520437.cpx
File C:\WINDOWS\system32\12520850.cpx

File C:\WINDOWS\system32\oobe\error
File C:\WINDOWS\system32\oobe\error\cnncterr.htm
File C:\WINDOWS\system32\oobe\error\dialtone.htm
File C:\WINDOWS\system32\oobe\error\hndshake.htm
File C:\WINDOWS\system32\oobe\error\isp2busy.htm
File C:\WINDOWS\system32\oobe\error\noanswer.htm
File C:\WINDOWS\system32\oobe\error\pberr.htm
File C:\WINDOWS\system32\oobe\error\pulse.htm
File C:\WINDOWS\system32\oobe\error\toobusy.htm
File C:\WINDOWS\system32\oobe\error.js
File C:\WINDOWS\system32\oobe\msobmain.dll
File C:\WINDOWS\system32\oobe\msobshel.dll
File C:\WINDOWS\system32\oobe\msobshel.htm
File C:\WINDOWS\system32\oobe\msobweb.dll
File C:\WINDOWS\system32\oobe\msoobe.exe
File C:\WINDOWS\system32\oobe\obeip.dun
File C:\WINDOWS\system32\oobe\oobebaln.exe
File C:\WINDOWS\system32\oobe\oobeinfo.ini
File C:\WINDOWS\system32\oobe\oobeutil.js
File C:\WINDOWS\system32\oobe\phone.inf
File C:\WINDOWS\system32\oobe\phone.obe
File C:\WINDOWS\system32\oobe\reg.isp
File C:\WINDOWS\system32\oobe\regerror
File C:\WINDOWS\system32\oobe\regerror\rcnterr.htm
File C:\WINDOWS\system32\oobe\regerror\rdtone.htm
File C:\WINDOWS\system32\oobe\regerror\rhndshk.htm
File C:\WINDOWS\system32\oobe\regerror\rnoansw.htm
File C:\WINDOWS\system32\oobe\regerror\rnomdm.htm
File C:\WINDOWS\system32\oobe\regerror\rpberr.htm
File C:\WINDOWS\system32\oobe\regerror\rpulse.htm
File C:\WINDOWS\system32\oobe\regerror\rtoobusy.htm
File C:\WINDOWS\system32\oobe\sample
File C:\WINDOWS\system32\oobe\sconnect.js
File C:\WINDOWS\system32\oobe\setup

File C:\WINDOWS\system32\wbem\AutoRecover
File C:\WINDOWS\system32\wbem\AutoRecover\02E78424AB18BDBFA706C08B7D7B9F1D.mof
File C:\WINDOWS\system32\wbem\AutoRecover\092389D621F5A8834203DAAC74CCA279.mof
File C:\WINDOWS\system32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof
File C:\WINDOWS\system32\wbem\AutoRecover\1E97A05DE566CF6EEAE29D0634E27392.mof
File C:\WINDOWS\system32\wbem\AutoRecover\1EBE968EB7AF815A32641E6185350A9E.mof
File C:\WINDOWS\system32\wbem\AutoRecover\20D2C3B8CE10B96CE6B8A3C241EF4416.mof
File C:\WINDOWS\system32\wbem\AutoRecover\218E0F84D93A656838C8138B2ACD01CC.mof
File C:\WINDOWS\system32\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
File C:\WINDOWS\system32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof
File C:\WINDOWS\system32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof
File C:\WINDOWS\system32\wbem\AutoRecover\A7575F8DE31A912FFE91A7A41B1E382A.mof
File C:\WINDOWS\system32\wbem\AutoRecover\A99860BB696AE92ED001E48B014365CE.mof
File C:\WINDOWS\system32\wbem\AutoRecover\ABB70D53B97FC8002205F77E02C97304.mof
File C:\WINDOWS\system32\wbem\AutoRecover\AE7023598F41510BF261111652046301.mof
File C:\WINDOWS\system32\wbem\AutoRecover\AEA50E449C23761CA4D9B7F9ED0D9C89.mof
File C:\WINDOWS\system32\wbem\AutoRecover\B0F7571D09CBE0AE81CB8FC91B04A321.mof
File C:\WINDOWS\system32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof
File C:\WINDOWS\system32\wbem\AutoRecover\C3A0BE17B37ACE48BE78B31580231AE9.mof
File C:\WINDOWS\system32\wbem\AutoRecover\C6300BFE37ADE6B52EC023F66124985F.mof
File C:\WINDOWS\system32\wbem\AutoRecover\C81ACF420917AA0F87487BC4D958BEB4.mof
File C:\WINDOWS\system32\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
File C:\WINDOWS\system32\wbem\AutoRecover\C92641594A6F2DA8A55FE4738AFDA539.mof
File C:\WINDOWS\system32\wbem\AutoRecover\3EC317800FF508210BB945C81C0EACE7.mof
File C:\WINDOWS\system32\wbem\AutoRecover\42355E8E232EF8CADD187D531DEC55DD.mof
File C:\WINDOWS\system32\wbem\AutoRecover\42C894EEACAD83A4E41154685841B3E1.mof
File C:\WINDOWS\system32\wbem\AutoRecover\608B41C6A2CD9460C2263E6CD80C335A.mof
File C:\WINDOWS\system32\wbem\AutoRecover\60A06765DDFE47EF7240BD9C1EB29EFE.mof
File C:\WINDOWS\system32\wbem\AutoRecover\6B0EB5F4DFCDF237A644ACEF15E5775E.mof
File C:\WINDOWS\system32\wbem\AutoRecover\6B38F33147D0369D5038BBB61C7A31C8.mof
File C:\WINDOWS\system32\wbem\AutoRecover\6F8564A71977AE6B940705DCC4847A8D.mof
File C:\WINDOWS\system32\wbem\AutoRecover\6FFF7467A5B40765D5740A413CA8BB8A.mof
File C:\WINDOWS\system32\wbem\AutoRecover\701B705ED7DF100F88D5BC4A595E938D.mof
File C:\WINDOWS\system32\wbem\AutoRecover\CFC35B349D24A8495FD2CEAB15C32D88.mof
File C:\WINDOWS\system32\wbem\AutoRecover\D361F8B496FD6DAF7BEEF497E09C0DC1.mof
File C:\WINDOWS\system32\wbem\AutoRecover\D724DF13E0B0DF051EB5D403DD8EF2FC.mof
File C:\WINDOWS\system32\wbem\AutoRecover\D92470B796B6B18F9EE52301857F0567.mof
File C:\WINDOWS\system32\wbem\AutoRecover\DBD781C2C031C708BCB490F228E7BEF9.mof
File C:\WINDOWS\system32\wbem\AutoRecover\DC999686F8B85B326CEDFA199DD07F72.mof
File C:\WINDOWS\system32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof
File C:\WINDOWS\system32\wbem\AutoRecover\DFD614E4D613EF4506AC8F525F5F514B.mof
File C:\WINDOWS\system32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof
File C:\WINDOWS\system32\wbem\AutoRecover\E441354B9FE5F63362A481C9B9195A73.mof
File C:\WINDOWS\system32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof
File C:\WINDOWS\system32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof
File C:\WINDOWS\system32\wbem\AutoRecover\EDBF963FB003D0670AA9C2219BD091FB.mof
File C:\WINDOWS\system32\wbem\AutoRecover\FAAD7D567E76CAB10704AFD7C0488F23.mof
File C:\WINDOWS\system32\wbem\AutoRecover\37134956F76D3C30C9BE0C12571CAF43.mof
File C:\WINDOWS\system32\wbem\AutoRecover\CA0106054EB09C302ED3E0669F99D021.mof
File C:\WINDOWS\system32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof
File C:\WINDOWS\system32\wbem\AutoRecover\731AE1FC8C795979F40FAD645FFBAEB1.mof
File C:\WINDOWS\system32\wbem\AutoRecover\79E817BC978E2D450EB9E3794DFDA6CF.mof
File C:\WINDOWS\system32\wbem\AutoRecover\7A62FA52E22CE751514BC93BE067BC80.mof
File C:\WINDOWS\system32\wbem\AutoRecover\7BDE76979585395D59B5DA1D62E63C50.mof
File C:\WINDOWS\system32\wbem\AutoRecover\7E27EAAD25AA36FEADFF502991DFC5C1.mof
File C:\WINDOWS\system32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof
File C:\WINDOWS\system32\wbem\AutoRecover\807DD20ADF6F5D5EEA0C4E4CF016E69E.mof
File C:\WINDOWS\system32\wbem\AutoRecover\852ECCDBABE77624586E4417FE66F857.mof
File C:\WINDOWS\system32\wbem\AutoRecover\8636DC7F9479DACE6778109CB4FB4B01.mof
File C:\WINDOWS\system32\wbem\AutoRecover\88744D2A29102FC88ECF505DD2E984FC.mof
File C:\WINDOWS\system32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof
File C:\WINDOWS\system32\wbem\AutoRecover\958A50DFF8A9DF5FAEA042AC9F60815F.mof
File C:\WINDOWS\system32\wbem\AutoRecover\26D6C4EB696DD0C83F5D5BF2235000A7.mof
File C:\WINDOWS\system32\wbem\AutoRecover\2A61A823DC2C1C838EE71C4351BED0B4.mof
File C:\WINDOWS\system32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof
File C:\WINDOWS\system32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof
File C:\WINDOWS\system32\wbem\AutoRecover\2C142C4C15E3B8D139B98154CD083071.mof
File C:\WINDOWS\system32\wbem\AutoRecover\2CE64FBD51953C097BB5470043A6DAF9.mof
File C:\WINDOWS\system32\wbem\AutoRecover\2CFB5B149FA396D1AEA5F89B1C5A8D81.mof
File C:\WINDOWS\system32\wbem\AutoRecover\2DA80135BA8EC175C9B1C1598F659434.mof


File C:\WINDOWS\system32\WdfCoInstaller01009.dll

File C:\WINDOWS\system32\config\.ghost-ntfs-3g-00000000000000000001
File C:\WINDOWS\system32\config\.ghost-ntfs-3g-00000000000000000003
File C:\WINDOWS\system32\config\AppEvent.Evt
File C:\WINDOWS\system32\config\default
File C:\WINDOWS\system32\config\default.LOG
File C:\WINDOWS\system32\config\default.LOG1
File C:\WINDOWS\system32\config\default.LOG2
File C:\WINDOWS\system32\config\default.sav
File C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
File C:\WINDOWS\system32\config\Internet.evt
File C:\WINDOWS\system32\config\ODiag.evt
File C:\WINDOWS\system32\config\OSession.evt
File C:\WINDOWS\system32\config\SAM
File C:\WINDOWS\system32\config\SAM.gsbackup
File C:\WINDOWS\system32\config\SAM.LOG
File C:\WINDOWS\system32\config\SAM.LOG1
File C:\WINDOWS\system32\config\SAM.LOG2
File C:\WINDOWS\system32\config\SecEvent.Evt
File C:\WINDOWS\system32\config\SECURITY
File C:\WINDOWS\system32\config\SECURITY.LOG
File C:\WINDOWS\system32\config\Security.LOG1
File C:\WINDOWS\system32\config\Security.LOG2
File C:\WINDOWS\system32\config\software
File C:\WINDOWS\system32\config\software.LOG1
File C:\WINDOWS\system32\config\software.LOG2
File C:\WINDOWS\system32\config\software.sav
File C:\WINDOWS\system32\config\SpybotSD.evt
File C:\WINDOWS\system32\config\SysEvent.Evt
File C:\WINDOWS\system32\config\system
File C:\WINDOWS\system32\config\system.LOG
File C:\WINDOWS\system32\config\system.LOG1
File C:\WINDOWS\system32\config\system.LOG2
File C:\WINDOWS\system32\config\system.sav
File C:\WINDOWS\system32\config\systemprofile
File C:\WINDOWS\system32\config\systemprofile\Application Data
File C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\0270780F846F08BEFE0DD8112D932FEF
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\04A8EFD7566E919CDF02CF38ED1E5D38
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\0797C381B2F87EB5A1D5573BD15BA4F4
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\0E506CEBBC8B162CFB2D72DB4891DCAE
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\12236C41CDDF9E40BA5606CDF086B821
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\1B749B72855CB97BF2F58675617C9BF9
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\1F356F4D07FE8C483E769E4586569404
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\207B9FD92391B9B2A60A89B4C965D5DF
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2659C1A560AB92C9C29D4B2B25815AE8
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2CBA778EDE392869AE757635237D9DDF
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2D0EAFE99DD0474CD3DF1720DC4B3759
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\3130B1871A126520A8C47861EFE3ED4D
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\3D0AC26322348780E90E022EA217C58C
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\782D7E2BFB036A849A99FFA65C652D39
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\793C6836427E60E90A57B78CB7350E0D
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7BD5521448F9309F5CEB0C75890FFABC
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\889847424549FBDB7D7C39B4F673A51B
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\8A9510437CB4EEB09F4B3AC2BC980E19
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\8EDCF682921FE94F4A02A43CD1A28E6B
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A89DFCC31C360BA5CBD616749B1B1C5D
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\AB9D858F6857D5C5A5EA3CDBB07F0CD4
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\B8CC409ACDBF2A2FE04C56F2875B1FD6
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\C27229390F3F6926292942FB717A1F0F
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\4DB1DABDF57ED9997FE8DCC77E93C04F
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\50A7F06C30D66D5A8AC0763EA04098BB
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\519E5445FA4764FF41B6C528801CE286
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\570FB14ABC805C46708F32F92F10C3B4
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\5781E92BE36651A8ED64685F2F3CF507
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\616AD1AB067CFD351D6C0EF6F3E12F40
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7289FE1D584C4EDE5D8D25EE722F05D0
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7396C420A8E1BC1DA97F1AF0D10BAD21
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\C911EABD82D65947049C32F9037AA0E0
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\D41693DAFE5DEF0C36959FF1FCEF5C96
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E04822AD18D472EA5B582E6E6F8C6B9A
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E48DDEA3BF68DF580551FA0F27950B54
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E665346F0BE57F34168E0A55B8020561
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\ECF3006D44DA211141391220EE5049F4
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F234AF16A662E2448E049CAD14C6D675
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F90F18257CBB4D84216AC1E1F3BB2C76
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F94FD5F2AAEFDB64257601230509A4E9
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\0270780F846F08BEFE0DD8112D932FEF
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\04A8EFD7566E919CDF02CF38ED1E5D38
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\0797C381B2F87EB5A1D5573BD15BA4F4
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\0E506CEBBC8B162CFB2D72DB4891DCAE
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\12236C41CDDF9E40BA5606CDF086B821
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\1B749B72855CB97BF2F58675617C9BF9
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\1F356F4D07FE8C483E769E4586569404
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\207B9FD92391B9B2A60A89B4C965D5DF
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2659C1A560AB92C9C29D4B2B25815AE8
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2CBA778EDE392869AE757635237D9DDF
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2D0EAFE99DD0474CD3DF1720DC4B3759
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\3D0AC26322348780E90E022EA217C58C
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\782D7E2BFB036A849A99FFA65C652D39
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\793C6836427E60E90A57B78CB7350E0D
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7BD5521448F9309F5CEB0C75890FFABC
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\889847424549FBDB7D7C39B4F673A51B
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\8A9510437CB4EEB09F4B3AC2BC980E19
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\8EDCF682921FE94F4A02A43CD1A28E6B
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A89DFCC31C360BA5CBD616749B1B1C5D
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\AB9D858F6857D5C5A5EA3CDBB07F0CD4
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\B8CC409ACDBF2A2FE04C56F2875B1FD6
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\C27229390F3F6926292942FB717A1F0F
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\4DB1DABDF57ED9997FE8DCC77E93C04F
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\50A7F06C30D66D5A8AC0763EA04098BB
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\519E5445FA4764FF41B6C528801CE286
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\570FB14ABC805C46708F32F92F10C3B4
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\5781E92BE36651A8ED64685F2F3CF507
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\616AD1AB067CFD351D6C0EF6F3E12F40
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7289FE1D584C4EDE5D8D25EE722F05D0
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7396C420A8E1BC1DA97F1AF0D10BAD21
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\C911EABD82D65947049C32F9037AA0E0
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\D41693DAFE5DEF0C36959FF1FCEF5C96
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E04822AD18D472EA5B582E6E6F8C6B9A
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E48DDEA3BF68DF580551FA0F27950B54
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E665346F0BE57F34168E0A55B8020561
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\ECF3006D44DA211141391220EE5049F4
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F234AF16A662E2448E049CAD14C6D675
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F90F18257CBB4D84216AC1E1F3BB2C76
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F94FD5F2AAEFDB64257601230509A4E9
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs
File C:\WINDOWS\system32\config\systemprofile\Desktop
File C:\WINDOWS\system32\config\systemprofile\Favorites
File C:\WINDOWS\system32\config\systemprofile\Local Settings
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg\avgexp_cfg_usergui.xml
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg\AWL2015
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg\AWL2015\log
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\CrashReports
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Temp
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Temp\avastBCLTMP
File C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012013091120130912
File C:\WINDOWS\system32\config\systemprofile\Local Settings\temp
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files
File C:\WINDOWS\system32\config\systemprofile\My Documents
File C:\WINDOWS\system32\config\systemprofile\NetHood
File C:\WINDOWS\system32\config\systemprofile\ntuser.dat
File C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
File C:\WINDOWS\system32\config\systemprofile\PrintHood
File C:\WINDOWS\system32\config\systemprofile\Recent



Service .NET CLR Data [???]
Service .NET CLR Networking [???]
Service .NET CLR Networking 4.0.0.0 [???]
Service .NET Data Provider for Oracle [???]
Service .NET Data Provider for SqlServer [???]
Service .NET Memory Cache 4.0 [???]
Service .NETFramework [???]
Service Abiosdsk [C:\WINDOWS\System32\Drivers\Abiosdsk.sys]
Service abp480n5 [C:\WINDOWS\System32\Drivers\abp480n5.sys]
Service ACPI [C:\WINDOWS\system32\DRIVERS\ACPI.sys]
Service ACPIEC [C:\WINDOWS\system32\DRIVERS\ACPIEC.sys]
Service AdobeFlashPlayerUpdateSvc [C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
Service adpu160m [C:\WINDOWS\System32\Drivers\adpu160m.sys]
Service aec [C:\WINDOWS\system32\drivers\aec.sys]
Service AESTAud [C:\WINDOWS\system32\drivers\AESTAud.sys]
Service AFD [C:\WINDOWS\System32\drivers\afd.sys]
Service Aha154x [C:\WINDOWS\System32\Drivers\Aha154x.sys]
Service ahcix86 [???]
Service aic78u2 [C:\WINDOWS\System32\Drivers\aic78u2.sys]
Service aic78xx [C:\WINDOWS\System32\Drivers\aic78xx.sys]
Service Alerter [C:\WINDOWS\system32\alrsvc.dll]
Service ALG [C:\WINDOWS\System32\alg.exe]
Service AliIde [C:\WINDOWS\System32\Drivers\AliIde.sys]
Service amsint [C:\WINDOWS\System32\Drivers\amsint.sys]
Service AppMgmt [C:\WINDOWS\System32\appmgmts.dll]
Service Arp1394 [C:\WINDOWS\system32\DRIVERS\arp1394.sys]
Service asc [C:\WINDOWS\System32\Drivers\asc.sys]
Service asc3350p [C:\WINDOWS\System32\Drivers\asc3350p.sys]
Service asc3550 [C:\WINDOWS\System32\Drivers\asc3550.sys]
Service ASP.NET [???]
Service ASP.NET_1.1.4322 [???]
Service ASP.NET_2.0.50727 [???]
Service ASP.NET_4.0.30319 [???]
Service aspnet_state [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe]
Service Asset Management Daemon [C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe]
Service aswbIDSAgent [C:\Program Files\AVAST Software\Avast\aswidsagent.exe]
Service aswbidsdriver [C:\WINDOWS\system32\drivers\aswbidsdriverx.sys]
Service aswbidsh [C:\WINDOWS\system32\drivers\aswbidshx.sys]
Service aswblog [C:\WINDOWS\system32\drivers\aswblogx.sys]
Service aswbuniv [C:\WINDOWS\system32\drivers\aswbunivx.sys]
Service aswHwid [C:\WINDOWS\system32\drivers\aswHwid.sys]
Service aswMonFlt [C:\WINDOWS\system32\drivers\aswMonFlt.sys]
Service aswRdr [C:\WINDOWS\system32\drivers\aswRdr.sys]
Service aswRvrt [C:\WINDOWS\system32\drivers\aswRvrt.sys]
Service aswSnx [C:\WINDOWS\system32\drivers\aswSnx.sys]
Service aswSP [C:\WINDOWS\system32\drivers\aswSP.sys]
Service aswStmXP [C:\WINDOWS\system32\drivers\aswStmXP.sys]
Service aswTap [C:\WINDOWS\system32\DRIVERS\aswTap.sys]
Service aswVmm [C:\WINDOWS\system32\drivers\aswVmm.sys]
Service AsyncMac [C:\WINDOWS\system32\DRIVERS\asyncmac.sys]
Service atapi [C:\WINDOWS\System32\Drivers\atapi.sys]
Service Atdisk [C:\WINDOWS\System32\Drivers\Atdisk.sys]
Service Atmarpc [C:\WINDOWS\system32\DRIVERS\atmarpc.sys]
Service AudioSrv [C:\WINDOWS\System32\audiosrv.dll]
Service audstub [C:\WINDOWS\system32\DRIVERS\audstub.sys]
Service avast! Antivirus [C:\Program Files\AVAST Software\Avast\AvastSvc.exe]
Service BattC [???]
Service BCM43XX [C:\WINDOWS\system32\DRIVERS\bcmwl5.sys]
Service BCMLogon [???]
Service Beep [C:\WINDOWS\System32\Drivers\Beep.sys]
Service BITS [C:\WINDOWS\system32\qmgr.dll]
Service Bridge [C:\WINDOWS\system32\DRIVERS\bridge.sys]
Service BridgeMP [C:\WINDOWS\system32\DRIVERS\bridge.sys]
Service Browser [C:\WINDOWS\System32\browser.dll]
Service BTDriver [C:\WINDOWS\system32\DRIVERS\btport.sys]
Service BTKRNL [C:\WINDOWS\system32\DRIVERS\btkrnl.sys]
Service btwdins [C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe]
Service BTWDNDIS [C:\WINDOWS\system32\DRIVERS\btwdndis.sys]
Service BTWUSB [C:\WINDOWS\System32\Drivers\btwusb.sys]
Service catchme [C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys]
Service cbidf2k [C:\WINDOWS\System32\Drivers\cbidf2k.sys]
Service cd20xrnt [C:\WINDOWS\System32\Drivers\cd20xrnt.sys]
Service Cdaudio [C:\WINDOWS\System32\Drivers\Cdaudio.sys]
Service Cdfs [C:\WINDOWS\System32\Drivers\Cdfs.sys]
Service Cdrom [C:\WINDOWS\system32\DRIVERS\cdrom.sys]
Service Changer [C:\WINDOWS\System32\Drivers\Changer.sys]
Service CiSvc [C:\WINDOWS\system32\cisvc.exe]
Service ClipSrv [C:\WINDOWS\system32\clipsrv.exe]
Service clr_optimization_v2.0.50727_32 [c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]
Service clr_optimization_v4.0.30319_32 [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe]
Service CmBatt [C:\WINDOWS\system32\DRIVERS\CmBatt.sys]
Service CmdIde [C:\WINDOWS\System32\Drivers\CmdIde.sys]
Service Compbatt [C:\WINDOWS\system32\DRIVERS\compbatt.sys]
Service COMSysApp [C:\WINDOWS\system32\dllhost.exe]
Service ContentFilter [???]
Service ContentIndex [???]
Service Cpqarray [C:\WINDOWS\System32\Drivers\Cpqarray.sys]
Service CryptSvc [C:\WINDOWS\System32\cryptsvc.dll]
Service dac2w2k [C:\WINDOWS\System32\Drivers\dac2w2k.sys]
Service dac960nt [C:\WINDOWS\System32\Drivers\dac960nt.sys]
Service DcomLaunch [C:\WINDOWS\system32\rpcss.dll]
Service Dhcp [C:\WINDOWS\System32\dhcpcsvc.dll]
Service Disk [C:\WINDOWS\system32\DRIVERS\disk.sys]
Service dmadmin [C:\WINDOWS\System32\dmadmin.exe]
Service dmboot [C:\WINDOWS\System32\drivers\dmboot.sys]
Service dmio [C:\WINDOWS\System32\drivers\dmio.sys]
Service dmload [C:\WINDOWS\System32\drivers\dmload.sys]
Service dmserver [C:\WINDOWS\System32\dmserver.dll]
Service DMusic [C:\WINDOWS\system32\drivers\DMusic.sys]
Service Dnscache [C:\WINDOWS\System32\dnsrslvr.dll]
Service Dot3svc [C:\WINDOWS\System32\dot3svc.dll]
Service dpti2o [C:\WINDOWS\System32\Drivers\dpti2o.sys]
Service drmkaud [C:\WINDOWS\system32\drivers\drmkaud.sys]
Service DTSRVC [C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe]
Service EapHost [C:\WINDOWS\System32\eapsvc.dll]
Service ERSvc [C:\WINDOWS\System32\ersvc.dll]
Service ESProtectionDriver [C:\WINDOWS\system32\drivers\mbae.sys]
Service Eventlog [C:\WINDOWS\system32\services.exe]
Service EventSystem [C:\WINDOWS\system32\es.dll]
Service Fastfat [C:\WINDOWS\System32\Drivers\Fastfat.sys]
Service FastUserSwitchingCompatibility [C:\WINDOWS\System32\shsvcs.dll]
Service Fdc [C:\WINDOWS\System32\Drivers\Fdc.sys]
Service Fips [C:\WINDOWS\System32\Drivers\Fips.sys]
Service Flpydisk [C:\WINDOWS\System32\Drivers\Flpydisk.sys]
Service FltMgr [C:\WINDOWS\system32\DRIVERS\fltMgr.sys]
Service FontCache3.0.0.0 [c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe]
Service Fs_Rec [C:\WINDOWS\System32\Drivers\Fs_Rec.sys]
Service Ftdisk [C:\WINDOWS\system32\DRIVERS\ftdisk.sys]
Service Gpc [C:\WINDOWS\system32\DRIVERS\msgpc.sys]
Service HDAudBus [C:\WINDOWS\system32\DRIVERS\HDAudBus.sys]
Service helpsvc [C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll]
Service HidServ [C:\WINDOWS\System32\hidserv.dll]
Service hidusb [C:\WINDOWS\system32\DRIVERS\hidusb.sys]
Service hkmsvc [C:\WINDOWS\System32\kmsvc.dll]
Service hpn [C:\WINDOWS\System32\Drivers\hpn.sys]
Service HTTP [C:\WINDOWS\System32\Drivers\HTTP.sys]
Service HTTPFilter [C:\WINDOWS\System32\w3ssl.dll]
Service i2omgmt [C:\WINDOWS\System32\Drivers\i2omgmt.sys]
Service i2omp [C:\WINDOWS\System32\Drivers\i2omp.sys]
Service i8042prt [C:\WINDOWS\system32\DRIVERS\i8042prt.sys]
Service ialm [C:\WINDOWS\system32\DRIVERS\igxpmp32.sys]
Service iastor [C:\WINDOWS\system32\drivers\iastor.sys]
Service IDriverT [C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe]
Service idsvc [c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe]
Service Imapi [C:\WINDOWS\system32\DRIVERS\imapi.sys]
Service ImapiService [C:\WINDOWS\system32\imapi.exe]
Service inetaccs [???]
Service ini910u [C:\WINDOWS\System32\Drivers\ini910u.sys]
Service Inport [???]
Service intelppm [C:\WINDOWS\system32\DRIVERS\intelppm.sys]
Service Ip6Fw [C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys]
Service IpFilterDriver [C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys]
Service IpInIp [C:\WINDOWS\system32\DRIVERS\ipinip.sys]
Service IpNat [C:\WINDOWS\system32\DRIVERS\ipnat.sys]
Service IPSec [C:\WINDOWS\system32\DRIVERS\ipsec.sys]
Service IRENUM [C:\WINDOWS\system32\DRIVERS\irenum.sys]
Service ISAPISearch [???]
Service isapnp [C:\WINDOWS\system32\DRIVERS\isapnp.sys]
Service Kbdclass [C:\WINDOWS\system32\DRIVERS\kbdclass.sys]
Service kbdhid [C:\WINDOWS\system32\DRIVERS\kbdhid.sys]
Service kmixer [C:\WINDOWS\system32\drivers\kmixer.sys]
Service KSecDD [C:\WINDOWS\System32\Drivers\KSecDD.sys]
Service LanmanServer [C:\WINDOWS\System32\srvsvc.dll]
Service lanmanworkstation [C:\WINDOWS\System32\wkssvc.dll]
Service lbrtfdc [C:\WINDOWS\System32\Drivers\lbrtfdc.sys]
Service ldap [???]
Service LicenseService [???]
Service LmHosts [C:\WINDOWS\System32\lmhsvc.dll]
Service MBAMChameleon [C:\WINDOWS\system32\drivers\MBAMChameleon.sys]
Service MBAMProtection [C:\WINDOWS\system32\drivers\mbam.sys]
Service MBAMService [C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe]
Service MBAMSwissArmy [C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys]
Service Messenger [C:\WINDOWS\System32\msgsvc.dll]
Service mnmdd [C:\WINDOWS\System32\Drivers\mnmdd.sys]
Service mnmsrvc [C:\WINDOWS\system32\mnmsrvc.exe]
Service Modem [C:\WINDOWS\System32\Drivers\Modem.sys]
Service Mouclass [C:\WINDOWS\system32\DRIVERS\mouclass.sys]
Service mouhid [C:\WINDOWS\system32\DRIVERS\mouhid.sys]
Service MountMgr [C:\WINDOWS\System32\Drivers\MountMgr.sys]
Service MozillaMaintenance [C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe]
Service mraid35x [C:\WINDOWS\System32\Drivers\mraid35x.sys]
Service MRxDAV [C:\WINDOWS\system32\DRIVERS\mrxdav.sys]
Service MRxSmb [C:\WINDOWS\system32\DRIVERS\mrxsmb.sys]
Service MSDTC [C:\WINDOWS\system32\msdtc.exe]
Service MSDTC Bridge 3.0.0.0 [???]
Service MSDTC Bridge 4.0.0.0 [???]
Service Msfs [C:\WINDOWS\System32\Drivers\Msfs.sys]
Service MSIServer [C:\WINDOWS\system32\msiexec.exe]
Service MSKSSRV [C:\WINDOWS\system32\drivers\MSKSSRV.sys]
Service MSPCLOCK [C:\WINDOWS\system32\drivers\MSPCLOCK.sys]
Service MSPQM [C:\WINDOWS\system32\drivers\MSPQM.sys]
Service mssmbios [C:\WINDOWS\system32\DRIVERS\mssmbios.sys]
Service Mup [C:\WINDOWS\System32\Drivers\Mup.sys]
Service napagent [C:\WINDOWS\System32\qagentrt.dll]
Service NDIS [C:\WINDOWS\System32\Drivers\NDIS.sys]
Service NdisTapi [C:\WINDOWS\system32\DRIVERS\ndistapi.sys]
Service Ndisuio [C:\WINDOWS\system32\DRIVERS\ndisuio.sys]
Service NdisWan [C:\WINDOWS\system32\DRIVERS\ndiswan.sys]
Service NDProxy [C:\WINDOWS\System32\Drivers\NDProxy.sys]
Service NetBIOS [C:\WINDOWS\system32\DRIVERS\netbios.sys]
Service NetBT [C:\WINDOWS\system32\DRIVERS\netbt.sys]
Service NetDDE [C:\WINDOWS\system32\netdde.exe]
Service NetDDEdsdm [C:\WINDOWS\system32\netdde.exe]
Service Netlogon [C:\WINDOWS\system32\lsass.exe]
Service Netman [C:\WINDOWS\System32\netman.dll]
Service NetTcpPortSharing [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe]
Service NIC1394 [C:\WINDOWS\system32\DRIVERS\nic1394.sys]
Service Nla [C:\WINDOWS\System32\mswsock.dll]
Service Npfs [C:\WINDOWS\System32\Drivers\Npfs.sys]
Service Ntfs [C:\WINDOWS\System32\Drivers\Ntfs.sys]
Service NtLmSsp [C:\WINDOWS\system32\lsass.exe]
Service NtmsSvc [C:\WINDOWS\system32\ntmssvc.dll]
Service Null [C:\WINDOWS\System32\Drivers\Null.sys]
Service nvgts [???]
Service nvrd32 [???]
Service NwlnkFlt [C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys]
Service NwlnkFwd [C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys]
Service O2FLASH [C:\WINDOWS\system32\DRIVERS\o2flash.exe]
Service O2MDGRDR [C:\WINDOWS\system32\DRIVERS\o2mdg.sys]
Service O2SDGRDR [C:\WINDOWS\system32\DRIVERS\o2sdg.sys]
Service odserv [C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE]
Service ohci1394 [C:\WINDOWS\system32\DRIVERS\ohci1394.sys]
Service ose [C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE]
Service Parport [C:\WINDOWS\System32\Drivers\Parport.sys]
Service PartMgr [C:\WINDOWS\System32\Drivers\PartMgr.sys]
Service ParVdm [C:\WINDOWS\System32\Drivers\ParVdm.sys]
Service PCI [C:\WINDOWS\system32\DRIVERS\pci.sys]
Service PCIDump [C:\WINDOWS\System32\Drivers\PCIDump.sys]
Service PCIIde [C:\WINDOWS\System32\Drivers\PCIIde.sys]
Service Pcmcia [C:\WINDOWS\System32\Drivers\Pcmcia.sys]
Service PDCOMP [C:\WINDOWS\System32\Drivers\PDCOMP.sys]
Service PDFRAME [C:\WINDOWS\System32\Drivers\PDFRAME.sys]
Service PdiPorts [C:\WINDOWS\System32\Drivers\PdiPorts.sys]
Service PdiService [C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe]
Service PDRELI [C:\WINDOWS\System32\Drivers\PDRELI.sys]
Service PDRFRAME [C:\WINDOWS\System32\Drivers\PDRFRAME.sys]
Service perc2 [C:\WINDOWS\System32\Drivers\perc2.sys]
Service perc2hib [C:\WINDOWS\System32\Drivers\perc2hib.sys]
Service PerfDisk [???]
Service PerfNet [???]
Service PerfOS [???]
Service PerfProc [???]
Service Pivot [C:\WINDOWS\System32\drivers\pivot.sys]
Service pivotmou [C:\WINDOWS\System32\drivers\pivotmou.sys]
Service PlugPlay [C:\WINDOWS\system32\services.exe]
Service PolicyAgent [C:\WINDOWS\system32\lsass.exe]
Service PptpMiniport [C:\WINDOWS\system32\DRIVERS\raspptp.sys]
Service ProtectedStorage [C:\WINDOWS\system32\lsass.exe]
Service PSched [C:\WINDOWS\system32\DRIVERS\psched.sys]
Service Ptilink [C:\WINDOWS\system32\DRIVERS\ptilink.sys]
Service ql1080 [C:\WINDOWS\System32\Drivers\ql1080.sys]
Service Ql10wnt [C:\WINDOWS\System32\Drivers\Ql10wnt.sys]
Service ql12160 [C:\WINDOWS\System32\Drivers\ql12160.sys]
Service ql1240 [C:\WINDOWS\System32\Drivers\ql1240.sys]
Service ql1280 [C:\WINDOWS\System32\Drivers\ql1280.sys]
Service RasAcd [C:\WINDOWS\system32\DRIVERS\rasacd.sys]
Service RasAuto [C:\WINDOWS\System32\rasauto.dll]
Service Rasl2tp [C:\WINDOWS\system32\DRIVERS\rasl2tp.sys]
Service RasMan [C:\WINDOWS\System32\rasmans.dll]
Service RasPppoe [C:\WINDOWS\system32\DRIVERS\raspppoe.sys]
Service Raspti [C:\WINDOWS\system32\DRIVERS\raspti.sys]
Service Rdbss [C:\WINDOWS\system32\DRIVERS\rdbss.sys]
Service RDPCDD [C:\WINDOWS\System32\DRIVERS\RDPCDD.sys]
Service RDPDD [???]
Service rdpdr [C:\WINDOWS\system32\DRIVERS\rdpdr.sys]
Service RDPNP [???]
Service RDPWD [C:\WINDOWS\System32\Drivers\RDPWD.sys]
Service RDSessMgr [C:\WINDOWS\system32\sessmgr.exe]
Service redbook [C:\WINDOWS\system32\DRIVERS\redbook.sys]
Service RemoteAccess [C:\WINDOWS\System32\mprdim.dll]
Service RemoteRegistry [C:\WINDOWS\system32\regsvc.dll]
Service RpcLocator [C:\WINDOWS\system32\locator.exe]
Service rpcnet [C:\WINDOWS\system32\rpcnet.exe]
Service RpcSs [C:\WINDOWS\System32\rpcss.dll]
Service RSVP [C:\WINDOWS\system32\rsvp.exe]
Service RTLE8023xp [C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys]
Service SamSs [C:\WINDOWS\system32\lsass.exe]
Service SCardSvr [C:\WINDOWS\System32\SCardSvr.exe]
Service Schedule [C:\WINDOWS\system32\schedsvc.dll]
Service sdbus [C:\WINDOWS\system32\DRIVERS\sdbus.sys]
Service Secdrv [C:\WINDOWS\system32\DRIVERS\secdrv.sys]
Service seclogon [C:\WINDOWS\System32\seclogon.dll]
Service SENS [C:\WINDOWS\system32\sens.dll]
Service Serial [C:\WINDOWS\System32\Drivers\Serial.sys]
Service ServiceModelEndpoint 3.0.0.0 [???]
Service ServiceModelEndpoint 4.0.0.0 [???]
Service ServiceModelOperation 3.0.0.0 [???]
Service ServiceModelOperation 4.0.0.0 [???]
Service ServiceModelService 3.0.0.0 [???]
Service ServiceModelService 4.0.0.0 [???]
Service Sfloppy [C:\WINDOWS\System32\Drivers\Sfloppy.sys]
Service SharedAccess [C:\WINDOWS\System32\ipnathlp.dll]
Service ShellHWDetection [C:\WINDOWS\System32\shsvcs.dll]
Service Simbad [C:\WINDOWS\System32\Drivers\Simbad.sys]
Service sisraid4 [???]
Service SMSvcHost 3.0.0.0 [???]
Service SMSvcHost 4.0.0.0 [???]
Service SNMP [???]
Service Sparrow [C:\WINDOWS\System32\Drivers\Sparrow.sys]
Service splitter [C:\WINDOWS\system32\drivers\splitter.sys]
Service Spooler [C:\WINDOWS\system32\spoolsv.exe]
Service sr [C:\WINDOWS\system32\DRIVERS\sr.sys]
Service srservice [C:\WINDOWS\system32\srsvc.dll]
Service Srv [C:\WINDOWS\system32\DRIVERS\srv.sys]
Service SSDPSRV [C:\WINDOWS\System32\ssdpsrv.dll]
Service STacSV [c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe]
Service STHDA [C:\WINDOWS\system32\drivers\sthda.sys]
Service stisvc [C:\WINDOWS\system32\wiaservc.dll]
Service swenum [C:\WINDOWS\system32\DRIVERS\swenum.sys]
Service swmidi [C:\WINDOWS\system32\drivers\swmidi.sys]
Service SwPrv [C:\WINDOWS\system32\dllhost.exe]
Service symc810 [C:\WINDOWS\System32\Drivers\symc810.sys]
Service symc8xx [C:\WINDOWS\System32\Drivers\symc8xx.sys]
Service sym_hi [C:\WINDOWS\System32\Drivers\sym_hi.sys]
Service sym_u3 [C:\WINDOWS\System32\Drivers\sym_u3.sys]
Service sysaudio [C:\WINDOWS\system32\drivers\sysaudio.sys]
Service SysmonLog [C:\WINDOWS\system32\smlogsvc.exe]
Service TapiSrv [C:\WINDOWS\System32\tapisrv.dll]
Service Tcpip [C:\WINDOWS\system32\DRIVERS\tcpip.sys]
Service TDPIPE [C:\WINDOWS\System32\Drivers\TDPIPE.sys]
Service TDTCP [C:\WINDOWS\System32\Drivers\TDTCP.sys]
Service TermDD [C:\WINDOWS\system32\DRIVERS\termdd.sys]
Service TermService [C:\WINDOWS\System32\termsrv.dll]
Service Themes [C:\WINDOWS\System32\shsvcs.dll]
Service TlntSvr [C:\WINDOWS\system32\tlntsvr.exe]
Service TosIde [C:\WINDOWS\System32\Drivers\TosIde.sys]
Service TrkWks [C:\WINDOWS\system32\trkwks.dll]
Service TSDDD [???]
Service Udfs [C:\WINDOWS\System32\Drivers\Udfs.sys]
Service ultra [C:\WINDOWS\System32\Drivers\ultra.sys]
Service Update [C:\WINDOWS\system32\DRIVERS\update.sys]
Service upnphost [C:\WINDOWS\System32\upnphost.dll]
Service UPS [C:\WINDOWS\System32\ups.exe]
Service usb [???]
Service usbccgp [C:\WINDOWS\system32\DRIVERS\usbccgp.sys]
Service usbehci [C:\WINDOWS\system32\DRIVERS\usbehci.sys]
Service usbhub [C:\WINDOWS\system32\DRIVERS\usbhub.sys]
Service usbprint [C:\WINDOWS\system32\DRIVERS\usbprint.sys]
Service usbscan [C:\WINDOWS\system32\DRIVERS\usbscan.sys]
Service USBSTOR [C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS]
Service usbuhci [C:\WINDOWS\system32\DRIVERS\usbuhci.sys]
Service VgaSave [C:\WINDOWS\System32\drivers\vga.sys]
Service ViaIde [C:\WINDOWS\System32\Drivers\ViaIde.sys]
Service VolSnap [C:\WINDOWS\System32\Drivers\VolSnap.sys]
Service VSS [C:\WINDOWS\System32\vssvc.exe]
Service W32Time [C:\WINDOWS\system32\w32time.dll]
Service W3SVC [???]
Service Wanarp [C:\WINDOWS\system32\DRIVERS\wanarp.sys]
Service Wdf01000 [C:\WINDOWS\System32\Drivers\wdf01000.sys]
Service WDICA [C:\WINDOWS\System32\Drivers\WDICA.sys]
Service wdmaud [C:\WINDOWS\system32\drivers\wdmaud.sys]
Service WebClient [C:\WINDOWS\System32\webclnt.dll]
Service Windows Workflow Foundation 3.0.0.0 [???]
Service Windows Workflow Foundation 4.0.0.0 [???]
Service winmgmt [C:\WINDOWS\system32\wbem\WMIsvc.dll]
Service WinRM [C:\WINDOWS\system32\WsmSvc.dll]
Service Winsock [C:\WINDOWS\System32\Drivers\Winsock.sys]
Service WinSock2 [???]
Service WinTrust [???]
Service wltrysvc [C:\WINDOWS\System32\WLTRYSVC.EXE]
Service WmdmPmSN [C:\WINDOWS\system32\MsPMSNSv.dll]
Service Wmi [C:\WINDOWS\System32\advapi32.dll]
Service WmiApRpl [???]
Service WmiApSrv [C:\WINDOWS\system32\wbem\wmiapsrv.exe]
Service WMPNetworkSvc [C:\Program Files\Windows Media Player\WMPNetwk.exe]
Service WPFFontCache_v0400 [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe]
Service WS2IFSL [C:\WINDOWS\System32\drivers\ws2ifsl.sys]
Service wscsvc [C:\WINDOWS\system32\wscsvc.dll]
Service wuauserv [C:\WINDOWS\system32\wuauserv.dll]
Service WudfPf [C:\WINDOWS\system32\DRIVERS\WudfPf.sys]
Service WudfSvc [C:\WINDOWS\System32\WUDFSvc.dll]
Service WZCSVC [C:\WINDOWS\System32\wzcsvc.dll]
Service xmlprov [C:\WINDOWS\System32\xmlprov.dll]
Service {009173A0-DD39-46B5-B1EA-FB931208E17E} [???]
Service {07171AC2-0D2A-427d-BCE5-B6C2D6C7058B} [???]
Service {9F315680-8653-44D6-BE5A-DD826E9A46CD} [???]
Service {A222838C-9300-4415-BFEA-D9DFBA3077C1} [???]
Service {DBBE1544-E486-4338-93FA-79A615A21BC7} [???]
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray] Services=31  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] AppData="C:\Documents and Settings\LocalService\Application Data"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] Cookies="C:\Documents and Settings\LocalService\Cookies"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] Desktop="C:\Documents and Settings\LocalService\Desktop"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] Favorites="C:\Documents and Settings\LocalService\Favorites"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] NetHood="C:\Documents and Settings\LocalService\NetHood"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] Personal="C:\Documents and Settings\LocalService\My Documents"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] PrintHood="C:\Documents and Settings\LocalService\PrintHood"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] Recent="C:\Documents and Settings\LocalService\Recent"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] SendTo="C:\Documents and Settings\LocalService\SendTo"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] Start Menu="C:\Documents and Settings\LocalService\Start Menu"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] Templates="C:\Documents and Settings\LocalService\Templates"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] Programs="C:\Documents and Settings\LocalService\Start Menu\Programs"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] Startup="C:\Documents and Settings\LocalService\Start Menu\Programs\Startup"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] Local Settings="C:\Documents and Settings\LocalService\Local Settings"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] Local AppData="C:\Documents and Settings\LocalService\Local Settings\Application Data"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] Cache="C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] History="C:\Documents and Settings\LocalService\Local Settings\History"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SmallIcons] SmallIcons=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] Recent="%USERPROFILE%\Recent"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2}]  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2}] Flags=1  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2}] Version="*"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4EDCB26C-D24C-4e72-AF07-B576699AC0DE}]  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4EDCB26C-D24C-4e72-AF07-B576699AC0DE}] Flags=1  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4EDCB26C-D24C-4e72-AF07-B576699AC0DE}] Version="*"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7390f3d8-0439-4c05-91e3-cf5cb290c3d0}]  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7390f3d8-0439-4c05-91e3-cf5cb290c3d0}] Flags=1  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7390f3d8-0439-4c05-91e3-cf5cb290c3d0}] Version="*"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7584c670-2274-4efb-b00b-d6aaba6d3850}]  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7584c670-2274-4efb-b00b-d6aaba6d3850}] Flags=1  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7584c670-2274-4efb-b00b-d6aaba6d3850}] Version="*"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a}]  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a}] Flags=1  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a}] Version="*"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] User Agent="Mozilla/4.0 (compatible; MSIE; Win32)"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] MigrateProxy=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content] CacheLimit=4883759  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1] Flags=219  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2] 1A05=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap] ProxyByPass=1  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] Description="This zone contains all Web sites that are on your organization's intranet."  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] Flags=219  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] Description="This zone contains Web sites that you trust not to damage your computer or data."  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] CurrentLevel=65536  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1001=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1004=1  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1201=1  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1206=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1406=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1407=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1607=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1800=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1804=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1805=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1806=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1807=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1809=3  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1A00=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1A04=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1A05=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1A10=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1C00=196608  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1E05=196608  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 2101=1  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 2102=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 2200=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 2201=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] Description="This zone contains all Web sites you haven't placed in other zones"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] CurrentLevel=69632  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 1407=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 1601=1  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 1607=0  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] Description="This zone contains Web sites that could potentially damage your computer or data."  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] 1604=1  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDriveTypeAutoRun=145  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @shell32.dll,-21787="Startup"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @shell32.dll,-21774="Local Settings"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] C:\WINDOWS\system32\rundll32.exe="Run a DLL as an App"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @netcfgx.dll,-50001="Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks."  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @netcfgx.dll,-50015="Quality of Service Packet Scheduler. This component provides network traffic control, including rate-of-flow and prioritization services."  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @netcfgx.dll,-50002="Allows your computer to access resources on a Microsoft network."  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @netcfgx.dll,-50003="Allows other computers to access resources on your computer using a Microsoft network."  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @%SystemRoot%\system32\shell32.dll,-22021="Character Map"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @%SystemRoot%\system32\shell32.dll,-22057="Pinball"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @%SystemRoot%\system32\shell32.dll,-22030="FreeCell"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @%SystemRoot%\system32\mshearts.exe,-413="Hearts"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @%SystemRoot%\system32\shell32.dll,-22045="Minesweeper"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @%SystemRoot%\system32\shell32.dll,-22060="Solitaire"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @%SystemRoot%\system32\spider.exe,-56="Spider Solitaire"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @C:\PROGRA~1\MSNGAM~1\Windows\hrtzres.dll,-1212="Internet Hearts"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @C:\PROGRA~1\MSNGAM~1\Windows\shvlres.dll,-1212="Internet Spades"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @C:\PROGRA~1\MSNGAM~1\Windows\chkrres.dll,-1212="Internet Checkers"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @C:\PROGRA~1\MSNGAM~1\Windows\rvseres.dll,-1212="Internet Reversi"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @C:\PROGRA~1\MSNGAM~1\Windows\bckgres.dll,-1212="Internet Backgammon"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] C:\Program Files\MSN Gaming Zone\Windows\zclientm.exe="Zone Datafile"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @C:\PROGRA~1\MOVIEM~1\wmm2res.dll,-61446="Windows Movie Maker"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @sendmail.dll,-4="Mail Recipient"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @sendmail.dll,-21="Desktop (create shortcut)"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] C:\WINDOWS\system32\mmc.exe="Microsoft Management Console"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @xpsp3res.dll,-20000="Network Diagnostics for Windows XP"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] C:\WINDOWS\system32\regsvr32.exe="Microsoft© Register Server"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] C:\WINDOWS\system32\mshta.exe="Microsoft ® HTML Application host"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] C:\WINDOWS\system32\fixmapi.exe="FIXMAPI 1.0 MAPI Repair Tool"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] C:\WINDOWS\system32\odbcconf.exe="Microsoft Data Access - ODBC Driver Configuration Program"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] C:\WINDOWS\system32\mstinit.exe="Task Scheduler Setup"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] C:\Program Files\Outlook Express\setup50.exe="Outlook Express Setup Library"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] C:\WINDOWS\system32\logagent.exe="Windows Media Player Logagent"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] C:\WINDOWS\INF\unregmp2.exe="Microsoft Windows Media Player Setup Utility"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] C:\WINDOWS\pchealth\uploadlb\binaries\uploadm.exe="PC Health Upload Manager"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] C:\Program Files\Windows Media Player\migrate.exe="MLS Migrate DLL"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] C:\WINDOWS\system32\grpconv.exe="Windows Progman Group Converter"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @%SystemRoot%\system32\shell32.dll,-21787="Startup"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] @%SystemRoot%\system32\oobe\msoobe.exe,-2000="Activate Windows"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace] LocalBase="C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace] DTDFile="C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace] LocalDelta="C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace] RemoteDelta="C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSR.XML"  **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] Device="Microsoft XPS Document Writer,winspool,Ne01:"  **HIDDEN**
 


Edited by meeshemee, 09 April 2017 - 02:46 PM.


#10 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,207 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:40 PM

Posted 11 April 2017 - 02:09 PM

Hi meeshemee,

 

How is your system running now?

 

it won't let me run frst.exe as administrator 

Do you see any error? Can you describe what happen when you try to run it as administrator?

See: How to Run program as Administrator in XP?

 

 

do you want me to download combofix?? and rescan delfix?

Nope, for the time being.

 

But i still need ComboFix log located at C:\ComboFix.txt.

Please post the contents of it.

 

I need fresh FRST log please do this.

 

Farbar's Recovery Scan Tool

--------------------------------

  • Double click on FRST.exe.
  • Make sure Addition.txt is checked.Then press the Scan button
  • When completed tool will create a log on same directory as FRST.exe called FRST.txt & Addition.txt. Please copy and paste the contents of the file in your reply.

------

 

Search with FRST

  • Double click on FRST.exe
  • Paste following in Search Box:
*autochk*
  • Click on Search Files and wait for the scan to finish.
  • Post the resulting log here.

Please let me know if you face any problem.

 

Regards,

Tenis



#11 meeshemee

meeshemee
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 AM

Posted 11 April 2017 - 04:45 PM

it won't let me run as admin because i choose not to have a pc password.

 

ComboFix 17-03-28.01 - Meesh 29/03/2017  13:43:31.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.2.1033.18.3033.2176 [GMT -4:00]
Running from: c:\documents and settings\Michelle\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
AV: Malwarebytes *Disabled/Updated* {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((((   Files Created from 2017-02-28 to 2017-03-29  )))))))))))))))))))))))))))))))
.
.
2017-03-29 17:06 . 2017-03-29 17:06    --------    d-----w-    c:\windows\LastGood
2017-03-29 17:05 . 2017-03-28 15:21    330256    ----a-w-    c:\windows\system32\aswBoot.exe
2017-03-28 15:22 . 2017-03-28 15:21    41176    ----a-w-    c:\windows\system32\drivers\aswbunivx.sys
2017-03-28 15:22 . 2017-03-28 15:21    41176    ----a-w-    c:\windows\system32\drivers\asw220.tmp
2017-03-28 15:22 . 2017-03-28 15:21    267528    ----a-w-    c:\windows\system32\drivers\aswblogx.sys
2017-03-28 15:22 . 2017-03-28 15:21    267528    ----a-w-    c:\windows\system32\drivers\asw21F.tmp
2017-03-28 15:22 . 2017-03-28 15:21    255184    ----a-w-    c:\windows\system32\drivers\aswbidsdriverx.sys
2017-03-28 15:22 . 2017-03-28 15:21    255184    ----a-w-    c:\windows\system32\drivers\asw21D.tmp
2017-03-28 15:22 . 2017-03-28 15:21    148208    ----a-w-    c:\windows\system32\drivers\aswbidshx.sys
2017-03-28 15:22 . 2017-03-28 15:21    148208    ----a-w-    c:\windows\system32\drivers\asw21E.tmp
2017-03-26 06:01 . 2017-03-26 06:01    148256    ----a-w-    c:\windows\system32\drivers\MBAMChameleon.sys
2017-03-26 06:01 . 2017-03-29 15:04    39360    ----a-w-    c:\windows\system32\drivers\mbam.sys
2017-03-26 06:01 . 2017-03-29 15:04    219584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-03-26 06:01 . 2017-02-24 10:23    59968    ----a-w-    c:\windows\system32\drivers\mbae.sys
2017-03-26 06:01 . 2017-03-26 06:01    --------    d-----w-    c:\program files\Malwarebytes
2017-03-10 14:59 . 2017-03-19 05:41    527816    ----a-w-    c:\program files\Mozilla Firefox\minidump-analyzer.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-29 15:04 . 2013-09-11 09:53    17920    ----a-w-    c:\windows\system32\rpcnetp.exe
2017-03-29 15:03 . 2013-09-12 07:18    78032    -c--a-w-    c:\windows\system32\rpcnet.dll
2017-03-29 15:03 . 2013-09-11 14:05    17920    -c--a-w-    c:\windows\system32\rpcnetp.dll
2017-03-28 15:21 . 2016-12-23 16:41    184208    ----a-w-    c:\windows\system32\drivers\aswStmXP.sys
2017-03-28 15:21 . 2016-12-23 16:41    184208    ----a-w-    c:\windows\system32\drivers\asw228.tmp
2017-03-28 15:21 . 2016-12-23 16:41    472760    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2017-03-28 15:21 . 2016-12-23 16:41    472760    ----a-w-    c:\windows\system32\drivers\asw226.tmp
2017-03-28 15:21 . 2016-12-23 16:41    279800    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2017-03-28 15:21 . 2016-12-23 16:41    279800    ----a-w-    c:\windows\system32\drivers\asw227.tmp
2017-03-28 15:21 . 2016-12-23 16:41    62152    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2017-03-28 15:21 . 2016-12-23 16:41    62152    ----a-w-    c:\windows\system32\drivers\asw225.tmp
2017-03-28 15:21 . 2016-12-23 16:41    34136    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2017-03-28 15:21 . 2016-12-23 16:41    34136    ----a-w-    c:\windows\system32\drivers\asw223.tmp
2017-03-28 15:21 . 2016-12-23 16:41    106904    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2017-03-28 15:21 . 2016-12-23 16:41    106904    ----a-w-    c:\windows\system32\drivers\asw224.tmp
2017-03-28 15:21 . 2016-12-23 16:41    60760    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2017-03-28 15:21 . 2016-12-23 16:41    60760    ----a-w-    c:\windows\system32\drivers\asw222.tmp
2017-03-28 15:21 . 2016-12-23 16:41    764064    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2017-03-28 15:21 . 2016-12-23 16:41    764064    ----a-w-    c:\windows\system32\drivers\asw221.tmp
2017-03-21 15:34 . 2016-03-11 02:32    802904    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2017-03-21 15:34 . 2016-03-11 02:32    144472    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2017-01-24 15:36 . 2013-09-12 07:18    78032    ------w-    c:\windows\system32\rpcnet.exe
2016-12-31 21:24 . 2016-12-23 05:31    588800    ----a-w-    c:\windows\system32\autochk.exe
2016-12-30 22:49 . 2016-12-23 05:31    588800    ----a-w-    c:\windows\system32\autochk(2).exe
2013-09-25 23:19 . 2013-09-25 23:19    936168    -c--a-w-    c:\program files\SaveAsPDF.exe
2013-09-25 23:11 . 2013-09-25 23:11    956344    -c--a-w-    c:\program files\SaveAsPDFandXPS.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-03-28 15:21    1208704    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-24 2220032]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-20 729088]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-03-28 213824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-18 178712]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-20 2780112]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Flux.lnk - c:\documents and settings\Michelle\Local Settings\Application Data\FluxSoftware\Flux\flux.exe [2013-10-23 1017224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuatoCalibrationLoader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuatoCalibrationLoader.lnk
backup=c:\windows\pss\QuatoCalibrationLoader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michelle^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Michelle\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-09-12 09:43    959176    -c--a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-14 17:09    2565520    ----a-w-    c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-04 21:06    1612920    ----a-w-    c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2017-03-03 18:10    7348440    ----a-w-    c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT VSC]
2012-09-26 15:14    123248    -c--a-w-    c:\program files\Common Files\Portrait Displays\Shared\DT_Startup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2006-10-26 23:48    434528    ----a-w-    c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-12-18 18:28    178712    -c--a-w-    c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-12-18 18:28    150040    -c--a-w-    c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40    218032    -c--a-w-    c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-12-18 18:28    150040    -c--a-w-    c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"btwdins"=2 (0x2)
"mnmsrvc"=3 (0x3)
"stllssvr"=3 (0x3)
"STacSV"=2 (0x2)
"rpcnet"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"PdiService"=2 (0x2)
"wuauserv"=2 (0x2)
"Messenger"=3 (0x3)
"rpcnetp"=2 (0x2)
"O2FLASH"=2 (0x2)
"wscsvc"=2 (0x2)
"ERSvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"Asset Management Daemon"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswbidsh;aswbidsh;\SystemRoot\\SystemRoot\system32\drivers\aswbidshx.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswbidshx.sys [?]
R0 aswblog;aswblog;\SystemRoot\\SystemRoot\system32\drivers\aswblogx.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswblogx.sys [?]
R0 aswbuniv;aswbuniv;\SystemRoot\\SystemRoot\system32\drivers\aswbunivx.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswbunivx.sys [?]
R0 aswRvrt;aswRvrt;\SystemRoot\\SystemRoot\system32\drivers\aswRvrt.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswRvrt.sys [?]
R0 aswVmm;aswVmm;\SystemRoot\\SystemRoot\system32\drivers\aswVmm.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswVmm.sys [?]
R1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [28/03/2017 11:22 AM 255184]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/12/2016 12:41 PM 764064]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/12/2016 12:41 PM 472760]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [23/12/2016 12:41 PM 106904]
R2 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys [26/03/2017 2:01 AM 148256]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [26/03/2017 2:01 AM 3303888]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/09/2013 10:16 AM 112512]
R3 aswStmXP;aswStmXP;c:\windows\system32\drivers\aswStmXP.sys [23/12/2016 12:41 PM 184208]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [26/03/2017 2:01 AM 219584]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [11/09/2013 2:58 PM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [11/09/2013 2:58 PM 41760]
S1 ZAM;ZAM Helper Driver;\??\c:\windows\System32\drivers\zam32.sys --> c:\windows\System32\drivers\zam32.sys [?]
S1 ZAM_Guard;ZAM Guard Driver;\??\c:\windows\System32\drivers\zamguard32.sys --> c:\windows\System32\drivers\zamguard32.sys [?]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe [28/03/2017 11:21 AM 5758120]
S3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [23/12/2016 12:41 PM 34136]
S3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\drivers\aswTap.sys [04/07/2014 5:33 PM 35144]
S3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys [26/03/2017 2:01 AM 39360]
S4 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [24/04/2014 11:31 PM 123248]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWBIDSAGENT
*NewlyCreated* - ASWBIDSDRIVER
*NewlyCreated* - ASWBIDSH
*NewlyCreated* - ASWBLOG
*NewlyCreated* - ASWBUNIV
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 15:17    1106072    ----a-w-    c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-14 15:34]
.
2017-03-29 c:\windows\Tasks\Avast Emergency Update.job
- c:\program files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-28 15:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <-loopback>
TCP: DhcpNameServer = 209.197.128.2 209.197.128.5
FF - ProfilePath - c:\documents and settings\Michelle\Application Data\Mozilla\Firefox\Profiles\i2kwq7w8.default-1480308880781\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mbamchameleon
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-03-29 13:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\ACPI\DLL02BC\4&ff861e6&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
   00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
   00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\HID\Vid_0a5c&Pid_4503&Col01\7&1ec1a91e&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1208)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2017-03-29  13:48:49
ComboFix-quarantined-files.txt  2017-03-29 17:48
.
Pre-Run: 100,338,782,208 bytes free
Post-Run: 100,523,913,216 bytes free
.
- - End Of File - - 98FD4D219D4B1E81F05B0D68DBDF7C96
8F558EB6672622401DA993E1E865C861

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Meesh (administrator) on MEESH (11-04-2017 17:35:45)
Running from C:\Documents and Settings\Michelle\Desktop
Loaded Profiles: Meesh (Available Profiles: Meesh & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\XPV10_6147v005\WDM\stacsv.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFltr.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.exe
(Flux Software LLC) C:\Documents and Settings\Michelle\Local Settings\Application Data\FluxSoftware\Flux\flux.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2220032 2008-10-24] (Dell Inc.)
HKLM\...\Run: [AESTFltr] => C:\WINDOWS\system32\AESTFltr.exe [729088 2009-02-20] (Andrea Electronics Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-03-30] (AVAST Software)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2009-02-20] (IDT, Inc.)
HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\Policies\Explorer: [NoInstrumentation] 1
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-03-30] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Flux.lnk [2014-04-25]
ShortcutTarget: Flux.lnk -> C:\Documents and Settings\Michelle\Local Settings\Application Data\FluxSoftware\Flux\flux.exe (Flux Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.197.128.2 209.197.128.5
Tcpip\..\Interfaces\{DBBE1544-E486-4338-93FA-79A615A21BC7}: [DhcpNameServer] 209.197.128.2 209.197.128.5

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-602162358-706699826-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-602162358-706699826-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-602162358-706699826-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
SearchScopes: HKU\S-1-5-21-602162358-706699826-1801674531-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468 [2017-04-11]
FF Extension: (Disconnect) - C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468\Extensions\2.0@disconnect.me.xpi [2017-04-04]
FF Extension: (Adguard AdBlocker) - C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468\Extensions\adguardadblocker@adguard.com.xpi [2017-03-31]
FF Extension: (Popup Blocker Ultimate) - C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2017-04-03]
FF Extension: (Yahoo Mail Hide Ad Panel) - C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2017-03-31]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\akwq3ash.default-1490933745468\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-31]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Program Files\Mozilla Firefox\browser\extensions\adblockpopups@jessehakanen.net.xpi [2016-05-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-21] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)

Chrome:
=======
CHR Profile: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-04-10]
CHR Extension: (Google Drive) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-14]
CHR Extension: (Adguard AdBlocker) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-03-10]
CHR Extension: (YouTube) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-14]
CHR Extension: (Disconnect) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2017-04-01]
CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-04-06]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-01]
CHR Extension: (Gmail) - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Asset Management Daemon; C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe [114688 2008-02-13] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5758120 2017-03-29] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-03-30] (AVAST Software)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [139632 2012-09-26] (Portrait Displays, Inc.)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
S4 O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [72224 2009-01-08] (O2Micro International)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [123248 2012-09-18] (Portrait Displays, Inc.)
R2 rpcnet; C:\WINDOWS\system32\rpcnet.exe [78032 2017-01-24] (Absolute Software Corp.)
R2 STacSV; c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe [249938 2009-02-20] (IDT, Inc.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1961984 2008-10-24] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [112512 2009-02-20] (Andrea Electronics Corporation)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [255184 2017-03-29] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [148208 2017-03-29] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [267528 2017-03-29] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [41176 2017-03-29] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34136 2017-03-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [106904 2017-03-30] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [60760 2017-03-30] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [62152 2017-03-30] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [764064 2017-03-30] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [472760 2017-03-30] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184208 2017-03-30] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35144 2014-07-04] (The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [279800 2017-03-30] (AVAST Software)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1287552 2008-10-24] (Broadcom Corporation)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-03-23] (Broadcom Corporation.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59904 2017-04-01] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [148256 2017-03-29] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39360 2017-04-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220088 2017-04-11] (Malwarebytes)
R3 O2MDGRDR; C:\WINDOWS\System32\DRIVERS\o2mdg.sys [51616 2009-01-08] (O2Micro )
R3 O2SDGRDR; C:\WINDOWS\System32\DRIVERS\o2sdg.sys [41760 2009-01-08] (O2Micro )
R3 PdiPorts; C:\WINDOWS\System32\Drivers\PdiPorts.sys [17136 2010-05-14] (Portrait Displays, Inc.)
S1 Pivot; C:\WINDOWS\System32\drivers\pivot.sys [17465 2010-05-13] (Portrait Displays, Inc.) [File not signed]
S3 pivotmou; C:\WINDOWS\System32\drivers\pivotmou.sys [11323 2010-05-13] (Portrait Displays, Inc.) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1548339 2009-02-20] (IDT, Inc.)
S3 catchme; \??\C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-09 15:34 - 2017-04-09 15:44 - 00142626 _____ C:\Documents and Settings\Michelle\Desktop\AVAST ONLY.txt
2017-04-09 15:05 - 2017-04-09 15:05 - 00981540 _____ C:\Documents and Settings\Michelle\Desktop\allscanresults.txt
2017-04-09 13:09 - 2017-04-09 13:09 - 00004162 _____ C:\Documents and Settings\Michelle\Desktop\eset.txt
2017-04-09 11:27 - 2017-04-09 11:27 - 00015214 _____ C:\Documents and Settings\Michelle\Desktop\Fixlog.txt
2017-04-09 11:23 - 2017-04-09 11:23 - 00001311 ____C C:\DelFix.txt
2017-04-09 11:22 - 2017-04-09 11:22 - 00797760 _____ C:\Documents and Settings\Michelle\Desktop\delfix_1.013.exe
2017-04-09 02:24 - 2017-04-09 02:24 - 04098280 _____ C:\Documents and Settings\Michelle\Desktop\bookmarks_04_09.html
2017-04-05 17:33 - 2017-04-05 17:37 - 00038416 _____ C:\Documents and Settings\Michelle\Desktop\Addition.txt
2017-04-03 02:38 - 2017-04-03 02:38 - 00000900 _____ C:\Documents and Settings\Michelle\Desktop\Shortcut to month APRIL.docx.lnk
2017-04-03 00:58 - 2008-04-14 05:42 - 00539136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dialer.exe
2017-04-03 00:58 - 2008-04-14 05:42 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\accwiz.exe
2017-04-03 00:58 - 2008-04-14 05:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\accwiz.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00347136 _____ (Hilgraeve, Inc.) C:\WINDOWS\system32\hypertrm.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00343040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mspaint.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00227840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avtapi.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\avtapi.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00214528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wordpad.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00131584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sndrec32.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sndrec32.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00123392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mplay32.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mplay32.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00114688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\calc.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00073216 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avwav.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\avwav.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00068608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\access.cpl
2017-04-03 00:58 - 2008-04-13 19:00 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\access.cpl
2017-04-03 00:58 - 2008-04-13 19:00 - 00044544 _____ (Hilgraeve, Inc.) C:\WINDOWS\system32\hticons.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avmeter.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\avmeter.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00013312 ____C (Hilgraeve, Inc.) C:\WINDOWS\system32\dllcache\htrn_jis.dll
2017-04-03 00:58 - 2008-04-13 19:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\write.exe
2017-04-03 00:58 - 2008-04-13 19:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\write.exe
2017-04-03 00:58 - 2001-08-17 22:37 - 00035328 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\winchat.exe
2017-04-03 00:58 - 2001-08-17 22:37 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winchat.exe
2017-04-02 23:40 - 2001-08-17 22:36 - 00138752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sndvol32.exe
2017-04-02 23:40 - 2001-08-17 22:36 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe
2017-04-02 22:26 - 2017-04-11 17:35 - 00012445 _____ C:\Documents and Settings\Michelle\Desktop\FRST.txt
2017-04-02 22:25 - 2017-04-11 17:35 - 00000000 ___DC C:\FRST
2017-04-02 22:25 - 2017-04-02 22:25 - 01766912 _____ (Farbar) C:\Documents and Settings\Michelle\Desktop\FRST.exe
2017-04-02 21:34 - 2017-04-02 21:34 - 00000000 ____D C:\WINDOWS\system32\vmm32
2017-04-01 22:13 - 2017-04-11 02:49 - 00032546 _____ C:\WINDOWS\SchedLgU.Txt
2017-04-01 21:53 - 2017-04-01 21:53 - 00303298 _____ C:\Documents and Settings\Administrator\Desktop\MalwareBytes 3.0 Web Protection not working - Malwarebytes 3.0 - Malwarebytes Forums.htm
2017-04-01 21:53 - 2017-04-01 21:53 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\MalwareBytes 3.0 Web Protection not working - Malwarebytes 3.0 - Malwarebytes Forums_files
2017-04-01 21:01 - 2017-04-01 21:01 - 00000788 _____ C:\Documents and Settings\Michelle\Start Menu\Programs\Windows Media Player.lnk
2017-03-31 00:15 - 2017-03-31 00:15 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-31 00:15 - 2017-03-31 00:15 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2017-03-31 00:15 - 2017-03-31 00:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-30 18:40 - 2017-03-30 18:40 - 00330256 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-03-29 17:48 - 2017-03-29 17:48 - 00000000 ____D C:\Documents and Settings\Michelle\Application Data\AVAST Software
2017-03-29 17:42 - 2017-03-29 17:42 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVAST Software
2017-03-29 17:41 - 2017-03-29 17:41 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2017-03-29 17:41 - 2017-03-29 17:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2017-03-29 17:40 - 2017-03-30 18:40 - 00764064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00472760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00279800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00184208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00106904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00062152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00060760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2017-03-29 17:40 - 2017-03-30 18:40 - 00034136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-03-29 17:38 - 2017-03-29 17:38 - 00000000 ____D C:\Program Files\AVAST Software
2017-03-29 16:32 - 2017-03-29 16:32 - 00000039 _____ C:\Documents and Settings\Administrator\Stats.ini
2017-03-29 16:03 - 2017-04-02 23:41 - 00005120 ___SH C:\WINDOWS\system32\Thumbs.db
2017-03-29 15:08 - 2017-03-29 15:13 - 00000000 ___DC C:\ec53926f308986d76f54f65028
2017-03-29 13:48 - 2017-04-11 17:36 - 00000000 ____D C:\Documents and Settings\Michelle\Local Settings\temp
2017-03-29 13:48 - 2017-04-09 11:27 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-03-29 13:48 - 2017-03-29 13:48 - 00015210 ____C C:\ComboFix.txt
2017-03-29 13:48 - 2017-03-29 13:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-03-29 13:39 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2017-03-29 13:39 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2017-03-29 13:39 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2017-03-29 13:39 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2017-03-29 13:37 - 2017-03-29 13:48 - 00000000 ___DC C:\Qoobox
2017-03-29 13:37 - 2017-03-29 13:47 - 00000000 ____D C:\WINDOWS\erdnt
2017-03-29 12:18 - 2017-03-29 12:18 - 00000000 ____D C:\Documents and Settings\Michelle\Desktop\passport
2017-03-28 11:22 - 2017-04-11 13:47 - 00000358 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-03-28 11:22 - 2017-03-29 17:40 - 00267528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-03-28 11:22 - 2017-03-29 17:40 - 00255184 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-03-28 11:22 - 2017-03-29 17:40 - 00148208 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-03-28 11:22 - 2017-03-29 17:40 - 00041176 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-03-26 02:01 - 2017-04-11 13:48 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-26 02:01 - 2017-04-08 16:52 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-26 02:01 - 2017-04-01 19:21 - 00059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-03-26 02:01 - 2017-03-29 13:54 - 00148256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-26 02:01 - 2017-03-26 02:01 - 00001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-03-26 02:01 - 2017-03-26 02:01 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-26 02:01 - 2017-03-26 02:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-03-23 12:57 - 2017-03-23 12:59 - 00012419 _____ C:\Documents and Settings\Michelle\Desktop\VOLUNTEER comparison.xlsx
2017-03-23 12:11 - 2017-03-23 12:11 - 08670089 _____ C:\Documents and Settings\Michelle\Desktop\maximonivel_volunteer.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-11 17:34 - 2017-01-19 19:33 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-04-11 17:33 - 2015-12-28 02:27 - 00013824 ___SH C:\WINDOWS\Thumbs.db
2017-04-11 13:47 - 2013-09-12 03:18 - 00078032 ____C (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.dll
2017-04-11 13:47 - 2013-09-11 10:05 - 00017920 ____C C:\WINDOWS\system32\rpcnetp.dll
2017-04-11 13:47 - 2013-09-11 05:53 - 00017920 ____C C:\WINDOWS\system32\rpcnetp.exe
2017-04-11 13:47 - 2008-04-13 19:00 - 00002206 ____C C:\WINDOWS\system32\wpa.dbl
2017-04-11 13:46 - 2013-09-11 10:05 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-04-11 02:49 - 2013-09-11 10:08 - 00000178 __SHC C:\Documents and Settings\Michelle\ntuser.ini
2017-04-11 02:49 - 2013-09-11 10:08 - 00000000 ____D C:\Documents and Settings\Michelle
2017-04-10 23:14 - 2013-09-13 23:18 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\BOOKS
2017-04-09 19:49 - 2016-12-23 01:43 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2017-04-09 11:27 - 2013-09-11 05:48 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2017-04-06 20:25 - 2013-09-11 15:06 - 00000000 ___RD C:\Documents and Settings\Michelle\My Documents\My Videos
2017-04-04 18:52 - 2016-12-03 16:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-04-04 14:23 - 2014-07-27 22:16 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\KNITTING
2017-04-04 03:34 - 2017-02-22 02:32 - 00000000 ___DC C:\AdwCleaner
2017-04-03 19:05 - 2016-01-24 16:52 - 00000000 ____D C:\Program Files\antivius programs
2017-04-03 01:06 - 2013-09-11 05:48 - 00000000 ____D C:\WINDOWS\security
2017-04-03 00:58 - 2013-09-11 09:59 - 00000000 ____D C:\Program Files\Windows NT
2017-04-03 00:58 - 2013-09-11 05:55 - 00604180 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-03 00:58 - 2013-09-11 05:48 - 00000000 ____D C:\WINDOWS\Help
2017-04-03 00:58 - 2013-09-11 05:48 - 00000000 ____D C:\WINDOWS\Cursors
2017-04-02 23:50 - 2014-10-01 11:36 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\computers_mice_software_hardware how to's
2017-04-02 23:24 - 2013-09-11 10:16 - 00000000 ____D C:\Program Files\IDT
2017-04-02 23:24 - 2013-09-11 10:11 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2017-04-02 21:54 - 2016-11-05 13:10 - 00001129 _____ C:\WINDOWS\UPGRADE.TXT
2017-04-02 21:54 - 2016-11-05 13:10 - 00000000 ____D C:\WINDOWS\setup.pss
2017-04-02 17:02 - 2014-03-30 08:28 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2017-04-02 13:48 - 2014-06-25 16:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-04-02 12:03 - 2013-09-11 10:08 - 00000000 ___RD C:\Documents and Settings\Michelle\My Documents
2017-04-02 11:50 - 2017-03-07 03:14 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\credit check
2017-04-01 21:26 - 2014-03-30 08:28 - 00000000 ____D C:\Documents and Settings\Administrator
2017-03-31 00:15 - 2016-10-21 00:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-30 23:54 - 2013-09-13 23:09 - 00000000 ____D C:\Documents and Settings\Michelle\Application Data\Mozilla
2017-03-30 18:46 - 2013-09-13 23:19 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\JOBS STUFF
2017-03-30 18:41 - 2013-09-11 05:48 - 00000000 ___HD C:\WINDOWS\inf
2017-03-30 17:17 - 2013-09-13 23:22 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\model releases & contracts
2017-03-29 19:38 - 2013-09-11 10:05 - 00000000 __SHD C:\Documents and Settings\NetworkService
2017-03-29 17:22 - 2016-12-31 15:43 - 00000000 ___DC C:\Program Files\CC Cleaner backups
2017-03-29 17:19 - 2014-06-13 21:19 - 00000239 ___SH C:\boot.ini
2017-03-29 17:19 - 2013-09-13 23:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-03-29 14:19 - 2013-09-11 16:27 - 00000000 ____D C:\WINDOWS\ie8updates
2017-03-29 13:47 - 2008-04-13 19:00 - 00000227 ____C C:\WINDOWS\system.ini
2017-03-29 12:17 - 2013-09-11 10:08 - 00000000 ___RD C:\Documents and Settings\Michelle\My Documents\My Pictures
2017-03-29 11:51 - 2013-10-27 10:54 - 00222720 ____C C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-28 00:49 - 2013-09-13 23:18 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\CALENDARS...card pics
2017-03-21 16:10 - 2015-11-10 11:30 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\account invoices_receipts
2017-03-21 11:34 - 2016-03-10 22:32 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-03-21 11:34 - 2016-03-10 22:32 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-03-21 11:34 - 2013-09-13 23:53 - 00000000 ____D C:\Documents and Settings\Michelle\Local Settings\Application Data\Adobe
2017-03-21 11:34 - 2013-09-11 10:01 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-20 21:35 - 2014-07-28 15:32 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\recipes
2017-03-15 21:10 - 2016-11-05 13:46 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2017-03-15 01:19 - 2014-03-21 19:55 - 00000000 ____D C:\Documents and Settings\Michelle\Local Settings\Application Data\Temp
2017-03-13 18:59 - 2016-08-18 10:09 - 00000000 ____D C:\Documents and Settings\Michelle\My Documents\APTS

==================== Files in the root of some directories =======

2013-09-25 19:19 - 2013-09-25 19:19 - 0936168 ____C (Microsoft Corporation) C:\Program Files\SaveAsPDF.exe
2013-09-25 19:11 - 2013-09-25 19:11 - 0956344 ____C (Microsoft Corporation) C:\Program Files\SaveAsPDFandXPS.exe
2014-04-24 23:25 - 2014-04-24 23:25 - 0000460 ___HC () C:\Documents and Settings\Michelle\Application Data\iColorDisplay3.lic
2014-04-24 23:25 - 2014-04-24 23:25 - 0000606 ____C () C:\Documents and Settings\Michelle\Application Data\iColorDisplay3.prefs
2013-10-27 10:54 - 2017-03-29 11:51 - 0222720 ____C () C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-02 22:00 - 2017-04-02 22:00 - 0087871 _____ () C:\Documents and Settings\Michelle\Local Settings\Application Data\FASTWiz.log
2014-04-24 23:17 - 2014-04-24 23:17 - 0000131 ____C () C:\Documents and Settings\Michelle\Local Settings\Application Data\fusioncache.dat
2013-11-14 14:30 - 2013-11-14 14:30 - 0000268 __RHC () C:\Documents and Settings\All Users\Application Data\Jazz
2013-11-14 14:31 - 2013-11-14 14:31 - 0000268 __RHC () C:\Documents and Settings\All Users\Application Data\Jazz Kit
2013-11-14 14:30 - 2013-11-14 14:30 - 0000268 __RHC () C:\Documents and Settings\All Users\Application Data\Jingles
2013-11-14 14:30 - 2013-11-14 14:30 - 0000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLeo.DAT
2013-11-14 14:31 - 2013-11-14 14:42 - 0000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
2013-11-14 14:30 - 2014-02-11 20:58 - 0000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
2013-11-14 14:30 - 2014-02-11 20:59 - 0000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Meesh (11-04-2017 17:36:29)
Running from C:\Documents and Settings\Michelle\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-09-11 14:04:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-602162358-706699826-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-602162358-706699826-1801674531-1010 - Limited - Enabled)
Guest (S-1-5-21-602162358-706699826-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-602162358-706699826-1801674531-1000 - Limited - Disabled)
Meesh (S-1-5-21-602162358-706699826-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Michelle
SUPPORT_388945a0 (S-1-5-21-602162358-706699826-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version:  - )
Canon MG4100 series On-screen Manual (HKLM\...\Canon MG4100 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.18 - Dell Inc.)
f.lux (HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\Flux) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6147.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version:  - )
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 52.0.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.0.2 ESR (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
Nikon Movie Editor (HKLM\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.0 - Nikon)
O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{348E6CDF-A6AE-45E6-B0AB-65A07B3C715E}) (Version: 2.0.03 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.03 - O2Micro International LTD.) Hidden
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.15 - Nikon)
Pivot Pro Plugin (Version: 9.50.110 - Portrait Displays, Inc.) Hidden
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - CyberLink Corp.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
SDK (Version: 1.41.070 - Portrait Displays, Inc.) Hidden
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.8.2 - Nikon)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3400 - Dell)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\WINDOWS\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-602162358-706699826-1801674531-1003_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\Michelle\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2013-09-11 14:53 - 2008-10-24 13:00 - 00024064 ____C () C:\WINDOWS\System32\WLTRYSVC.EXE
2013-09-11 14:53 - 2008-10-24 13:00 - 00753664 ____C () C:\WINDOWS\System32\bcm1xsup.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-04-11 13:49 - 2017-04-11 13:49 - 05918208 _____ () C:\Program Files\AVAST Software\Avast\defs\17041104\algo.dll
2008-04-13 19:00 - 2014-02-05 04:55 - 00562688 ____C () C:\WINDOWS\system32\qedit.dll
2008-04-13 19:00 - 2013-01-02 02:49 - 01292288 ____C () C:\WINDOWS\system32\quartz.dll
2008-04-13 19:00 - 2008-04-13 19:00 - 00059904 ____C () C:\WINDOWS\system32\devenum.dll
2008-04-13 19:00 - 2008-04-13 19:00 - 00014336 ____C () C:\WINDOWS\system32\msdmo.dll
2007-07-31 02:26 - 2007-07-31 02:26 - 00207344 ____C () C:\Program Files\Common Files\Sonic Shared\SonicHDDemuxer.dll
2013-09-11 14:53 - 2008-10-24 13:00 - 00143360 ____C () C:\WINDOWS\system32\preflib.dll
2017-03-29 17:40 - 2017-03-29 17:40 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-03-26 02:01 - 2017-04-01 19:21 - 01736992 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-03-30 18:40 - 2017-03-30 18:40 - 00230632 _____ () c:\Program Files\AVAST Software\Avast\StreamBack.dll
2017-03-21 11:34 - 2017-03-21 11:34 - 20078680 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7863 more sites.

IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-602162358-706699826-1801674531-1003\...\1-2005-search.com -> www.1-2005-search.com

There are 12678 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-13 19:00 - 2017-03-29 13:47 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-602162358-706699826-1801674531-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 209.197.128.2 - 209.197.128.5
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuatoCalibrationLoader.lnk => C:\WINDOWS\pss\QuatoCalibrationLoader.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Michelle^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DT VSC => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -VSC
MSCONFIG\startupreg: DWQueuedReporting => "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Disabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Disabled:@xpsp3res.dll,-20000
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Disabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management

==================== Restore Points =========================

09-04-2017 11:23:20 System Checkpoint
09-04-2017 11:23:21 good
09-04-2017 11:23:21 Installed Windows XP Wdf01009.
09-04-2017 11:23:21 Software Distribution Service 3.0
09-04-2017 11:23:21 Software Distribution Service 3.0
09-04-2017 11:23:22 Software Distribution Service 3.0
09-04-2017 11:23:22 good after anti& registry
09-04-2017 11:23:22 System Checkpoint
09-04-2017 11:23:22 Installed Windows XP Wdf01009.
09-04-2017 11:23:23 System Checkpoint
09-04-2017 11:23:23 System Checkpoint
09-04-2017 11:23:24 Configured IDT Audio
09-04-2017 11:23:24 System Checkpoint
09-04-2017 11:23:24 System Checkpoint
09-04-2017 11:23:24 System Checkpoint
09-04-2017 11:23:29 End of disinfection
09-04-2017 11:27:08 Restore Point Created by FRST
11-04-2017 02:13:04 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1397 WLAN Mini-Card
Description: Dell Wireless 1397 WLAN Mini-Card
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth LAN Access Server Driver
Description: Bluetooth LAN Access Server Driver
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: BTWDNDIS
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2017 01:52:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.0.2.6291, faulting module mozglue.dll, version 52.0.2.6291, fault address 0x0000f76f.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (04/05/2017 10:24:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.0.2.6291, faulting module mozglue.dll, version 52.0.2.6291, fault address 0x0000f76f.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (04/04/2017 03:37:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.0.2.6291, faulting module mozglue.dll, version 52.0.2.6291, fault address 0x0000f76f.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (04/01/2017 01:55:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.0.2.6291, faulting module mozglue.dll, version 52.0.2.6291, fault address 0x0000f76f.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/29/2017 03:08:28 PM) (Source: VSSetup) (EventID: 5000) (User: )
Description: EventType vssetup, P1 kb2898855v2, P2 10.0.30319, P3 10.0.30319.1022, P4 1, P5 ndp40-kb2898855.msp, P6 install_i_silent_error, P7 1603, P8 0, P9 processassembly, P10 NIL.

Error: (03/29/2017 03:08:27 PM) (Source: MsiInstaller) (EventID: 1023) (User: MEESH)
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2898855v2' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\Michelle\LOCALS~1\Temp\KB2898855v2_20170329_150448093-Microsoft .NET Framework 4 Client Profile-MSP0.txt.

Error: (03/29/2017 03:07:11 PM) (Source: MsiInstaller) (EventID: 10005) (User: MEESH)
Description: Product: Microsoft .NET Framework 4 Client Profile -- There is a problem with this Windows Installer package. Please refer to the setup log for more information.

Error: (03/29/2017 02:39:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020

Error: (03/29/2017 02:28:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.0.1.6284, faulting module mozglue.dll, version 52.0.1.6284, fault address 0x0000f74f.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/26/2017 01:45:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application firefox.exe, version 52.0.1.6284, faulting module mozglue.dll, version 52.0.1.6284, fault address 0x0000f74f.
Processing media-specific event for [firefox.exe!ws!]


System errors:
=============
Error: (04/11/2017 01:46:44 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/10/2017 10:41:54 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/10/2017 03:35:26 AM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/08/2017 09:49:17 AM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/06/2017 04:18:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Malwarebytes Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/06/2017 04:18:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Malwarebytes Service service to connect.

Error: (04/06/2017 10:26:00 AM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/04/2017 08:47:24 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/04/2017 11:27:02 AM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/03/2017 03:55:32 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 57%
Total physical RAM: 3032.88 MB
Available physical RAM: 1288.27 MB
Total Virtual: 10871.61 MB
Available Virtual: 9291.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:88.76 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: A42D04A3)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Meesh (11-04-2017 17:41:42)
Running from C:\Documents and Settings\Michelle\Desktop
Boot Mode: Normal

================== Search Files: "*autochk*" =============

C:\WINDOWS\system32\autochk.exe
[2016-12-23 01:31][2016-12-31 17:24] 0588800 ____A (Microsoft Corporation) 23043C91A0F9DFB4B9E9F87B680863B4 [File is digitally signed]

C:\WINDOWS\system32\dllcache\autochk.exe
[2016-12-23 01:31][2016-12-31 17:24] 0588800 ___AC (Microsoft Corporation) 23043C91A0F9DFB4B9E9F87B680863B4 [File is digitally signed]

C:\Documents and Settings\Michelle\My Documents\system restore and autochk virus daily.docx
[2016-12-05 12:54][2016-12-05 17:49] 0011836 ____A () 5A32AAB08D5A7C64FA5BCEE0ADC5C7A6 [File not signed]

====== End of Search ======

 



#12 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,207 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:40 PM

Posted 13 April 2017 - 03:54 PM

Please Hold on a bit we are working on the log.



#13 meeshemee

meeshemee
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 AM

Posted 13 April 2017 - 04:35 PM

no problem (not sure if it's relevant but i have uninstalled and reinstalled avast numerous times and it doesn't help the findings).

thanks.



#14 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,207 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:40 PM

Posted 14 April 2017 - 02:46 PM

Hi,

 

After working on your log we see no malware on your computer.

These restore points are created by rpcnet present on your computer.What ESET and AVAST detects as malware regarding Computrace may be a false positive.So you shouldn't worry about this as it will not harm your computer.

 

I will try to explain this to you.

rpcnet is legit program which is installed on your computer.Its is a software belong to Lojack company which is used to track device in case of theft.This program is the reason why those restore points are showing as malware.It create restore points on its own after you delete old one.
You may say why it happening now? if from previously you have been using avast, then maybe Avast and ESET has added it to their definition now that's why they are detecting it now.
 
Nothing to worry about it should not do anything more than creating restore points.So you can ignore the alert as these are related to Computrace.
By the way you only see these alerts on scanning and not on Real-Time Protection?
 
As this is legitimate program we shouldn't remove.
 
=================
To be sure:
I'd like you to scan your machine with ESET OnlineScan:
  • Check qy7AMI8.jpg (if available) and click on the ePL5oyv.jpg button.
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
 
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
 
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScanLog.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

 

Regards,

Tenis



#15 meeshemee

meeshemee
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 AM

Posted 15 April 2017 - 10:56 AM

hello tenis,

 

yes but along with them possibly adding this to their databases (i never had any of these problems until recently), my computer is also acting weird. sometimes on word when i click save, the font on the screen turns huge/magnified for a split second before going back to normal, sometimes windows components disappear (paint, volume, media player). (i doubt it's related but also recently my 'plugin container' crashes on an hourly basis; the computer tells me that i do not have the recovery console or autochk/chkdsk installed so i did it via the disc but it still says i don't)...

 

it just seems to me that in the past few months my computer is acting strangely and i thought it was related to the fact that i accidentally had popup blocker off and got a series of hundreds of popups in a few minutes.. but if you say there's nothing i guess there's nothing i can do - i'm not much of an expert so i thought these things all might have to do with a virus/malware.  is there no way to uninstall the lojack program - my computer has not been stolen in the almost 10 years i have had it and i highly doubt it will occur so i don;t need this program.

 

{i would do a fresh install from scratch with the discs to make sure everything's running smoothly but i have changed my motherboard to one with a different brand graphics card and i'm afraid to try and i have heard of problems with microsoft with regards to registering copies of xp (even with the legit os discs)}.

 

if none of this is virus-related i apologize and thank you for all of your effort.

 

eset results:

 

C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP104\A0039742.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP104\A0039890.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP104\A0039957.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP104\A0040029.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP105\A0040146.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP105\A0040177.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP105\A0040239.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP106\A0040345.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP106\A0040407.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP106\A0040474.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP107\A0040564.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP107\A0040594.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP109\A0040632.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP109\A0041632.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP109\A0041654.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP109\A0041711.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP110\A0041776.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP110\A0042776.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP110\A0042912.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP111\A0043015.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP112\A0043072.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP113\A0043136.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
C:\System Volume Information\_restore{432B7F42-79F8-4AAD-A7F8-2374DB7400BC}\RP113\A0043189.exe    a variant of Win32/CompuTrace.B potentially unsafe application    
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users