Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible svchost virus


  • This topic is locked This topic is locked
10 replies to this topic

#1 atomicsocks

atomicsocks

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 26 November 2017 - 10:31 AM

Computer running incredibly slow. Task manager says CPU running at 100%.
A particular svchost process is using up all the processing power.
Killing it in task manager brings everything back up to normal speed but kills my internet after a few minutes.

malwarebytes anti-rootkit found some things, but before I could post the results, we had a blackout and running it again found nothing.
awcleaner wouldn't run.
spybot search and destroy, tdss killer and ccleaner couldn't fix it.



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-11-2017 01
Ran by Erik (administrator) on ERIKS (26-11-2017 09:27:18)
Running from C:\Documents and Settings\Erik\Desktop
Loaded Profiles: Erik (Available Profiles: Erik & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(GFI Software) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Lavasoft Limited) C:\PROGRA~1\AD-AWA~1\AdAware.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Google Inc.) C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [16859648 2008-01-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM\...\Run: [Ad-Aware Antivirus] => "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-09-06] (RealNetworks, Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\Run: [Google Update] => C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-10] (Google Inc.)
HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7814600 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-299502267-1336601894-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
Startup: C:\Documents and Settings\Erik\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-03-07]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{9953C2F4-F93F-4222-830B-0494863E96BF}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-299502267-1336601894-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-299502267-1336601894-839522115-1003 -> DefaultScope {D09E087D-9155-4494-B06E-E21B7FBA18C3} URL =
SearchScopes: HKU\S-1-5-21-299502267-1336601894-839522115-1003 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files\MGTEK\Adblock IE\adblockie.dll [2014-01-10] (MGTEK)
BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-01] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-01] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-299502267-1336601894-839522115-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-07-19] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF DefaultProfile: vkc6tiud.default-1380748488578
FF ProfilePath: C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578 [2017-11-26]
FF Extension: (Disconnect) - C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578\Extensions\2.0@disconnect.me.xpi [2017-11-19]
FF Extension: (uBlock Origin) - C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578\Extensions\uBlock0@raymondhill.net.xpi [2017-11-09]
FF Extension: (NoScript) - C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-11-17] [Lagacy]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
FF Extension: (Greasemonkey) - C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-10-03] [Lagacy]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-28] [Lagacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-06] [Lagacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2011-08-16] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-09-06] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-09-06] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Erik\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Erik\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Erik\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Erik\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-11-22]
CHR Extension: (Docs) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-17]
CHR Extension: (Google Drive) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-11]
CHR Extension: (YouTube) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-11]
CHR Extension: (Google Search) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-11]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-15]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-17]
CHR Extension: (Gmail) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-06]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1226096 2012-05-03] (Lavasoft Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
S3 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [271760 2009-04-27] ()
R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [549144 2014-05-21] (Wacom Technology, Corp.)
S2 Spooler; %SystemRoot%\system32\spoolsv.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S3 ax88772; C:\WINDOWS\System32\DRIVERS\ax88772.sys [17216 2004-08-06] (ASIX Electronics Corp.)
S3 eapihdrv; C:\Documents and Settings\Erik\Local Settings\temp\ehdrv.sys [135760 2017-11-25] (ESET)
R2 EAPPkt; C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [38144 2010-12-06] (Realtek)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59896 2017-11-01] ()
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hidkmdf; C:\WINDOWS\System32\DRIVERS\hidkmdf.sys [12088 2014-03-17] (Windows ® Win 7 DDK provider)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [150304 2017-11-26] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40376 2017-11-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2017-11-26] (Malwarebytes)
S3 MpFilter; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [145952 2008-11-12] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [21240 2011-11-29] (GFI Software)
R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [77816 2011-11-29] (GFI Software)
R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [335224 2011-12-19] (GFI Software)
S3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [94584 2011-09-29] (GFI Software)
R3 SBFWIMCLMP; C:\WINDOWS\System32\DRIVERS\SBFWIM.sys [94584 2011-09-29] (GFI Software)
S3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [93816 2011-12-19] (GFI Software)
R1 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
R1 sbtis; C:\WINDOWS\System32\drivers\sbtis.sys [217976 2011-12-19] (GFI Software)
S3 WacHidRouter; C:\WINDOWS\System32\DRIVERS\wachidrouter.sys [80696 2014-03-17] (Wacom Technology)
S3 wacomrouterfilter; C:\WINDOWS\System32\DRIVERS\wacomrouterfilter.sys [13112 2014-03-17] (Wacom Technology)
S3 catchme; \??\C:\DOCUME~1\Erik\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-26 09:27 - 2017-11-26 09:28 - 000021701 _____ C:\Documents and Settings\Erik\Desktop\FRST.txt
2017-11-26 08:46 - 2017-11-26 09:27 - 000000000 ____D C:\FRST
2017-11-26 08:40 - 2017-11-26 08:42 - 001789440 _____ (Farbar) C:\Documents and Settings\Erik\Desktop\FRST.exe
2017-11-26 04:00 - 2017-11-26 04:13 - 000019354 _____ C:\Documents and Settings\Erik\Desktop\mooooooooo.txt
2017-11-26 03:41 - 2017-11-26 03:43 - 000000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2017-11-25 13:55 - 2017-11-25 13:55 - 000222648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\D8766179.sys
2017-11-25 13:52 - 2017-11-26 03:34 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-11-25 13:46 - 2017-11-26 03:34 - 000000000 ____D C:\Documents and Settings\Erik\Desktop\mbar
2017-11-23 15:05 - 2017-11-23 15:05 - 000000000 ____D C:\Documents and Settings\Erik\Local Settings\Application Data\ESET
2017-11-23 15:01 - 2017-11-23 15:05 - 000107580 _____ C:\WINDOWS\ntbtlog.txt
2017-11-23 10:01 - 2017-11-23 10:02 - 006968952 _____ (ESET spol. s r.o.) C:\Documents and Settings\Erik\Desktop\esetonlinescanner_enu.exe
2017-11-23 09:55 - 2017-11-23 09:56 - 008261584 _____ (Malwarebytes) C:\Documents and Settings\Erik\Desktop\AdwCleaner.exe
2017-11-23 09:46 - 2017-11-23 09:49 - 014178840 _____ (Malwarebytes Corp.) C:\Documents and Settings\Erik\Desktop\mbar-1.10.3.1001.exe
2017-11-23 05:55 - 2017-11-26 08:13 - 000001431 _____ C:\Documents and Settings\Erik\Desktop\virinstr.txt
2017-11-22 03:25 - 2017-11-26 08:58 - 000000326 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2017-11-22 03:25 - 2017-11-22 03:25 - 000000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2017-11-22 03:25 - 2017-11-22 03:25 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2017-11-22 03:22 - 2017-11-22 03:25 - 000000000 ____D C:\Program Files\CCleaner
2017-11-22 03:01 - 2017-11-22 03:02 - 004254840 _____ (ESET) C:\Documents and Settings\Erik\My Documents\eset_nod32_antivirus_live_installer.exe
2017-11-19 04:15 - 2017-11-26 03:44 - 000150304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-11-19 04:14 - 2017-11-26 03:44 - 000040376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-19 04:13 - 2017-11-26 03:43 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-11-19 04:10 - 2017-11-19 04:10 - 000001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-11-19 04:10 - 2017-11-19 04:10 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-11-19 04:09 - 2017-11-01 08:54 - 000059896 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-11-19 04:06 - 2017-11-19 04:06 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-19 04:02 - 2017-11-19 04:02 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MB2Migration
2017-11-19 03:41 - 2017-11-19 03:49 - 000126294 _____ C:\TDSSKiller.3.1.0.5_19.11.2017_03.41.59_log.txt
2017-11-17 04:28 - 2017-11-17 05:12 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-26 09:28 - 2012-04-11 05:55 - 000000000 ____D C:\Documents and Settings\Erik\Local Settings\temp
2017-11-26 09:27 - 2011-12-28 10:21 - 000000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{9F352F51-B56A-46CB-95D5-334D93DDD995}.job
2017-11-26 08:59 - 2017-01-20 17:04 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-11-26 08:58 - 2011-12-28 08:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-26 08:57 - 2011-12-28 08:57 - 000031796 _____ C:\WINDOWS\SchedLgU.Txt
2017-11-26 08:47 - 2013-04-18 19:41 - 000000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1336601894-839522115-1003UA.job
2017-11-26 08:43 - 2012-05-13 16:20 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-11-26 08:25 - 2012-03-22 22:01 - 000007680 ___SH C:\WINDOWS\Thumbs.db
2017-11-26 04:47 - 2013-04-18 19:41 - 000000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1336601894-839522115-1003Core.job
2017-11-26 04:41 - 2012-05-13 16:20 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-11-26 04:00 - 2012-05-24 16:32 - 000000942 _____ C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2017-11-26 03:43 - 2012-05-23 23:49 - 000001615 _____ C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2017-11-26 03:43 - 2012-05-23 23:41 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2017-11-26 03:40 - 2012-12-24 17:40 - 000000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2017-11-26 03:40 - 2004-08-04 07:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-11-26 03:39 - 2015-04-20 10:03 - 000000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-11-26 03:39 - 2014-09-14 15:05 - 000000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-11-26 03:38 - 2013-10-16 15:12 - 000000298 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2017-11-26 03:38 - 2012-03-21 23:20 - 000000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2017-11-26 03:37 - 2011-12-28 09:09 - 000000178 ___SH C:\Documents and Settings\Erik\ntuser.ini
2017-11-26 00:30 - 2012-02-09 00:30 - 000000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2017-11-24 13:42 - 2013-03-02 20:14 - 000000000 ____D C:\Documents and Settings\Erik\Application Data\uTorrent
2017-11-23 16:57 - 2012-11-28 16:43 - 000000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2017-11-23 15:03 - 2011-12-28 11:05 - 000001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-11-23 05:00 - 2012-03-21 23:20 - 000000284 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2017-11-22 05:36 - 2012-02-09 00:44 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2017-11-22 05:18 - 2012-03-17 15:19 - 000000000 ____D C:\Documents and Settings\Erik\Application Data\Skype
2017-11-22 05:18 - 2011-12-28 12:36 - 000000000 ____D C:\Documents and Settings\Erik\Tracing
2017-11-22 04:23 - 2012-04-09 00:58 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-22 01:55 - 2011-12-28 09:09 - 000000000 ____D C:\Documents and Settings\Erik
2017-11-22 01:16 - 2012-12-30 19:00 - 000000000 ____D C:\Documents and Settings\Erik\My Documents\My PSP8 Files
2017-11-20 22:22 - 2013-01-07 01:02 - 000000324 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2017-11-20 10:24 - 2013-01-07 01:02 - 000000306 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2017-11-19 22:49 - 2011-12-27 12:58 - 000000364 __RSH C:\boot.ini
2017-11-19 04:06 - 2014-09-14 18:07 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-11-19 04:06 - 2011-12-28 15:09 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-11-19 00:32 - 2013-04-24 19:40 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-11-17 05:14 - 2013-04-24 19:40 - 000000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-17 05:14 - 2013-04-24 19:40 - 000000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2017-11-17 04:34 - 2011-12-27 13:00 - 000573364 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-17 04:33 - 2011-12-27 18:05 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-17 04:29 - 2011-12-28 08:57 - 000000000 __SHD C:\Documents and Settings\LocalService
2017-11-17 04:29 - 2011-12-28 08:57 - 000000000 ____D C:\Documents and Settings\Administrator
2017-11-17 04:29 - 2011-12-27 18:09 - 000000000 __SHD C:\Documents and Settings\NetworkService
2017-11-17 04:29 - 2011-12-27 18:04 - 000000000 ____D C:\WINDOWS\Registration
2017-11-15 00:30 - 2014-09-14 15:05 - 000000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-11-08 15:00 - 2015-04-20 10:03 - 000000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-11-02 00:51 - 2014-09-14 15:05 - 000000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job

==================== Files in the root of some directories =======

2015-08-29 07:06 - 2015-08-29 07:06 - 006420480 _____ () C:\Program Files\GUT290F.tmp
2014-03-24 04:15 - 2011-06-22 16:29 - 020714876 _____ (Pixologic                                                    ) C:\Program Files\Sculptris Alpha 6.exe
2012-03-17 15:18 - 2012-03-17 15:18 - 000944264 _____ (Skype Technologies S.A.) C:\Program Files\SkypeSetup.exe
2012-05-23 23:49 - 2012-05-23 23:49 - 000000000 _____ () C:\Documents and Settings\Erik\Application Data\adaware-installer-reboot-required.tmp
2011-12-28 15:12 - 2017-04-13 20:38 - 000000486 _____ () C:\Documents and Settings\Erik\Application Data\wklnhst.dat
2012-03-22 22:01 - 2017-04-08 22:37 - 000018432 _____ () C:\Documents and Settings\Erik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-17 06:51 - 2015-04-17 06:51 - 000000000 _____ () C:\Documents and Settings\Erik\Local Settings\Application Data\{643F3733-FC68-4CEA-B7D4-28FE8B932648}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-11-2017 01
Ran by Erik (26-11-2017 09:29:26)
Running from C:\Documents and Settings\Erik\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-12-27 23:08:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-299502267-1336601894-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-299502267-1336601894-839522115-1004 - Limited - Enabled)
Erik (S-1-5-21-299502267-1336601894-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Erik
Guest (S-1-5-21-299502267-1336601894-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-299502267-1336601894-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-299502267-1336601894-839522115-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Lavasoft Ad-Aware (Enabled - Out of date) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware (Disabled) {FF1CD5B7-1553-4625-A258-1775385CED33}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29126 - BitTorrent Inc.)
Ad-Aware Antivirus (HKLM\...\{fc8208f2-b1c1-4253-9e89-d518e983b7bb}) (Version: 10.1.211.3382 - Lavasoft Limited)
Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 0.9.0.2 - Lavasoft)
Ad-Aware Security Toolbar (HKLM\...\adawaretb) (Version: 2.1.0.20 - Lavasoft)
Adblock IE 3.0 (HKLM\...\{56D02496-CD68-4576-B1AE-D572E8EAFF3D}) (Version: 3.0.2496 - MGTEK)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AMDAway INF (HKLM\...\AMDAway INF) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Belkin USB Wireless Adapter (HKLM\...\{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) Hidden
Belkin USB Wireless Adapter (HKLM\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Blast Thru (HKLM\...\Blast Thru) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3518.52 - CyberLink Corp.)
E.M. Total Video Player 1.31 (HKLM\...\E.M. Total Video Player 1.31_is1) (Version:  - EffectMatrix Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High-Definition Video Playback (HKLM\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.1.13500.43.0 - Nero AG) Hidden
Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LEGO Digital Designer (HKLM\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 52.5.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.5.0 ESR (x86 en-US)) (Version: 52.5.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG)
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11500.17.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.11100 - Nero AG)
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11300.12.100 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PCGen6000 (HKLM\...\PCGen6000) (Version:  - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (HKLM\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5548 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Screencast-O-Matic (HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Sculptris Alpha 6 (HKLM\...\{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic) Hidden
Sculptris Alpha 6 (HKLM\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic)
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SketchUp 8 (HKLM\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype™ 7.7 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Three Drinks (HKLM\...\Three Drinks_is1) (Version:  - )
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
Unity Web Player (HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\UnityWebPlayer) (Version: 5.0.2f1 - Unity Technologies ApS)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-6 - Wacom Technology Corp.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.29.2\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll => No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2014-03-11] (Microsoft Corporation)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\Ad-Aware Antivirus\AdAwareShellExtension.dll [2012-05-03] (Lavasoft Limited)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2014-03-11] (Microsoft Corporation)
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\Ad-Aware Antivirus\AdAwareShellExtension.dll [2012-05-03] (Lavasoft Limited)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2014-03-11] (Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\WINDOWS\system32\nvshell.dll [2009-01-16] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2009-01-16] (NVIDIA Corporation)
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1336601894-839522115-1003Core.job => C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1336601894-839522115-1003UA.job => C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{9F352F51-B56A-46CB-95D5-334D93DDD995}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Erik\Start Menu\Programs\PCGen\PCGen6000\PCGen6000-Low.lnk -> C:\Documents and Settings\Erik\My Documents\mtd\PCGen\PCGen6000\pcgen_low_mem.bat ()

==================== Loaded Modules (Whitelisted) ==============

2004-08-04 07:00 - 2008-04-14 05:42 - 000014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-08-14 14:19 - 2013-08-14 14:19 - 000039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-12-28 14:15 - 2009-04-27 05:22 - 000271760 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2012-05-24 16:33 - 2014-12-19 05:01 - 000192376 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
2012-05-24 16:33 - 2014-12-19 05:01 - 000180088 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2014-09-14 15:04 - 2014-05-13 11:04 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-14 15:04 - 2014-05-13 11:04 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-14 15:04 - 2014-05-13 11:04 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-14 15:04 - 2012-08-23 09:38 - 000574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-14 15:04 - 2012-04-03 16:06 - 000565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-11-19 04:09 - 2017-11-01 08:55 - 001930696 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2004-08-04 07:00 - 2013-01-02 01:49 - 001292288 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42534003.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\74105433.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42534003.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\74105433.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 07:00 - 2016-02-01 13:28 - 000449906 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 15464 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-299502267-1336601894-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Erik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.76.76 - 75.75.75.75
sharedaccess => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe] => Enabled:CyberLink PowerDVD 9.0
StandardProfile\AuthorizedApplications: [C:\Program Files\adawaretb\dtUser.exe] => Enabled:Ad-Aware Security Toolbar DTX Broker
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Erik\Application Data\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe] => Enabled:Google Talk Plugin
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\launch4j-tmp\MegaMek.exe] => Disabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Disabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management

==================== Restore Points =========================

26-08-2017 07:01:27 System Checkpoint
27-08-2017 09:54:00 System Checkpoint
28-08-2017 12:11:36 System Checkpoint
29-08-2017 13:58:19 System Checkpoint
30-08-2017 23:34:51 System Checkpoint
01-09-2017 02:31:27 System Checkpoint
02-09-2017 03:35:49 System Checkpoint
03-09-2017 03:47:27 System Checkpoint
04-09-2017 07:39:36 System Checkpoint
05-09-2017 08:17:25 System Checkpoint
06-09-2017 08:42:53 System Checkpoint
07-09-2017 09:47:26 System Checkpoint
08-09-2017 12:17:37 System Checkpoint
09-09-2017 13:28:46 System Checkpoint
10-09-2017 16:49:20 System Checkpoint
11-09-2017 17:39:03 System Checkpoint
12-09-2017 18:15:54 System Checkpoint
13-09-2017 19:45:20 System Checkpoint
14-09-2017 18:00:17 Software Distribution Service 3.0
15-09-2017 20:25:25 System Checkpoint
16-09-2017 22:25:10 System Checkpoint
18-09-2017 01:38:29 System Checkpoint
19-09-2017 03:34:44 System Checkpoint
20-09-2017 15:12:23 System Checkpoint
21-09-2017 16:05:41 System Checkpoint
22-09-2017 17:43:37 System Checkpoint
23-09-2017 23:07:03 System Checkpoint
25-09-2017 05:56:35 System Checkpoint
26-09-2017 06:08:07 System Checkpoint
27-09-2017 15:20:23 System Checkpoint
28-09-2017 15:47:57 System Checkpoint
29-09-2017 15:48:11 System Checkpoint
30-09-2017 15:48:16 System Checkpoint
01-10-2017 18:12:00 System Checkpoint
02-10-2017 18:16:55 System Checkpoint
03-10-2017 18:48:17 System Checkpoint
04-10-2017 18:52:26 System Checkpoint
05-10-2017 18:56:52 System Checkpoint
06-10-2017 20:19:33 System Checkpoint
07-10-2017 20:24:20 System Checkpoint
08-10-2017 21:48:28 System Checkpoint
09-10-2017 23:18:28 System Checkpoint
11-10-2017 00:48:28 System Checkpoint
12-10-2017 02:18:28 System Checkpoint
12-10-2017 09:55:59 Software Distribution Service 3.0
13-10-2017 22:17:31 System Checkpoint
15-10-2017 00:45:45 System Checkpoint
16-10-2017 01:02:40 System Checkpoint
17-10-2017 02:42:43 System Checkpoint
18-10-2017 03:20:00 System Checkpoint
19-10-2017 21:57:02 System Checkpoint
21-10-2017 01:05:36 System Checkpoint
22-10-2017 01:17:20 System Checkpoint
23-10-2017 02:12:00 System Checkpoint
24-10-2017 02:18:50 System Checkpoint
25-10-2017 04:02:20 System Checkpoint
26-10-2017 08:54:49 System Checkpoint
27-10-2017 08:55:29 System Checkpoint
28-10-2017 09:03:22 System Checkpoint
29-10-2017 11:17:39 System Checkpoint
30-10-2017 11:19:03 System Checkpoint
31-10-2017 11:35:12 System Checkpoint
01-11-2017 12:14:24 System Checkpoint
02-11-2017 13:49:46 System Checkpoint
03-11-2017 17:53:03 System Checkpoint
04-11-2017 19:24:13 System Checkpoint
05-11-2017 19:43:58 System Checkpoint
06-11-2017 21:22:17 System Checkpoint
07-11-2017 22:16:17 System Checkpoint
09-11-2017 04:18:30 System Checkpoint
10-11-2017 08:25:54 System Checkpoint
11-11-2017 08:31:54 System Checkpoint
12-11-2017 10:12:04 System Checkpoint
13-11-2017 11:19:24 System Checkpoint
14-11-2017 12:19:22 System Checkpoint
17-11-2017 04:26:13 Restore Operation
21-11-2017 02:14:51 System Checkpoint
22-11-2017 07:14:42 System Checkpoint
23-11-2017 11:11:43 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2017 02:55:42 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/22/2017 02:55:42 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/20/2017 11:55:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application tvp.exe, version 1.3.7.1208, faulting module tvpskin.dll, version 1.3.7.923, fault address 0x000075c7.
Processing media-specific event for [tvp.exe!ws!]

Error: (11/19/2017 04:15:18 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/19/2017 04:15:16 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/16/2017 10:51:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Paint Shop Pro.exe, version 8.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/23/2017 03:37:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Paint Shop Pro.exe, version 8.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/18/2017 11:32:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application anim.exe, version 3.0.0.4, faulting module anim.exe, version 3.0.0.4, fault address 0x0008530a.
Processing media-specific event for [anim.exe!ws!]

Error: (09/18/2017 11:31:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application anim.exe, version 3.0.0.4, faulting module anim.exe, version 3.0.0.4, fault address 0x0008530a.
Processing media-specific event for [anim.exe!ws!]

Error: (09/16/2017 04:18:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Game.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (11/26/2017 03:49:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wacom Professional Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/26/2017 03:41:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/26/2017 03:41:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the ImapiService service.

Error: (11/26/2017 03:39:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/26/2017 03:39:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (11/26/2017 03:39:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/25/2017 01:51:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/24/2017 04:07:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/24/2017 04:07:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ad-Aware Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/24/2017 04:07:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wacom Professional Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor: AMD Sempron™ Processor LE-1300
Percentage of memory in use: 71%
Total physical RAM: 1982.42 MB
Available physical RAM: 565.53 MB
Total Virtual: 3875.72 MB
Available Virtual: 2537.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149 GB) (Free:61 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 PM

Posted 01 December 2017 - 10:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/663837 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 01 December 2017 - 05:42 PM

Sadly I have no windows disk.

Here's a fresh version of the previous info.

Computer running incredibly slow. Task manager says CPU running at 100%.
A particular svchost process is using up all the processing power.
Killing it in task manager brings everything back up to normal speed but kills my internet after a few minutes.

malwarebytes anti-rootkit found some things, but before I could post the results, we had a blackout and running it again found nothing.
awcleaner wouldn't run.
spybot search and destroy, tdss killer and ccleaner couldn't fix it.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-11-2017 01
Ran by Erik (administrator) on ERIKS (01-12-2017 14:22:21)
Running from C:\Documents and Settings\Erik\Desktop
Loaded Profiles: Erik & Administrator &  (Available Profiles: Erik & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(GFI Software) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
() C:\Program Files\Pixologic\Sculptris Alpha 6\Sculptris.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [16859648 2008-01-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM\...\Run: [Ad-Aware Antivirus] => "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-09-06] (RealNetworks, Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021914375\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021914375\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\Run: [Google Update] => C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-10] (Google Inc.)
HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7814600 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-299502267-1336601894-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\Run: [Google Update] => C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-10] (Google Inc.)
HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7814600 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{9953C2F4-F93F-4222-830B-0494863E96BF}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-299502267-1336601894-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-299502267-1336601894-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-299502267-1336601894-839522115-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-299502267-1336601894-839522115-1003 -> DefaultScope {D09E087D-9155-4494-B06E-E21B7FBA18C3} URL =
SearchScopes: HKU\S-1-5-21-299502267-1336601894-839522115-1003 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140 -> DefaultScope {D09E087D-9155-4494-B06E-E21B7FBA18C3} URL =
SearchScopes: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files\MGTEK\Adblock IE\adblockie.dll [2014-01-10] (MGTEK)
BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-01] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-01] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-299502267-1336601894-839522115-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-07-19] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF DefaultProfile: vkc6tiud.default-1380748488578
FF ProfilePath: C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578 [2017-12-01]
FF Extension: (Disconnect) - C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578\Extensions\2.0@disconnect.me.xpi [2017-11-19]
FF Extension: (uBlock Origin) - C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578\Extensions\uBlock0@raymondhill.net.xpi [2017-11-30]
FF Extension: (NoScript) - C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-11-17] [Lagacy]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
FF Extension: (Greasemonkey) - C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\vkc6tiud.default-1380748488578\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-10-03] [Lagacy]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-28] [Lagacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-06] [Lagacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2011-08-16] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-09-06] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-09-06] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Erik\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Erik\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Erik\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Erik\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Erik\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Erik\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-11-22]
CHR Extension: (Docs) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-17]
CHR Extension: (Google Drive) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-11]
CHR Extension: (YouTube) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-11]
CHR Extension: (Google Search) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-11]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-15]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-17]
CHR Extension: (Gmail) - C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-06]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1226096 2012-05-03] (Lavasoft Limited)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-11] (Adobe Systems Incorporated) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
S3 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [271760 2009-04-27] ()
R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [549144 2014-05-21] (Wacom Technology, Corp.)
S2 Spooler; %SystemRoot%\system32\spoolsv.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S3 ax88772; C:\WINDOWS\System32\DRIVERS\ax88772.sys [17216 2004-08-06] (ASIX Electronics Corp.) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-21] (Adaptec, Inc.) [File not signed]
R2 EAPPkt; C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [38144 2010-12-06] (Realtek) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59896 2017-11-01] ()
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hidkmdf; C:\WINDOWS\System32\DRIVERS\hidkmdf.sys [12088 2014-03-17] (Windows ® Win 7 DDK provider)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [150304 2017-11-26] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40376 2017-11-30] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2017-11-30] (Malwarebytes)
S3 MpFilter; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [145952 2008-11-12] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [21240 2011-11-29] (GFI Software)
R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [77816 2011-11-29] (GFI Software)
R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [335224 2011-12-19] (GFI Software)
S3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [94584 2011-09-29] (GFI Software)
R3 SBFWIMCLMP; C:\WINDOWS\System32\DRIVERS\SBFWIM.sys [94584 2011-09-29] (GFI Software)
S3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [93816 2011-12-19] (GFI Software)
R1 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
R1 sbtis; C:\WINDOWS\System32\drivers\sbtis.sys [217976 2011-12-19] (GFI Software)
S3 WacHidRouter; C:\WINDOWS\System32\DRIVERS\wachidrouter.sys [80696 2014-03-17] (Wacom Technology)
S3 wacomrouterfilter; C:\WINDOWS\System32\DRIVERS\wacomrouterfilter.sys [13112 2014-03-17] (Wacom Technology)
S3 catchme; \??\C:\DOCUME~1\Erik\LOCALS~1\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\DOCUME~1\Erik\LOCALS~1\Temp\ehdrv.sys [X]
S4 IntelIde; no ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-01 14:22 - 2017-12-01 14:40 - 000026024 _____ C:\Documents and Settings\Erik\Desktop\FRST.txt
2017-11-28 04:02 - 2017-11-30 20:35 - 000000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2017-11-26 08:46 - 2017-12-01 14:22 - 000000000 ____D C:\FRST
2017-11-26 08:40 - 2017-11-26 08:42 - 001789440 _____ (Farbar) C:\Documents and Settings\Erik\Desktop\FRST.exe
2017-11-25 13:55 - 2017-11-25 13:55 - 000222648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\D8766179.sys
2017-11-25 13:52 - 2017-11-26 03:34 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-11-25 13:46 - 2017-11-26 03:34 - 000000000 ____D C:\Documents and Settings\Erik\Desktop\mbar
2017-11-23 15:05 - 2017-11-23 15:05 - 000000000 ____D C:\Documents and Settings\Erik\Local Settings\Application Data\ESET
2017-11-23 15:01 - 2017-11-23 15:05 - 000107580 _____ C:\WINDOWS\ntbtlog.txt
2017-11-23 10:01 - 2017-11-23 10:02 - 006968952 _____ (ESET spol. s r.o.) C:\Documents and Settings\Erik\Desktop\esetonlinescanner_enu.exe
2017-11-23 09:55 - 2017-11-23 09:56 - 008261584 _____ (Malwarebytes) C:\Documents and Settings\Erik\Desktop\AdwCleaner.exe
2017-11-23 09:46 - 2017-11-23 09:49 - 014178840 _____ (Malwarebytes Corp.) C:\Documents and Settings\Erik\Desktop\mbar-1.10.3.1001.exe
2017-11-22 03:25 - 2017-12-01 03:34 - 000000326 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2017-11-22 03:25 - 2017-11-22 03:25 - 000000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2017-11-22 03:25 - 2017-11-22 03:25 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2017-11-22 03:22 - 2017-11-22 03:25 - 000000000 ____D C:\Program Files\CCleaner
2017-11-22 03:01 - 2017-11-22 03:02 - 004254840 _____ (ESET) C:\Documents and Settings\Erik\My Documents\eset_nod32_antivirus_live_installer.exe
2017-11-19 04:15 - 2017-11-26 03:44 - 000150304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-11-19 04:14 - 2017-11-30 20:37 - 000040376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-19 04:13 - 2017-11-30 20:37 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-11-19 04:10 - 2017-11-19 04:10 - 000001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-11-19 04:10 - 2017-11-19 04:10 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-11-19 04:09 - 2017-11-01 08:54 - 000059896 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-11-19 04:06 - 2017-11-19 04:06 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-19 04:02 - 2017-11-19 04:02 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MB2Migration
2017-11-19 03:41 - 2017-11-19 03:49 - 000126294 _____ C:\TDSSKiller.3.1.0.5_19.11.2017_03.41.59_log.txt
2017-11-17 04:28 - 2017-11-17 05:12 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-01 14:47 - 2013-04-18 19:41 - 000000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1336601894-839522115-1003UA.job
2017-12-01 14:47 - 2011-12-28 10:21 - 000000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{9F352F51-B56A-46CB-95D5-334D93DDD995}.job
2017-12-01 14:40 - 2012-05-13 16:20 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-12-01 14:40 - 2012-04-11 05:55 - 000000000 ____D C:\Documents and Settings\Erik\Local Settings\temp
2017-12-01 13:59 - 2017-01-20 17:04 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-12-01 12:47 - 2011-12-28 08:57 - 000031796 _____ C:\WINDOWS\SchedLgU.Txt
2017-12-01 06:34 - 2014-09-14 15:05 - 000000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-12-01 04:47 - 2013-04-18 19:41 - 000000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1336601894-839522115-1003Core.job
2017-12-01 04:41 - 2012-05-13 16:20 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-11-30 22:48 - 2014-03-24 04:20 - 000002451 _____ C:\Documents and Settings\All Users\Desktop\Sculptris Alpha 6.exe.lnk
2017-11-30 22:22 - 2013-01-07 01:02 - 000000324 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2017-11-30 20:37 - 2012-05-23 23:49 - 000001615 _____ C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2017-11-30 20:36 - 2012-05-23 23:41 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2017-11-30 20:35 - 2012-12-24 17:40 - 000000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2017-11-30 20:35 - 2004-08-04 07:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-11-30 20:34 - 2015-04-20 10:03 - 000000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-11-30 20:34 - 2014-09-14 15:05 - 000000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-11-30 20:34 - 2013-10-16 15:12 - 000000298 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2017-11-30 20:34 - 2012-03-21 23:20 - 000000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2017-11-30 20:34 - 2011-12-28 08:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-30 20:33 - 2011-12-28 09:09 - 000000178 ___SH C:\Documents and Settings\Erik\ntuser.ini
2017-11-30 20:33 - 2011-12-28 09:09 - 000000000 ____D C:\Documents and Settings\Erik
2017-11-30 17:52 - 2013-03-17 17:10 - 000002519 _____ C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
2017-11-30 17:52 - 2012-12-30 19:00 - 000000000 ____D C:\Documents and Settings\Erik\My Documents\My PSP8 Files
2017-11-30 16:57 - 2012-11-28 16:43 - 000000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2017-11-30 05:00 - 2012-03-21 23:20 - 000000284 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2017-11-30 00:30 - 2012-02-09 00:30 - 000000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2017-11-29 00:51 - 2014-09-14 15:05 - 000000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-11-27 10:24 - 2013-01-07 01:02 - 000000306 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job
2017-11-26 08:25 - 2012-03-22 22:01 - 000007680 ___SH C:\WINDOWS\Thumbs.db
2017-11-26 04:00 - 2012-05-24 16:32 - 000000942 _____ C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2017-11-24 13:42 - 2013-03-02 20:14 - 000000000 ____D C:\Documents and Settings\Erik\Application Data\uTorrent
2017-11-23 15:03 - 2011-12-28 11:05 - 000001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-11-22 05:36 - 2012-02-09 00:44 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2017-11-22 05:18 - 2012-03-17 15:19 - 000000000 ____D C:\Documents and Settings\Erik\Application Data\Skype
2017-11-22 05:18 - 2011-12-28 12:36 - 000000000 ____D C:\Documents and Settings\Erik\Tracing
2017-11-22 04:23 - 2012-04-09 00:58 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-19 22:49 - 2011-12-27 12:58 - 000000364 __RSH C:\boot.ini
2017-11-19 04:06 - 2014-09-14 18:07 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-11-19 04:06 - 2011-12-28 15:09 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-11-19 00:32 - 2013-04-24 19:40 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-11-17 05:14 - 2013-04-24 19:40 - 000000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-17 05:14 - 2013-04-24 19:40 - 000000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2017-11-17 04:34 - 2011-12-27 13:00 - 000573364 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-17 04:33 - 2011-12-27 18:05 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-17 04:29 - 2011-12-28 08:57 - 000000000 __SHD C:\Documents and Settings\LocalService
2017-11-17 04:29 - 2011-12-28 08:57 - 000000000 ____D C:\Documents and Settings\Administrator
2017-11-17 04:29 - 2011-12-27 18:09 - 000000000 __SHD C:\Documents and Settings\NetworkService
2017-11-17 04:29 - 2011-12-27 18:04 - 000000000 ____D C:\WINDOWS\Registration
2017-11-08 15:00 - 2015-04-20 10:03 - 000000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Files in the root of some directories =======

2015-08-29 07:06 - 2015-08-29 07:06 - 006420480 _____ () C:\Program Files\GUT290F.tmp
2014-03-24 04:15 - 2011-06-22 16:29 - 020714876 _____ (Pixologic                                                    ) C:\Program Files\Sculptris Alpha 6.exe
2012-03-17 15:18 - 2012-03-17 15:18 - 000944264 _____ (Skype Technologies S.A.) C:\Program Files\SkypeSetup.exe
2012-05-23 23:49 - 2012-05-23 23:49 - 000000000 _____ () C:\Documents and Settings\Erik\Application Data\adaware-installer-reboot-required.tmp
2011-12-28 15:12 - 2017-04-13 20:38 - 000000486 _____ () C:\Documents and Settings\Erik\Application Data\wklnhst.dat
2012-03-22 22:01 - 2017-04-08 22:37 - 000018432 _____ () C:\Documents and Settings\Erik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-17 06:51 - 2015-04-17 06:51 - 000000000 _____ () C:\Documents and Settings\Erik\Local Settings\Application Data\{643F3733-FC68-4CEA-B7D4-28FE8B932648}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================





Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-11-2017 01
Ran by Erik (01-12-2017 14:54:43)
Running from C:\Documents and Settings\Erik\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-12-27 23:08:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-299502267-1336601894-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-299502267-1336601894-839522115-1004 - Limited - Enabled)
Erik (S-1-5-21-299502267-1336601894-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Erik
Guest (S-1-5-21-299502267-1336601894-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-299502267-1336601894-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-299502267-1336601894-839522115-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Lavasoft Ad-Aware (Enabled - Out of date) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware (Disabled) {FF1CD5B7-1553-4625-A258-1775385CED33}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29126 - BitTorrent Inc.)
Ad-Aware Antivirus (HKLM\...\{fc8208f2-b1c1-4253-9e89-d518e983b7bb}) (Version: 10.1.211.3382 - Lavasoft Limited)
Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 0.9.0.2 - Lavasoft)
Ad-Aware Security Toolbar (HKLM\...\adawaretb) (Version: 2.1.0.20 - Lavasoft)
Adblock IE 3.0 (HKLM\...\{56D02496-CD68-4576-B1AE-D572E8EAFF3D}) (Version: 3.0.2496 - MGTEK)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AMDAway INF (HKLM\...\AMDAway INF) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Belkin USB Wireless Adapter (HKLM\...\{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) Hidden
Belkin USB Wireless Adapter (HKLM\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Blast Thru (HKLM\...\Blast Thru) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3518.52 - CyberLink Corp.)
E.M. Total Video Player 1.31 (HKLM\...\E.M. Total Video Player 1.31_is1) (Version:  - EffectMatrix Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High-Definition Video Playback (HKLM\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.1.13500.43.0 - Nero AG) Hidden
Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LEGO Digital Designer (HKLM\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 52.5.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.5.0 ESR (x86 en-US)) (Version: 52.5.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG)
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11500.17.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.11100 - Nero AG)
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11300.12.100 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PCGen6000 (HKLM\...\PCGen6000) (Version:  - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (HKLM\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5548 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Screencast-O-Matic (HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Screencast-O-Matic (HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Sculptris Alpha 6 (HKLM\...\{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic) Hidden
Sculptris Alpha 6 (HKLM\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic)
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SketchUp 8 (HKLM\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype™ 7.7 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Three Drinks (HKLM\...\Three Drinks_is1) (Version:  - )
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
Unity Web Player (HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\UnityWebPlayer) (Version: 5.0.2f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\UnityWebPlayer) (Version: 5.0.2f1 - Unity Technologies ApS)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-6 - Wacom Technology Corp.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.29.2\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.29.2\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll => No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2014-03-11] (Microsoft Corporation)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\Ad-Aware Antivirus\AdAwareShellExtension.dll [2012-05-03] (Lavasoft Limited)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2014-03-11] (Microsoft Corporation)
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\Ad-Aware Antivirus\AdAwareShellExtension.dll [2012-05-03] (Lavasoft Limited)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2014-03-11] (Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\WINDOWS\system32\nvshell.dll [2009-01-16] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2009-01-16] (NVIDIA Corporation)
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1336601894-839522115-1003Core.job => C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1336601894-839522115-1003UA.job => C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1336601894-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{9F352F51-B56A-46CB-95D5-334D93DDD995}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Erik\Start Menu\Programs\PCGen\PCGen6000\PCGen6000-Low.lnk -> C:\Documents and Settings\Erik\My Documents\mtd\PCGen\PCGen6000\pcgen_low_mem.bat ()

==================== Loaded Modules (Whitelisted) ==============

2011-12-28 14:01 - 2010-03-15 11:28 - 000141824 _____ () C:\Program Files\WinRAR\rarext.dll
2014-09-14 15:04 - 2014-05-13 11:04 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-14 15:04 - 2014-05-13 11:04 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-08-14 14:19 - 2013-08-14 14:19 - 000039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-05-24 16:33 - 2014-12-19 05:01 - 000192376 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
2012-05-24 16:33 - 2014-12-19 05:01 - 000180088 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2014-09-14 15:04 - 2014-05-13 11:04 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-14 15:04 - 2012-08-23 09:38 - 000574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-14 15:04 - 2012-04-03 16:06 - 000565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-11-19 04:09 - 2017-11-01 08:55 - 001930696 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2004-08-04 07:00 - 2013-01-02 01:49 - 001292288 _____ () C:\WINDOWS\system32\quartz.dll
2011-06-09 20:45 - 2011-06-09 20:45 - 000989696 _____ () C:\Program Files\Pixologic\Sculptris Alpha 6\Sculptris.exe
2006-11-19 21:47 - 2006-11-19 21:47 - 000055808 ____R () C:\Program Files\Pixologic\Sculptris Alpha 6\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42534003.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\74105433.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42534003.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\74105433.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 07:00 - 2016-02-01 13:28 - 000449906 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 15464 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021933484\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021934859\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-299502267-1336601894-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Erik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-299502267-1336601894-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017021936140\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Erik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-299502267-1336601894-839522115-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-299502267-1336601894-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12012017022008578\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 75.75.76.76 - 75.75.75.75
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe] => Enabled:CyberLink PowerDVD 9.0
StandardProfile\AuthorizedApplications: [C:\Program Files\adawaretb\dtUser.exe] => Enabled:Ad-Aware Security Toolbar DTX Broker
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Erik\Application Data\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe] => Enabled:Google Talk Plugin
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\launch4j-tmp\MegaMek.exe] => Disabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Disabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management

==================== Restore Points =========================

02-09-2017 03:35:49 System Checkpoint
03-09-2017 03:47:27 System Checkpoint
04-09-2017 07:39:36 System Checkpoint
05-09-2017 08:17:25 System Checkpoint
06-09-2017 08:42:53 System Checkpoint
07-09-2017 09:47:26 System Checkpoint
08-09-2017 12:17:37 System Checkpoint
09-09-2017 13:28:46 System Checkpoint
10-09-2017 16:49:20 System Checkpoint
11-09-2017 17:39:03 System Checkpoint
12-09-2017 18:15:54 System Checkpoint
13-09-2017 19:45:20 System Checkpoint
14-09-2017 18:00:17 Software Distribution Service 3.0
15-09-2017 20:25:25 System Checkpoint
16-09-2017 22:25:10 System Checkpoint
18-09-2017 01:38:29 System Checkpoint
19-09-2017 03:34:44 System Checkpoint
20-09-2017 15:12:23 System Checkpoint
21-09-2017 16:05:41 System Checkpoint
22-09-2017 17:43:37 System Checkpoint
23-09-2017 23:07:03 System Checkpoint
25-09-2017 05:56:35 System Checkpoint
26-09-2017 06:08:07 System Checkpoint
27-09-2017 15:20:23 System Checkpoint
28-09-2017 15:47:57 System Checkpoint
29-09-2017 15:48:11 System Checkpoint
30-09-2017 15:48:16 System Checkpoint
01-10-2017 18:12:00 System Checkpoint
02-10-2017 18:16:55 System Checkpoint
03-10-2017 18:48:17 System Checkpoint
04-10-2017 18:52:26 System Checkpoint
05-10-2017 18:56:52 System Checkpoint
06-10-2017 20:19:33 System Checkpoint
07-10-2017 20:24:20 System Checkpoint
08-10-2017 21:48:28 System Checkpoint
09-10-2017 23:18:28 System Checkpoint
11-10-2017 00:48:28 System Checkpoint
12-10-2017 02:18:28 System Checkpoint
12-10-2017 09:55:59 Software Distribution Service 3.0
13-10-2017 22:17:31 System Checkpoint
15-10-2017 00:45:45 System Checkpoint
16-10-2017 01:02:40 System Checkpoint
17-10-2017 02:42:43 System Checkpoint
18-10-2017 03:20:00 System Checkpoint
19-10-2017 21:57:02 System Checkpoint
21-10-2017 01:05:36 System Checkpoint
22-10-2017 01:17:20 System Checkpoint
23-10-2017 02:12:00 System Checkpoint
24-10-2017 02:18:50 System Checkpoint
25-10-2017 04:02:20 System Checkpoint
26-10-2017 08:54:49 System Checkpoint
27-10-2017 08:55:29 System Checkpoint
28-10-2017 09:03:22 System Checkpoint
29-10-2017 11:17:39 System Checkpoint
30-10-2017 11:19:03 System Checkpoint
31-10-2017 11:35:12 System Checkpoint
01-11-2017 12:14:24 System Checkpoint
02-11-2017 13:49:46 System Checkpoint
03-11-2017 17:53:03 System Checkpoint
04-11-2017 19:24:13 System Checkpoint
05-11-2017 19:43:58 System Checkpoint
06-11-2017 21:22:17 System Checkpoint
07-11-2017 22:16:17 System Checkpoint
09-11-2017 04:18:30 System Checkpoint
10-11-2017 08:25:54 System Checkpoint
11-11-2017 08:31:54 System Checkpoint
12-11-2017 10:12:04 System Checkpoint
13-11-2017 11:19:24 System Checkpoint
14-11-2017 12:19:22 System Checkpoint
17-11-2017 04:26:13 Restore Operation
21-11-2017 02:14:51 System Checkpoint
22-11-2017 07:14:42 System Checkpoint
23-11-2017 11:11:43 System Checkpoint
26-11-2017 14:23:07 System Checkpoint
27-11-2017 18:21:53 System Checkpoint
29-11-2017 19:32:20 System Checkpoint
30-11-2017 20:38:33 Software Distribution Service 3.0

==================== Faulty Device Manager Devices =============

Name: NVIDIA nForce 10/100 Mbps Ethernet
Description: NVIDIA nForce Networking Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service: NVENETFD
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2017 04:29:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application realplay.exe, version 16.0.3.51, faulting module unknown, version 0.0.0.0, fault address 0x0787ceb0.
Processing media-specific event for [realplay.exe!ws!]

Error: (11/22/2017 02:55:42 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/22/2017 02:55:42 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/20/2017 11:55:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application tvp.exe, version 1.3.7.1208, faulting module tvpskin.dll, version 1.3.7.923, fault address 0x000075c7.
Processing media-specific event for [tvp.exe!ws!]

Error: (11/19/2017 04:15:18 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/19/2017 04:15:16 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/16/2017 10:51:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Paint Shop Pro.exe, version 8.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/23/2017 03:37:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Paint Shop Pro.exe, version 8.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/18/2017 11:32:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application anim.exe, version 3.0.0.4, faulting module anim.exe, version 3.0.0.4, fault address 0x0008530a.
Processing media-specific event for [anim.exe!ws!]

Error: (09/18/2017 11:31:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application anim.exe, version 3.0.0.4, faulting module anim.exe, version 3.0.0.4, fault address 0x0008530a.
Processing media-specific event for [anim.exe!ws!]


System errors:
=============
Error: (11/30/2017 08:53:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ad-Aware Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/30/2017 08:50:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/30/2017 08:50:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wacom Professional Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/30/2017 08:42:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/30/2017 08:42:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (11/30/2017 08:42:24 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1053 = The service did not respond to the start or control request in a timely fashion." attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (11/30/2017 08:35:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/30/2017 08:35:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (11/30/2017 08:35:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/30/2017 12:25:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Server service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor: AMD Sempron™ Processor LE-1300
Percentage of memory in use: 70%
Total physical RAM: 1982.42 MB
Available physical RAM: 591.24 MB
Total Virtual: 3875.72 MB
Available Virtual: 1931.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149 GB) (Free:60.79 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:31 PM

Posted 02 December 2017 - 05:13 PM

Greetings atomicsocks and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at BleepingComputer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.
 

A particular svchost process is using up all the processing power

After running the Fixlist below please identify the PID number of the svchost.exe entry using all the resources.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated..

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-299502267-1336601894-839522115-1003 -> DefaultScope {D09E087D-9155-4494-B06E-E21B7FBA18C3} URL =
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB}
BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c}
S3 catchme; \??\C:\DOCUME~1\Erik\LOCALS~1\Temp\catchme.sys
S4 IntelIde; no ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.30.3\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.31.5\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.28.1\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.29.5\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.32.7\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.29.2\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.28.15\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll 
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll 
cmd: sc query CryptSvc
cmd: tasklist /m /fi "IMAGENAME eq svchost.exe"
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search: box
spoolsv.exe
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • PID number
  • Fixlog
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 03 December 2017 - 12:50 PM

Hiya Gary! I'm the-poor-schlub-who-should-have-bought-a-new-computer-but-was-too-cheap, but you can call me Erik. :hello:

Haven't used the P2P stuff in years so I'll probably dump it after dealing with this.
This is a secondhand computer so I don't have the admin password but I think my current profile has admin privileges. Will that work or have I boned myself?

Well, here's hoping.

 

Did the stuff, here's what it said.

Fix result of Farbar Recovery Scan Tool (x86) Version: 30-11-2017
Ran by Erik (03-12-2017 12:23:48) Run:2
Running from C:\Documents and Settings\Erik\Desktop
Loaded Profiles: Erik & Administrator (Available Profiles: Erik & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-299502267-1336601894-839522115-1003 -> DefaultScope {D09E087D-9155-4494-B06E-E21B7FBA18C3} URL =
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB}
BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c}
S3 catchme; \??\C:\DOCUME~1\Erik\LOCALS~1\Temp\catchme.sys
S4 IntelIde; no ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe"
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe"
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe"
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.30.3\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.31.5\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.28.1\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.29.5\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.32.7\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.29.2\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.28.15\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe"
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.33.7\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll
CustomCLSID: HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll
cmd: sc query CryptSvc
cmd: tasklist /m /fi "IMAGENAME eq svchost.exe"
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-299502267-1336601894-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} => key not found
HKLM\Software\Classes\CLSID\BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} => key not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} => key not found
HKLM\Software\Classes\CLSID\BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} => key not found
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully.
catchme => service removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\Lavasoft Kernexplorer => key removed successfully.
Lavasoft Kernexplorer => service removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93} => key removed successfully.
HKU\S-1-5-21-299502267-1336601894-839522115-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key removed successfully.

========= sc query CryptSvc =========


SERVICE_NAME: CryptSvc
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0    (0x0)
        SERVICE_EXIT_CODE  : 0    (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

========= End of CMD: =========


========= tasklist /m /fi "IMAGENAME eq svchost.exe" =========


Image Name                   PID Modules                                      
========================= ====== =============================================
svchost.exe                 1188 ntdll.dll, kernel32.dll, ADVAPI32.dll,       
                                 RPCRT4.dll, Secur32.dll, ShimEng.dll,        
                                 AcGenral.DLL, USER32.dll, GDI32.dll,         
                                 WINMM.dll, ole32.dll, msvcrt.dll,            
                                 OLEAUT32.dll, MSACM32.dll, VERSION.dll,      
                                 SHELL32.dll, SHLWAPI.dll, USERENV.dll,       
                                 UxTheme.dll, IMM32.DLL, serwvdrv.dll,        
                                 umdmxfrm.dll, comctl32.dll, comctl32.dll,    
                                 NTMARTA.DLL, SAMLIB.dll, WLDAP32.dll,        
                                 rpcss.dll, WS2_32.dll, WS2HELP.dll,          
                                 xpsp2res.dll, CLBCATQ.DLL, COMRes.dll,       
                                 termsrv.dll, ICAAPI.dll, SETUPAPI.dll,       
                                 WINTRUST.dll, CRYPT32.dll, MSASN1.dll,       
                                 IMAGEHLP.dll, AUTHZ.dll, mstlsapi.dll,       
                                 ACTIVEDS.dll, adsldpc.dll, NETAPI32.dll,     
                                 ATL.DLL, REGAPI.dll, rsaenh.dll,             
                                 Apphelp.dll, WTSAPI32.dll, WINSTA.dll,       
                                 msv1_0.dll, cryptdll.dll, iphlpapi.dll,      
                                 msi.dll                                      
svchost.exe                 1248 ntdll.dll, kernel32.dll, ADVAPI32.dll,       
                                 RPCRT4.dll, Secur32.dll, ShimEng.dll,        
                                 AcGenral.DLL, USER32.dll, GDI32.dll,         
                                 WINMM.dll, ole32.dll, msvcrt.dll,            
                                 OLEAUT32.dll, MSACM32.dll, VERSION.dll,      
                                 SHELL32.dll, SHLWAPI.dll, USERENV.dll,       
                                 UxTheme.dll, IMM32.DLL, serwvdrv.dll,        
                                 umdmxfrm.dll, comctl32.dll, comctl32.dll,    
                                 rpcss.dll, WS2_32.dll, WS2HELP.dll,          
                                 xpsp2res.dll, rsaenh.dll, mswsock.dll,       
                                 hnetcfg.dll, wshtcpip.dll, DNSAPI.dll,       
                                 iphlpapi.dll, winrnr.dll, WLDAP32.dll,       
                                 rasadhlp.dll, CLBCATQ.DLL, COMRes.dll,       
                                 msi.dll                                      
svchost.exe                 1288 ntdll.dll, kernel32.dll, ADVAPI32.dll,       
                                 RPCRT4.dll, Secur32.dll, ShimEng.dll,        
                                 AcGenral.DLL, USER32.dll, GDI32.dll,         
                                 WINMM.dll, ole32.dll, msvcrt.dll,            
                                 OLEAUT32.dll, MSACM32.dll, VERSION.dll,      
                                 SHELL32.dll, SHLWAPI.dll, USERENV.dll,       
                                 UxTheme.dll, IMM32.DLL, serwvdrv.dll,        
                                 umdmxfrm.dll, comctl32.dll, comctl32.dll,    
                                 NTMARTA.DLL, SAMLIB.dll, WLDAP32.dll,        
                                 xpsp2res.dll, shsvcs.dll, WINSTA.dll,        
                                 NETAPI32.dll, rsaenh.dll, dhcpcsvc.dll,      
                                 DNSAPI.dll, WS2_32.dll, WS2HELP.dll,         
                                 iphlpapi.dll, wzcsvc.dll, rtutils.dll,       
                                 WMI.dll, CRYPT32.dll, MSASN1.dll,            
                                 EapolQec.dll, ATL.DLL, QUtil.dll,            
                                 MSVCP60.dll, dot3api.dll, WTSAPI32.dll,      
                                 ESENT.dll, CLBCATQ.DLL, COMRes.dll,          
                                 rastls.dll, CRYPTUI.dll, WININET.dll,        
                                 Normaliz.dll, urlmon.dll, iertutil.dll,      
                                 WINTRUST.dll, IMAGEHLP.dll, MPRAPI.dll,      
                                 ACTIVEDS.dll, adsldpc.dll, SETUPAPI.dll,     
                                 RASAPI32.dll, rasman.dll, TAPI32.dll,        
                                 SCHANNEL.dll, WinSCard.dll, PSAPI.DLL,       
                                 raschap.dll, msv1_0.dll, cryptdll.dll,       
                                 schedsvc.dll, NTDSAPI.dll, MSIDLE.DLL,       
                                 audiosrv.dll, wkssvc.dll, qmgr.dll, MPR.dll,
                                 SHFOLDER.dll, WINHTTP.dll, mswsock.dll,      
                                 hnetcfg.dll, wshtcpip.dll, netman.dll,       
                                 netshell.dll, credui.dll, dot3dlg.dll,       
                                 OneX.DLL, eappcfg.dll, eappprxy.dll,         
                                 WZCSAPI.DLL, cryptsvc.dll, certcli.dll,      
                                 dmserver.dll, ersvc.dll, es.dll, pchsvc.dll,
                                 srvsvc.dll, hidserv.dll, HID.DLL,            
                                 seclogon.dll, sens.dll, srsvc.dll,           
                                 POWRPROF.dll, browser.dll, wuauserv.dll,     
                                 wmisvc.dll, VSSAPI.DLL, wuaueng.dll,         
                                 WINSPOOL.DRV, Cabinet.dll, mspatcha.dll,     
                                 w32time.dll, trkwks.dll, sfc.dll,            
                                 sfc_os.dll, SXS.DLL, comsvcs.dll,            
                                 colbact.DLL, MTXCLU.DLL, WSOCK32.dll,        
                                 CLUSAPI.DLL, RESUTILS.DLL, Apphelp.dll,      
                                 wups2.dll, ipnathlp.dll, AUTHZ.dll,          
                                 wscsvc.dll, msi.dll, wbemcomn.dll,           
                                 wbemcore.dll, esscli.dll, FastProx.dll,      
                                 tapisrv.dll, rasmans.dll, WINIPSEC.DLL,      
                                 netcfgx.dll, wmiutils.dll, repdrvfs.dll,     
                                 rasadhlp.dll, rastapi.dll, wmiprvsd.dll,     
                                 NCObjAPI.DLL, unimdm.tsp, uniplat.dll,       
                                 wbemess.dll, unimdmat.dll, modemui.dll,      
                                 kmddsp.tsp, ndptsp.tsp, ipconf.tsp,          
                                 h323.tsp, ncprov.dll, hidphone.tsp,          
                                 rasppp.dll, ntlsapi.dll, kerberos.dll,       
                                 RASQEC.DLL, upnp.dll, SSDPAPI.dll,           
                                 msxml3.dll, RASDLG.dll, winrnr.dll,          
                                 dssenh.dll, catsrvut.dll, catsrv.dll,        
                                 MfcSubs.dll, cryptnet.dll, SensApi.dll,      
                                 advpack.dll, mlang.dll, xmlprovi.dll,        
                                 wbemsvc.dll, wbemcons.dll                    
svchost.exe                 1440 ntdll.dll, kernel32.dll, ADVAPI32.dll,       
                                 RPCRT4.dll, Secur32.dll, ShimEng.dll,        
                                 AcGenral.DLL, USER32.dll, GDI32.dll,         
                                 WINMM.dll, ole32.dll, msvcrt.dll,            
                                 OLEAUT32.dll, MSACM32.dll, VERSION.dll,      
                                 SHELL32.dll, SHLWAPI.dll, USERENV.dll,       
                                 UxTheme.dll, IMM32.DLL, serwvdrv.dll,        
                                 umdmxfrm.dll, comctl32.dll, comctl32.dll,    
                                 dnsrslvr.dll, DNSAPI.dll, WS2_32.dll,        
                                 WS2HELP.dll, iphlpapi.dll, rsaenh.dll,       
                                 mswsock.dll, hnetcfg.dll, wshtcpip.dll       
svchost.exe                 1748 ntdll.dll, kernel32.dll, ADVAPI32.dll,       
                                 RPCRT4.dll, Secur32.dll, ShimEng.dll,        
                                 AcGenral.DLL, USER32.dll, GDI32.dll,         
                                 WINMM.dll, ole32.dll, msvcrt.dll,            
                                 OLEAUT32.dll, MSACM32.dll, VERSION.dll,      
                                 SHELL32.dll, SHLWAPI.dll, USERENV.dll,       
                                 UxTheme.dll, IMM32.DLL, serwvdrv.dll,        
                                 umdmxfrm.dll, comctl32.dll, comctl32.dll,    
                                 NTMARTA.DLL, SAMLIB.dll, WLDAP32.dll,        
                                 xpsp2res.dll, lmhsvc.dll, iphlpapi.dll,      
                                 WS2_32.dll, WS2HELP.dll, ssdpsrv.dll,        
                                 hnetcfg.dll, CLBCATQ.DLL, COMRes.dll,        
                                 mswsock.dll, wshtcpip.dll                    
svchost.exe                  500 ntdll.dll, kernel32.dll, ADVAPI32.dll,       
                                 RPCRT4.dll, Secur32.dll, ShimEng.dll,        
                                 AcGenral.DLL, USER32.dll, GDI32.dll,         
                                 WINMM.dll, ole32.dll, msvcrt.dll,            
                                 OLEAUT32.dll, MSACM32.dll, VERSION.dll,      
                                 SHELL32.dll, SHLWAPI.dll, USERENV.dll,       
                                 UxTheme.dll, IMM32.DLL, serwvdrv.dll,        
                                 umdmxfrm.dll, comctl32.dll, comctl32.dll,    
                                 NTMARTA.DLL, SAMLIB.dll, WLDAP32.dll,        
                                 xpsp2res.dll, webclnt.dll, WININET.dll,      
                                 Normaliz.dll, urlmon.dll, iertutil.dll,      
                                 WS2_32.dll, WS2HELP.dll                      

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 15012 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 363742 B
Java, Flash, Steam htmlcache => 46056 B
Windows/system/dllcache/drivers => 1877047 B
Edge => 0 B
Chrome => 406647 B
Firefox => 274368790 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66164 B
All Users => 0 B
systemprofile => 128809062 B
LocalService => 178553 B
NetworkService => 369493251 B
Erik => 10241260185 B
Administrator => 49595 B

RecycleBin => 4090498 B
EmptyTemp: => 10.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:27:08 ====



Farbar Recovery Scan Tool (x86) Version: 30-11-2017
Ran by Erik (03-12-2017 12:44:35)
Running from C:\Documents and Settings\Erik\Desktop
Boot Mode: Normal

================== Search Files: "spoolsv.exe" =============

C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2011-12-28 10:03][2008-04-14 05:42] 000057856 ____N (Microsoft Corporation) D8E14A61ACC1D4A6CD0D38AEBAC7FA3B [File is digitally signed]

C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2012-04-11 05:29][2010-08-17 08:17] 000058880 _____ (Microsoft Corporation) 60784F891563FB1B767F70117FC2428F [File is digitally signed]

C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2011-12-28 12:30][2008-04-14 05:42] 000057856 ____C (Microsoft Corporation) D8E14A61ACC1D4A6CD0D38AEBAC7FA3B [File is digitally signed]

C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2011-12-28 10:00][2004-08-04 07:00] 000057856 ____C (Microsoft Corporation) 7435B108B935E42EA92CA94F59C8E717 [File is digitally signed]

C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010-08-17 08:19][2010-08-17 08:19] 000058880 _____ (Microsoft Corporation) 258DD5D4283FD9F9A7166BE9AE45CE73 [File is digitally signed]


====== End of Search ======

 

 

 

Edit: Apparently this helped because my computer is back up to it's previous speed. Could it have been that easy?


Edited by atomicsocks, 03 December 2017 - 03:25 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:31 PM

Posted 03 December 2017 - 05:11 PM

Hi Erik,

Can you tell me if you have been having difficulty printing from this computer, if you have tried that?

Sorry for the Admin confusion. Windows XP runs as an Admin automatically.

Does back up to speed mean the svchost.exe issue has returned to normal?

Well, maybe easy on your end! :)

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
Replace: C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe C:\windows\system32\spoolsv.exe
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Print?
  • svchost.exe?
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 04 December 2017 - 06:07 PM

I've never had this computer hooked up to a printer so I wouldn't know if that works.

By "running at normal speed" I mean it's a tiny bit sluggish now and then but that's probably because this thing is around ten years old.
It got horribly bad for the last few weeks where it would be almost frozen for up to ten minutes at a time.

 

Whatever it is that you gave me seems to have fixed that issue so it's back to only being a tad slow now and then rather than borderline nonfunctional.

So far as I can tell the svchost issue is fixed since none of the ones listed in the task manager are overusing resources.


Fix result of Farbar Recovery Scan Tool (x86) Version: 30-11-2017
Ran by Erik (04-12-2017 17:54:33) Run:3
Running from C:\Documents and Settings\Erik\Desktop
Loaded Profiles: Erik (Available Profiles: Erik & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Replace: C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe C:\windows\system32\spoolsv.exe

*****************

"C:\windows\system32\spoolsv.exe" => not found
C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe copied successfully to C:\windows\system32\spoolsv.exe

==== End of Fixlog 17:54:33 ====



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:31 PM

Posted 04 December 2017 - 06:47 PM

Greetings,

Thank you for explaining.

One of the files necessary to print was missing so we installed it to where it belongs.

Please do this now.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 06 December 2017 - 04:25 PM

It said no threats found and my computer seems to be fine now.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:31 PM

Posted 06 December 2017 - 04:34 PM

Excellent, looks like we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:31 PM

Posted 07 December 2017 - 09:35 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users