Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo Provided Search Is Out Of Date popup


  • Please log in to reply
22 replies to this topic

#1 edinnyc1

edinnyc1

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 03 April 2018 - 04:27 AM

I get an annoying popup at all times on this old laptop.  

 

Attached File  malwareerror.JPG   21.88KB   0 downloads

 

AVG finds something that it can't remove.

 

Attached File  AVG.JPG   35.92KB   0 downloads

 

Thanks in advance for your help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by Ed (administrator) on LENOVO-42C241A7 (03-04-2018 05:00:07)
Running from C:\Documents and Settings\Ed\My Documents\Downloads
Loaded Profiles: Ed (Available Profiles: Bill & Ed & Ana & Ed 2 & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\WINDOWS\system32\ibmpmsvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Lenovo Group Limited) C:\WINDOWS\system32\IPSSVC.EXE
() C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
( ) C:\Program Files\Lenovo\System Update\SUService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo.) C:\WINDOWS\system32\TPHDEXLG.exe
() C:\WINDOWS\system32\TpKmpSvc.exe
(IBM) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
() C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
() C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Atheros) C:\WINDOWS\system32\acs.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Lenovo Group Limited) C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
() C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Lenovo Group Limited) C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.EXE
(LENOVO) C:\Program Files\ThinkVantage\AMSG\Amsg.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(InstallShield Software Corporation) C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
() C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
() C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Google Inc.) C:\Program Files\Picasa2\PicasaMediaDetector.exe
(Utimaco Safeware AG) C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG9\avgtray.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Microsoft Office\Office\OSA.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Diamond Mind, Inc.) C:\dmb11\baseball.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [237568 2006-02-23] (Lenovo Group Limited)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [716800 2005-05-06] (Analog Devices, Inc.)
HKLM\...\Run: [LPManager] => C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [110592 2006-07-04] (Lenovo Group Limited)
HKLM\...\Run: [AMSG] => C:\Program Files\ThinkVantage\AMSG\Amsg.exe [487424 2005-11-14] (LENOVO)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2006-02-02] (Sonic Solutions)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [AwaySch] => C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [69632 2006-08-16] (Lenovo Group Limited)
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [409600 2006-08-26] ()
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [110592 2006-08-26] ()
HKLM\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [421888 2006-03-15] (Google Inc.)
HKLM\...\Run: [PDService.exe] => C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe [41472 2006-03-13] (Utimaco Safeware AG)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2341632 2006-07-14] (Lenovo Group Limited)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2079792 2018-03-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-07-13] (Apple Inc.)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM\...\Run: [CitrixReceiver] => "C:\Documents and Settings\All Users\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [827232 2018-03-24] ()
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [Binkiland] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\DOCUME~1\Ed\APPLIC~1\Binkiland\UpdateProc\bkup.dat"
Winlogon\Notify\ACNotify: C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2006-08-26] ()
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-09-12] (ATI Technologies Inc.)
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll [2018-03-24] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AwayNotify: C:\Program Files\Lenovo\AwayTask\AwayNotify.dll [2006-08-16] (Lenovo Group Limited)
Winlogon\Notify\NavLogon: 
Winlogon\Notify\psfus: C:\WINDOWS\system32\psqlpwd.dll [2006-04-25] (UPEK Inc.)
Winlogon\Notify\tpfnf2: C:\WINDOWS\system32\notifyf2.dll [2005-07-05] ()
Winlogon\Notify\tphotkey: C:\WINDOWS\system32\tphklock.dll [2005-11-30] ()
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-06-08] (Google Inc.)
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\...\RunOnce: [Binkiland] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\DOCUME~1\Ed\APPLIC~1\Binkiland\UpdateProc\bkup.dat"
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\...\Policies\Explorer: [_NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\...\MountPoints2: {40dc215f-5849-11de-a692-0016cfb27e7b} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\...\MountPoints2: {68c8ec49-d037-11e5-8744-0016cfe0e705} - F:\Autorun.exe
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\...\MountPoints2: {6c17a48a-b10c-11de-a710-0016cfb27e7b} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\...\MountPoints2: {8c3e90cf-5a32-11de-a697-0016cfb27e7b} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\...\MountPoints2: {e2d6370e-54a6-11de-a688-0016cfb27e7b} - E:\LaunchU3.exe
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\...\MountPoints2: {fe8381c8-7d66-11e4-86bf-0016cfb27e7b} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmarque.scr [20992 2008-04-14] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [135168 2009-02-05] (Google)
AppInit_DLLs: ,C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll => C:\Program Files\Citrix\ICA Client\RSHook.dll [255936 2011-08-11] (Citrix Systems, Inc.)
Lsa: [Notification Packages] scecli psqlpwd ACGina
Startup: C:\Documents and Settings\Ed\Start Menu\Programs\Startup\Office Startup.lnk [2009-06-09]
ShortcutTarget: Office Startup.lnk -> C:\Program Files\Microsoft Office\Office\OSA.EXE ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.6.1 64.134.255.2 64.134.255.10
Tcpip\..\Interfaces\{70BF148E-3169-4951-92B1-0FA9B650009C}: [DhcpNameServer] 192.168.6.1 64.134.255.2 64.134.255.10
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://binkiland.com/?f=1&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
URLSearchHook: HKU\S-1-5-21-1926703586-1828195735-1695045918-1007 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://isearch.avg.com/tab?cid={C07CAA34-BE14-4BC7-A0D8-5525579E19F5}&mid=4f8a70d232670ecc3c51339fb3fc97ac-bde837214e0fecef59cbbe18c707454cd751203e&lang=us&ds=AVG&pr=&d=2018-03-24 15:27:44&v=9.0.0.18&sap=nt" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
SearchScopes: HKU\.DEFAULT -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1926703586-1828195735-1695045918-1007 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
SearchScopes: HKU\S-1-5-21-1926703586-1828195735-1695045918-1007 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={C07CAA34-BE14-4BC7-A0D8-5525579E19F5}&mid=4f8a70d232670ecc3c51339fb3fc97ac-bde837214e0fecef59cbbe18c707454cd751203e&lang=us&ds=AVG&pr=&d=2018-03-24 15:27:44&v=9.0.0.18&sap=dsp&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO: Citrix URL-Redirection Helper -> {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} -> C:\Program Files\Citrix\ICA Client\IEInterceptor.dll [2013-10-01] (Citrix Systems, Inc.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG9\avgssie.dll [2011-01-16] (AVG Technologies CZ, s.r.o.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-02-02] (Sonic Solutions)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-07-19] (Oracle Corporation)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll [2018-03-24] ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-02] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: FrostWire Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
BHO: CPwmIEBrowserHelper Object -> {F040E541-A427-4CF7-85D8-75E3E0F476C5} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2006-07-14] (Lenovo Group Limited)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-02] (Google Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll [2018-03-24] ()
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1926703586-1828195735-1695045918-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1926703586-1828195735-1695045918-1007 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1926703586-1828195735-1695045918-1007 -> FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1233869512829
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} hxxps://mydesk-hq02.morganstanley.com/prx/000/http/rc.ms.com:8180/mdp/prod/common/htdocs/SPX/2.3.0.10/TerminalSvcsTCS.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {F6A553B1-4B5F-4974-866F-98C1D1EBD3DE} hxxps://mydesk-hq02.morganstanley.com/prx/000/http/rc.ms.com:8180/mdp/prod/common/htdocs/SPX/c2.2.0.11/CPubAppsTCS.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll [2010-07-16] (AVG Technologies CZ, s.r.o.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll [2018-03-24] ()
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default [2018-04-02]
FF Homepage: C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default -> hxxp://www.google.com/
FF Extension: (Youtube mp3|mp4 Downloader) - C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\Extensions\@youtube_downloader.xpi [2017-10-15] [Legacy]
FF Extension: (convert2mp3.net YouTube2MP3 Converter) - C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\Extensions\info@convert2mp3.net.xpi [2017-07-14] [Legacy]
FF Extension: (YouTube mp3) - C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\Extensions\info@youtube-mp3.org.xpi [2017-11-05] [Legacy]
FF Extension: (FrostWire Toolbar) - C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\Extensions\toolbar@ask.com [2009-11-15] [Legacy] [not signed]
FF Extension: (Youtube MP3 Podcaster) - C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2017-04-23] [Legacy]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2017-07-14] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-07] [Legacy]
FF Extension: (YouTube Video Download & Convert) - C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\Extensions\{e8deb9e5-5688-4655-838a-b7a121a9f16e}.xpi [2017-10-15]
FF Extension: (AVG Security Toolbar) - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.18 [2018-03-24] [Legacy] [not signed]
FF SearchPlugin: C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\searchplugins\askcom.xml [2009-11-15]
FF SearchPlugin: C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\searchplugins\Binkiland.xml [2015-02-25]
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF Extension: (AVG Safe Search) - C:\Program Files\AVG\AVG9\Firefox [2018-03-24] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF Extension: (AVG Security Toolbar) - C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011-05-07] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.18
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2009-10-09] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2009-10-09] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll [2010-03-22] (Veetle Inc)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.17 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2010-03-17] (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.17 -> C:\Program Files\Veetle\Player\npvlc.dll [2010-03-22] (Veetle Inc)
FF Plugin: @virtools.com/3DviaPlayer -> C:\Program Files\Virtools\3D Life Player\npvirtools.dll [2009-11-14] (Dassault Systèmes)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-07-10]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-01-30]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-07-25]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-01-30]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-04-03]
CHR Extension: (No Name) - C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02]
CHR Extension: (No Name) - C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-09]
CHR Extension: (No Name) - C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-02-12]
CHR Extension: (No Name) - C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-09]
CHR Extension: (No Name) - C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (No Name) - C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-21]
CHR HKLM\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AcPrfMgrSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [49152 2006-08-26] () [File not signed]
R3 ACS; C:\WINDOWS\system32\acs.exe [360533 2006-07-15] (Atheros) [File not signed]
R2 AcSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [167936 2006-08-26] (Lenovo) [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-03-13] (Adobe Systems Incorporated) [File not signed]
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [413696 2006-09-12] (ATI Technologies Inc.) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2018-03-24] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
R3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
R2 BthServ; C:\WINDOWS\System32\bthserv.dll [30208 2008-04-14] (Microsoft Corporation) [File not signed]
R2 btwdins; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [266295 2006-05-31] (Broadcom Corporation.) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
S3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
R3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
R2 IBMPMSVC; C:\WINDOWS\system32\ibmpmsvc.exe [73782 2005-11-10] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 IPSSVC; C:\WINDOWS\system32\IPSSVC.EXE [73728 2006-08-16] (Lenovo Group Limited) [File not signed]
R2 Irmon; C:\WINDOWS\System32\irmon.dll [28160 2008-04-14] (Microsoft Corporation) [File not signed]
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51824 2016-01-21] (Microsoft) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 PsaSrv; C:\WINDOWS\system32\PsaSrv.exe [23552 2006-07-11] () [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SUService; c:\program files\lenovo\system update\suservice.exe [15872 2006-07-11] ( ) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [629504 2006-07-14] ()
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TPHDEXLGSVC; C:\WINDOWS\System32\TPHDEXLG.EXE [77824 2005-06-20] (Lenovo.) [File not signed]
R2 TpKmpSVC; C:\WINDOWS\system32\TpKmpSVC.exe [32768 2005-06-07] () [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [723712 2006-07-14] (IBM)
R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1974272 2006-07-14] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [950272 2006-07-14] (Lenovo Group Limited) [File not signed]
R2 tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [45056 2006-07-14] () [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [855904 2018-03-24] ()
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27648 2006-08-24] (Microsoft Corporation) [File not signed]
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
S2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) [File not signed]
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation) [File not signed]
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation) [File not signed]
R0 ACPIEC; C:\WINDOWS\System32\DRIVERS\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation) [File not signed]
R3 ADIHdAudAddService; C:\WINDOWS\System32\drivers\ADIHdAud.sys [176128 2006-01-30] (Analog Devices, Inc.) [File not signed]
S4 adpu160m; C:\WINDOWS\system32\DRIVERS\adpu160m.sys [101888 2001-08-17] (Microsoft Corporation) [File not signed]
R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [93824 2006-04-26] (Andrea Electronics Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-14] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
S4 agp440; C:\WINDOWS\system32\DRIVERS\agp440.sys [42368 2008-04-14] (Microsoft Corporation) [File not signed]
S4 agpCPQ; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [44928 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Aha154x; C:\WINDOWS\system32\DRIVERS\aha154x.sys [12800 2001-08-17] (Microsoft Corporation) [File not signed]
S4 aic78u2; C:\WINDOWS\system32\DRIVERS\aic78u2.sys [55168 2001-08-17] (Microsoft Corporation) [File not signed]
S4 aic78xx; C:\WINDOWS\system32\DRIVERS\aic78xx.sys [56960 2001-08-17] (Microsoft Corporation) [File not signed]
S4 AliIde; C:\WINDOWS\system32\DRIVERS\aliide.sys [5248 2001-08-17] (Acer Laboratories Inc.) [File not signed]
S4 alim1541; C:\WINDOWS\system32\DRIVERS\alim1541.sys [42752 2008-04-14] (Microsoft Corporation) [File not signed]
S4 amdagp; C:\WINDOWS\system32\DRIVERS\amdagp.sys [43008 2008-04-14] (Advanced Micro Devices, Inc.) [File not signed]
S4 amsint; C:\WINDOWS\system32\DRIVERS\amsint.sys [12032 2001-08-17] (Microsoft Corporation) [File not signed]
R1 ANC; C:\WINDOWS\System32\drivers\ANC.SYS [11520 2005-11-08] (IBM Corp.) [File not signed]
R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [508672 2006-07-13] (Atheros Communications, Inc.) [File not signed]
S4 asc; C:\WINDOWS\system32\DRIVERS\asc.sys [26496 2001-08-17] (Advanced System Products, Inc.) [File not signed]
S4 asc3350p; C:\WINDOWS\system32\DRIVERS\asc3350p.sys [22400 2001-08-17] (Microsoft Corporation) [File not signed]
S4 asc3550; C:\WINDOWS\system32\DRIVERS\asc3550.sys [14848 2001-08-17] (Advanced System Products, Inc.) [File not signed]
R3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [1724416 2006-09-12] (ATI Technologies Inc.) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation) [File not signed]
R3 atmeltpm; C:\WINDOWS\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R1 AvgLdx86; C:\WINDOWS\System32\Drivers\avgldx86.sys [226016 2018-03-24] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [29712 2018-03-24] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\WINDOWS\System32\Drivers\avgtdix.sys [243152 2018-03-24] (AVG Technologies CZ, s.r.o.)
R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 BthEnum; C:\WINDOWS\System32\DRIVERS\BthEnum.sys [17024 2008-04-14] (Microsoft Corporation) [File not signed]
R3 BthPan; C:\WINDOWS\System32\DRIVERS\bthpan.sys [101120 2008-04-14] (Microsoft Corporation) [File not signed]
S3 BTHPORT; C:\WINDOWS\System32\Drivers\BTHport.sys [272128 2008-06-13] (Microsoft Corporation) [File not signed]
R3 BTHUSB; C:\WINDOWS\System32\Drivers\BTHUSB.sys [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [851434 2006-05-31] (Broadcom Corporation.) [File not signed]
S4 cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation) [File not signed]
S4 cd20xrnt; C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys [7680 2001-08-17] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [13952 2008-04-14] (Microsoft Corporation) [File not signed]
S4 CmdIde; C:\WINDOWS\system32\DRIVERS\cmdide.sys [6656 2001-08-17] (CMD Technology, Inc.) [File not signed]
R0 Compbatt; C:\WINDOWS\System32\DRIVERS\compbatt.sys [10240 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Cpqarray; C:\WINDOWS\system32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation) [File not signed]
S4 dac2w2k; C:\WINDOWS\system32\DRIVERS\dac2w2k.sys [179584 2001-08-17] (Mylex Corporation) [File not signed]
S4 dac960nt; C:\WINDOWS\system32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2006-02-02] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2006-02-02] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2006-02-02] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2006-02-02] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2006-02-02] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2006-02-02] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2006-02-02] (Sonic Solutions) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation) [File not signed]
S4 dpti2o; C:\WINDOWS\system32\DRIVERS\dpti2o.sys [20192 2001-08-17] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89472 2006-03-01] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-11-18] (Sonic Solutions) [File not signed]
S3 E100B; C:\WINDOWS\System32\DRIVERS\e100b325.sys [117760 2001-08-17] (Intel Corporation) [File not signed]
R3 e1express; C:\WINDOWS\System32\DRIVERS\e1e5132.sys [181760 2006-04-20] (Intel Corporation) [File not signed]
R2 EGATHDRV; C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [5427 2018-04-02] (IBM Corporation) [File not signed]
S4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-14] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2001-08-17] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider) [File not signed]
S4 hpn; C:\WINDOWS\system32\DRIVERS\hpn.sys [25952 2001-08-17] (Microsoft Corporation) [File not signed]
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\hsx_dpv.sys [936448 2005-12-05] (Conexant Systems, Inc.) [File not signed]
R3 HSXHWAZL; C:\WINDOWS\System32\DRIVERS\hsxhwazl.sys [192512 2005-12-05] (Conexant Systems, Inc.) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R1 i2omgmt; C:\WINDOWS\system32\Drivers\i2omgmt.sys [8576 2008-04-14] (Microsoft Corporation) [File not signed]
S4 i2omp; C:\WINDOWS\system32\DRIVERS\i2omp.sys [18560 2008-04-14] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation) [File not signed]
R0 iaStor; C:\WINDOWS\System32\DRIVERS\iaStor.sys [874240 2005-10-11] (Intel Corporation) [File not signed]
R3 IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [10112 2005-11-10] (Lenovo.) [File not signed]
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [6016 2006-01-13] () [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ini910u; C:\WINDOWS\system32\DRIVERS\ini910u.sys [16000 2001-08-17] (Microsoft Corporation) [File not signed]
S4 IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [5504 2008-04-14] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 irda; C:\WINDOWS\System32\DRIVERS\irda.sys [88192 2008-04-14] (Microsoft Corporation) [File not signed]
R3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation) [File not signed]
S4 mraid35x; C:\WINDOWS\system32\DRIVERS\mraid35x.sys [17280 2001-08-17] (American Megatrends Inc.) [File not signed]
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NSCIRDA; C:\WINDOWS\System32\DRIVERS\nscirda.sys [28672 2008-04-14] (National Semiconductor Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation) [File not signed]
S3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [1897408 2004-08-03] (NVIDIA Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation) [File not signed]
S3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
R0 Pcmcia; C:\WINDOWS\System32\DRIVERS\pcmcia.sys [120192 2008-04-14] (Microsoft Corporation) [File not signed]
S4 perc2; C:\WINDOWS\system32\DRIVERS\perc2.sys [27296 2001-08-17] (Microsoft Corporation) [File not signed]
S4 perc2hib; C:\WINDOWS\system32\DRIVERS\perc2hib.sys [5504 2001-08-17] (Microsoft Corporation) [File not signed]
R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2009-02-05] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PrivateDisk; C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [58368 2006-03-13] (Utimaco Safeware AG) [File not signed]
R2 PROCDD; C:\WINDOWS\System32\DRIVERS\PROCDD.SYS [5120 2006-08-16] (Lenovo Group Limited) [File not signed]
S1 Processor; C:\WINDOWS\System32\DRIVERS\processr.sys [35840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 psadd; C:\WINDOWS\system32\Drivers\psadd.sys [17536 2009-02-05] (Lenovo) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36496 2006-05-04] (Sonic Solutions) [File not signed]
S4 ql1080; C:\WINDOWS\system32\DRIVERS\ql1080.sys [40320 2001-08-17] (QLogic Corporation) [File not signed]
S4 Ql10wnt; C:\WINDOWS\system32\DRIVERS\ql10wnt.sys [33152 2001-08-17] (Microsoft Corporation) [File not signed]
S4 ql12160; C:\WINDOWS\system32\DRIVERS\ql12160.sys [45312 2001-08-17] (QLogic Corporation) [File not signed]
S4 ql1240; C:\WINDOWS\system32\DRIVERS\ql1240.sys [40448 2001-08-17] (Microsoft Corporation) [File not signed]
S4 ql1280; C:\WINDOWS\system32\DRIVERS\ql1280.sys [49024 2001-08-17] (QLogic Corporation) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-14] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RFCOMM; C:\WINDOWS\System32\DRIVERS\rfcomm.sys [59136 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft Corporation) [File not signed]
R1 ShockMgr; C:\WINDOWS\system32\Drivers\ShockMgr.sys [4736 2005-06-20] (Lenovo.) [File not signed]
R0 Shockprf; C:\WINDOWS\system32\Drivers\Shockprf.sys [88576 2006-03-15] (Lenovo) [File not signed]
S4 sisagp; C:\WINDOWS\system32\DRIVERS\sisagp.sys [40960 2008-04-14] (Silicon Integrated Systems Corporation) [File not signed]
R1 Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [14848 2006-08-02] (Microsoft Corporation) [File not signed]
R2 smi2; C:\Program Files\SMI2\smi2.sys [3968 2006-07-14] (IBM Corp.) [File not signed]
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [3456 2006-04-25] (UPEK Inc.) [File not signed]
S4 Sparrow; C:\WINDOWS\system32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation) [File not signed]
S4 symc810; C:\WINDOWS\system32\DRIVERS\symc810.sys [16256 2001-08-17] (Symbios Logic Inc.) [File not signed]
S4 symc8xx; C:\WINDOWS\system32\DRIVERS\symc8xx.sys [32640 2001-08-17] (LSI Logic) [File not signed]
S4 sym_hi; C:\WINDOWS\system32\DRIVERS\sym_hi.sys [28384 2001-08-17] (LSI Logic) [File not signed]
S4 sym_u3; C:\WINDOWS\system32\DRIVERS\sym_u3.sys [30688 2001-08-17] (LSI Logic) [File not signed]
R3 SynTP; C:\WINDOWS\System32\DRIVERS\SynTP.sys [177664 2006-02-14] (Synaptics, Inc.) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
R3 TcUsb; C:\WINDOWS\System32\Drivers\tcusb.sys [28800 2006-04-25] (UPEK Inc.) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
R1 TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [9343 2006-08-02] () [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
S4 TosIde; C:\WINDOWS\system32\DRIVERS\toside.sys [4992 2001-08-17] (Microsoft Corporation) [File not signed]
R1 TPHKDRV; C:\WINDOWS\system32\Drivers\TPHKDRV.sys [17699 2005-07-05] (IBM Corporation) [File not signed]
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2006-05-25] () [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [7168 2006-07-20] () [File not signed]
R2 tvtfilter; C:\WINDOWS\system32\drivers\tvtfilter.sys [12544 2006-07-14] (Lenovo) [File not signed]
R3 TVTPktFilter; C:\WINDOWS\System32\DRIVERS\tvtpktfilter.sys [17664 2006-07-14] (Lenovo Group Limited) [File not signed]
S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ultra; C:\WINDOWS\system32\DRIVERS\ultra.sys [36736 2001-08-17] (Promise Technology, Inc.) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation) [File not signed]
S4 viaagp; C:\WINDOWS\system32\DRIVERS\viaagp.sys [42240 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ViaIde; C:\WINDOWS\system32\DRIVERS\viaide.sys [5376 2008-04-14] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation) [File not signed]
R3 winachsf; C:\WINDOWS\System32\DRIVERS\hsx_cnxt.sys [670208 2005-12-05] (Conexant Systems, Inc.) [File not signed]
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [54432 2006-07-08] (Atheros Communications, Inc.) [File not signed]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [14208 2008-04-14] (Microsoft Corporation) [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) [File not signed]
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-03 04:58 - 2018-04-03 05:00 - 000000000 ____D C:\FRST
2018-03-24 16:59 - 2018-03-24 16:59 - 000000000 ____D C:\Documents and Settings\Ed\Local Settings\Application Data\CEF
2018-03-24 16:57 - 2018-03-24 16:57 - 000000000 ____D C:\Documents and Settings\Ed\Local Settings\Application Data\Avg
2018-03-24 16:56 - 2018-03-24 16:56 - 000000617 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2018-03-24 16:56 - 2018-03-24 16:56 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
2018-03-24 16:49 - 2018-03-29 06:48 - 000000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2018-03-24 16:47 - 2018-03-24 16:56 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2018-03-24 15:28 - 2018-03-24 15:28 - 000000000 ____D C:\Program Files\Common Files\AVG Secure Search
2018-03-24 15:28 - 2018-03-24 15:28 - 000000000 ____D C:\Program Files\AVG Secure Search
2018-03-24 15:28 - 2018-03-24 15:28 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2018-03-24 14:44 - 2018-04-02 19:45 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\{F827CE7B-DC8F-A2C3-B117-872B957F7BB3}
2018-03-21 18:17 - 2018-03-21 18:17 - 000000713 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 13.lnk
2018-03-21 18:17 - 2018-03-21 18:17 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 13
2018-03-13 21:26 - 2018-03-24 23:15 - 000000880 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job
2018-03-13 20:19 - 2018-03-13 20:19 - 000000000 ___SD C:\Documents and Settings\Ed\My Documents\My Data Sources
2018-03-04 15:24 - 2018-03-04 15:27 - 000000000 ____D C:\Documents and Settings\Ed\Local Settings\Application Data\{F827CE7B-DC8F-A2C3-B117-872B957F7BB3}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-03 05:05 - 2009-04-10 14:09 - 000000000 ____D C:\Documents and Settings\Ed\Local Settings\Temp
2018-04-03 04:44 - 2015-02-24 04:44 - 000000408 _____ C:\WINDOWS\Tasks\At1.job
2018-04-03 04:37 - 2013-07-02 14:26 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-04-03 04:31 - 2009-06-09 06:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\Avg
2018-04-03 04:26 - 2013-08-30 05:53 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2018-04-02 22:50 - 2009-02-05 17:39 - 000000000 ____D C:\SWSHARE
2018-04-02 19:45 - 2015-02-25 06:44 - 000000429 _____ C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2018-04-02 18:46 - 2015-09-12 12:57 - 000000000 ____D C:\dmb11
2018-04-02 18:40 - 2009-02-05 17:39 - 000005427 _____ (IBM Corporation) C:\WINDOWS\system32\EGATHDRV.SYS
2018-03-29 06:22 - 2017-12-08 16:38 - 000000000 ____D C:\Program Files\TeamViewer
2018-03-27 07:25 - 2015-04-21 20:27 - 000000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2018-03-24 23:15 - 2006-04-30 03:20 - 000032422 _____ C:\WINDOWS\SchedLgU.Txt
2018-03-24 23:15 - 2006-04-29 20:11 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-24 17:52 - 2015-02-24 04:43 - 000000000 ____D C:\Program Files\WSE_Binkiland
2018-03-24 16:56 - 2009-06-09 05:59 - 000000000 ____D C:\Program Files\AVG
2018-03-24 16:45 - 2006-08-17 04:00 - 000009970 _____ C:\WINDOWS\system32\PROCDB.INI
2018-03-24 16:44 - 2016-02-10 16:38 - 000000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2018-03-24 16:44 - 2013-07-02 14:26 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-03-24 16:43 - 2016-02-08 04:26 - 000000260 _____ C:\WINDOWS\Tasks\WGASetup.job
2018-03-24 16:41 - 2006-04-30 03:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-24 16:38 - 2016-01-30 23:58 - 000131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2018-03-24 16:38 - 2009-12-30 20:16 - 000000012 _____ C:\WINDOWS\bthservsdp.dat
2018-03-24 15:25 - 2010-07-16 19:00 - 000012536 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgrsstx.dll
2018-03-24 15:25 - 2009-06-09 06:00 - 000243152 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2018-03-24 15:25 - 2009-06-09 06:00 - 000029712 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2018-03-24 15:19 - 2009-06-09 06:00 - 000226016 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx86.sys
2018-03-24 14:36 - 2010-05-11 18:04 - 000000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2018-03-21 18:03 - 2017-11-04 13:33 - 000000000 ____D C:\Program Files\Trout
2018-03-20 03:31 - 2006-04-29 20:04 - 000695900 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-13 21:26 - 2012-09-26 09:40 - 000804352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-03-13 21:26 - 2011-07-01 21:39 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-03-04 15:24 - 2015-02-24 05:00 - 000000386 _____ C:\Documents and Settings\Ed\Application Data\WB.CFG
2018-03-04 14:54 - 2006-04-30 02:56 - 000002278 _____ C:\WINDOWS\system32\wpa.dbl
 
==================== Files in the root of some directories =======
 
2012-07-01 20:39 - 2012-07-01 20:39 - 000000000 ____C () C:\Program Files\GUM6F.tmp
2009-06-13 16:30 - 2014-12-20 00:17 - 000011674 ____C () C:\Documents and Settings\Ed\Application Data\transfer.log
2015-02-24 05:00 - 2018-03-04 15:24 - 000000386 _____ () C:\Documents and Settings\Ed\Application Data\WB.CFG
2009-10-08 19:52 - 2017-06-12 16:00 - 000009728 ____C () C:\Documents and Settings\Ed\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-14 09:40 - 2015-03-14 09:40 - 000274045 _____ () C:\Documents and Settings\Ed\Local Settings\Application Data\dsi1.dat
2015-03-14 09:40 - 2015-03-14 09:40 - 000161916 _____ () C:\Documents and Settings\Ed\Local Settings\Application Data\dsi2.dat
2009-04-10 14:10 - 2009-04-10 14:10 - 000000125 ____C () C:\Documents and Settings\Ed\Local Settings\Application Data\fusioncache.dat
2009-12-29 00:27 - 2012-08-04 12:50 - 001229508 ____C () C:\Documents and Settings\Ed\Local Settings\Application Data\prvlcl.dat
2011-07-04 20:21 - 2011-07-04 20:21 - 000000000 ____C () C:\Documents and Settings\Ed\Local Settings\Application Data\{F5FAFD4A-4D5E-4579-8440-799017E7EB9E}
2015-02-24 05:02 - 2015-02-24 05:03 - 000003865 _____ () C:\Documents and Settings\All Users\Application Data\lpm.dat
 
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
 
 
Some files in TEMP:
====================
2018-01-25 03:20 - 2018-01-25 03:20 - 000011264 _____ () C:\Documents and Settings\Ed\Local Settings\Temp\cp4f8sac.dll
2015-02-24 05:03 - 2015-02-24 05:03 - 001328472 _____ (DivX, LLC) C:\Documents and Settings\Ed\Local Settings\Temp\divx12ce.exe
2015-02-24 05:03 - 2015-02-24 05:03 - 001328472 _____ (DivX, LLC) C:\Documents and Settings\Ed\Local Settings\Temp\divxb504.exe
2015-02-24 05:03 - 2015-02-24 05:03 - 001328472 _____ (DivX, LLC) C:\Documents and Settings\Ed\Local Settings\Temp\divxbf2f.exe
2017-12-19 06:35 - 2017-12-19 06:35 - 000011264 _____ () C:\Documents and Settings\Ed\Local Settings\Temp\ednd0wz2.dll
2017-07-21 19:57 - 2017-07-21 19:57 - 000011264 _____ () C:\Documents and Settings\Ed\Local Settings\Temp\fv6ogric.dll
2017-12-07 09:09 - 2017-12-07 09:09 - 000000000 _____ () C:\Documents and Settings\Ed\Local Settings\Temp\ht4zqf-j.dll
2015-04-13 12:25 - 2015-04-13 12:25 - 000938408 _____ (Oracle Corporation) C:\Documents and Settings\Ed\Local Settings\Temp\jre-7u79-windows-i586-iftw.exe
2017-03-15 14:11 - 2017-03-15 14:11 - 000739904 _____ (Oracle Corporation) C:\Documents and Settings\Ed\Local Settings\Temp\jre-8u131-windows-au.exe
2017-07-26 16:23 - 2017-07-26 16:23 - 000011264 _____ () C:\Documents and Settings\Ed\Local Settings\Temp\mtoggkek.dll
2017-07-07 23:17 - 2017-07-07 23:17 - 000011264 _____ () C:\Documents and Settings\Ed\Local Settings\Temp\reysgffn.dll
2015-09-19 11:08 - 2015-09-19 11:08 - 000627671 _____ () C:\Documents and Settings\Ed\Local Settings\Temp\{4F4298B2-ABB6-4466-A9CB-4C088D0B0DFC}-GoogleUpdateSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by Ed (03-04-2018 05:06:16)
Running from C:\Documents and Settings\Ed\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2009-02-05 21:51:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1926703586-1828195735-1695045918-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Ana (S-1-5-21-1926703586-1828195735-1695045918-1008 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Ana
ASPNET (S-1-5-21-1926703586-1828195735-1695045918-1003 - Limited - Enabled)
Bill (S-1-5-21-1926703586-1828195735-1695045918-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Bill
Ed (S-1-5-21-1926703586-1828195735-1695045918-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Ed
Ed 2 (S-1-5-21-1926703586-1828195735-1695045918-1009 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Ed 2
Guest (S-1-5-21-1926703586-1828195735-1695045918-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1926703586-1828195735-1695045918-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1926703586-1828195735-1695045918-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DVIA player 5.0 (HKLM\...\{4E868D3D-6EEB-4273-926C-2287236B5B79}) (Version: 5.0.0.12 - 3DVIA)
Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.5.1.0 - Ask.com) <==== ATTENTION
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.293.1-060913a-036475C-Lenovo - )
ATI HYDRAVISION (HKLM\...\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}) (Version: 3.25.0006 - )
Audacity 2.1.0 (HKLM\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AVG (HKLM\...\AvgZen) (Version: 1.116.3.1052 - AVG Technologies)
AVG Free 9.0 (HKLM\...\AVG9Uninstall) (Version:  - AVG Technologies)
AVG Zen (HKLM\...\{3D8C5CBA-DDCF-44CE-AD7D-B0AEF74E989E}) (Version: 1.116.2 - AVG Technologies) Hidden
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Client Security Solution (HKLM\...\{48227AEB-DC8E-4A90-A274-0B4A39D699B1}) (Version: 7.00.0022.00 - Lenovo Group Limited)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\...\CopyTrans Suite) (Version: 4.017 - WindSolutions)
Diamond Mind Baseball version 10 (HKLM\...\Diamond Mind Baseball version 10) (Version: 10 - Diamond Mind, Inc.)
Diamond Mind Baseball version 11 (HKLM\...\Diamond Mind Baseball version 11) (Version: 11 - Diamond Mind, Inc.)
Diamond Mind Baseball version 9c (HKLM\...\Diamond Mind Baseball version 9c) (Version: 9c - Diamond Mind, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DMB version 10a patch (HKLM\...\DMB version 10a patch) (Version: 10a - Diamond Mind, Inc.)
doPDF (HKLM\...\{86B4BE12-E8BA-4E53-B2E8-35EC7D04F817}) (Version: 8.5.939 - Softland) Hidden
doPDF 8 (HKLM\...\{d024a5a4-e86a-4e50-b9f7-6c5b4329e8b0}) (Version: 8.5.939 - Softland)
Dora Backpack (HKLM\...\{D859D35F-E947-4F2A-8591-C76A4D116178}) (Version:  - )
Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: 4.82 - NCH Software)
FMW 1 (HKLM\...\{A2B92392-DC17-416B-88F6-A6A55E053E32}) (Version: 1.143.3 - AVG Technologies) Hidden
FREE Hi-Q Recorder 1.92 (HKLM\...\FREE Hi-Q Recorder_is1) (Version:  - Rick Roemer, (Roemer Software))
Free Music Zilla (HKLM\...\Free Music Zilla_is1) (Version:  - FreeMusicZilla.com)
FrostWire 4.18.4 (HKLM\...\FrostWire) (Version: 4.18.4.0 - FrostWire, LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Desktop (HKLM\...\{E4A72492-6674-46F4-8322-7FE498B6CD17}) (Version: 4.2006.814.1947 - Google Inc.) Hidden
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Help Center (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 1.04b - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Hooked on Phonics Learn to Read (HKLM\...\HOPDKey) (Version:  - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
InterActual Player (HKLM\...\InterActual Player) (Version:  - )
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.311 - InterVideo Inc.)
iPod Copy Master 5 (HKLM\...\iPod Copy Master_is1) (Version:  - iPod Copy Master 6)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 2.4.2.2295 - Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 2.6.18.0 - Symantec Corporation)
Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 1.05 - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{606BC780-101C-41DB-808D-4539BFA0774A}) (Version: 3.1.1.0 - Apple Inc.)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
novaPDF 8 Printer Driver (HKLM\...\{1C7FF15C-2914-4DF6-BE4E-EA3EF7017D2F}) (Version: 8.5.939 - Softland)
novaPDF 8 SDK COM (x86) (HKLM\...\{77341EEE-6919-4640-B3C0-A19944DB6B66}) (Version: 8.5.939 - Softland)
Online Plug-in (HKLM\...\{AE2E0F4A-E08F-4A15-B4DC-D8FC9CEFF9C7}) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Online Plug-in (HKLM\...\{F390D923-76F1-458E-8218-8C0C156CDCFD}) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4240.03 - PC-Doctor, Inc.)
PDFill FREE PDF Editor Basic (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 14.0 - PlotSoft LLC)
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
Productivity Center Supplement for ThinkPad (HKLM\...\{D728E945-256D-4477-B377-6BBA693714AC}) (Version: 1.02b - )
Real Alternative 2.0.1 (HKLM\...\RealAlt_is1) (Version: 2.0.1 - )
RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Sonic Solutions)
RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Sonic Solutions)
RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Sonic Solutions)
Remove Multimedia Center (HKLM\...\Remove Multimedia Center) (Version:  - )
Rescue and Recovery (HKLM\...\{7726CF62-7B45-4E6D-9266-615346816BCA}) (Version: 3.10.0022.00 - Lenovo Group Limited)
Self-service Plug-in (HKLM\...\{47117FCA-0D00-4B6D-9D68-00B763629463}) (Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Sonic Solutions)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 1.0.2 - Lenovo)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.4310 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StreamBuffRe (HKLM\...\StreamBuffRe_is1) (Version:  - Felmachersoft)
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version:  - )
System Migration Assistant (HKLM\...\{9EA84FDD-CCC0-47FD-A993-923165BEA47A}) (Version: 5.10.0043 - Lenovo Group Limited.)
System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 2.00.0084 - Lenovo)
TeamViewer 13 (HKLM\...\TeamViewer) (Version: 13.1.1548 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 5.0.1.2900 - IBM, Inc.)
ThinkPad Configuration (HKLM\...\{FC081D4D-DF1B-4CF1-B530-027E4118D846}) (Version: 1.54 - )
ThinkPad EasyEject Utility  (HKLM\...\{1297C681-92D7-40EF-93BF-03F66EC5105C}) (Version: 2.22a - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 1.17 - )
ThinkPad Keyboard Customizer Utility (HKLM\...\{2111B23F-7FDA-4A41-8309-E5A1663CA296}) (Version: 1.3.42.0 - )
ThinkPad Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588) (Version: 7.39.00.50 - )
ThinkPad PC Card Power Policy (HKLM\...\PCMCIAPW) (Version: 1.02 - ) Hidden
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.33 - )
ThinkPad Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.13c - )
ThinkPad Presentation Director (HKLM\...\Presentation Director) (Version: 2.54 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 7.5.17.20 - )
ThinkPad UltraNav Wizard (HKLM\...\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}) (Version: 3.05 - )
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g) (HKLM\...\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}) (Version: 5.0.100.112 - )
ThinkVantage Access Connections (HKLM\...\{7EB114D8-207F-45AE-BABD-1669715F2630}) (Version: 4.20 - )
ThinkVantage Active Protection System (HKLM\...\{72806716-7088-41B2-8FA6-717A2A164DAB}) (Version: 1.41 - )
ThinkVantage Away Manager (HKLM\...\AwayTask) (Version: 2.0.7.0 - )
ThinkVantage Fingerprint Software 5.5 (HKLM\...\{4526E521-18BC-4C01-8563-5CCE47AAC01C}) (Version: 5.5.0.2918 - UPEK)
ThinkVantage Productivity Center (HKLM\...\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}) (Version: 1.11 - )
ThinkVantage System Update Toolbar Button for IE (HKLM\...\{DA320635-F48C-4613-8325-D75A933C549E}) (Version: 1.0.0 - Lenovo)
ThinkVantage Technologies Welcome Message (HKLM\...\{1007F41F-7D69-468E-8017-3849A5A973C2}) (Version: 1.14 - ) Hidden
TrackPoint Accessibility Features (HKLM\...\{EA664480-3844-11D5-8C25-444553540000}) (Version: 1.11.0.0 - )
Trout (HKLM\...\Trout_is1) (Version: 1.0.6 - Jody Holmes)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV 0.9.17 (HKLM\...\Veetle TV) (Version: 0.9.17 - Veetle, Inc)
Videora iPad Converter 6 (HKLM\...\Videora iPad Converter) (Version: 6 - Red Kawa)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wallpapers (HKLM\...\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}) (Version:  - ) Hidden
WavePad Sound Editor (HKLM\...\WavePad) (Version: 7.14 - NCH Software)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows Media Connect (HKLM\...\WMCSetup) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WSE_Binkiland (HKLM\...\WSE_Binkiland) (Version:  - WSE_Binkiland) <==== ATTENTION
XP Themes (HKLM\...\{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}) (Version: 1.00.0000 - Lenovo) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\...\ChromeHTML: ->  <==== ATTENTION
ContextMenuHandlers1: [AVG9 Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files\AVG\AVG9\avgse.dll [2018-03-24] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVS Video Converter 6] -> {6230EF55-8E71-4F40-861A-DBA282584FF5} => C:\Program Files\AVS4YOU\AVSVideoConverter6\AVSVideoConverterShExt.dll [2009-11-23] (Online Media Technologies Ltd.)
ContextMenuHandlers1: [SGPDMenu] -> {F6A51CCC-6AA6-46ad-B726-97466F0A38BF} => C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdshell.dll [2006-03-13] (Utimaco Safeware AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2008-09-16] ()
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-02-02] (Sonic Solutions)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2008-09-16] ()
ContextMenuHandlers6: [AVG9 Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files\AVG\AVG9\avgse.dll [2018-03-24] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [SGPDMenu] -> {F6A51CCC-6AA6-46ad-B726-97466F0A38BF} => C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdshell.dll [2006-03-13] (Utimaco Safeware AG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2008-09-16] ()
 
==================== Scheduled Tasks=============================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Ed\APPLIC~1\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\SetupAVG Technologiesጃ0000
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\WavePadSevenDays.job => C:\Program Files\NCH Software\WavePad\wavepad.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of memory in use: 83%
Total physical RAM: 1534.36 MB
Available physical RAM: 257.29 MB
Total Virtual: 3429.72 MB
Available Virtual: 999.15 MB
 
==================== Drives ================================
 
Drive c: (Preload) (Fixed) (Total:88.68 GB) (Free:0.67 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (USB DISK) (Removable) (Total:14.44 GB) (Free:8.13 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 93.2 GB) (Disk ID: ED1F86F7)
Partition 1: (Active) - (Size=88.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.5 GB) - (Type=12)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.4 GB) (Disk ID: 3FFB5670)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,338 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:46 AM

Posted 03 April 2018 - 05:31 AM

edinnyc1:

 
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two, but I do hope to respond later today with an initial FRST "fixlist" script.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,338 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:46 AM

Posted 03 April 2018 - 02:35 PM

edinnyc1:

Thank you for your patience while I analyzed your FRST logs.

I would also like to point out to you that running a computer with Windows XP SP3 is a MAJOR security vulnerability.  This OS has not been supported by Microsoft since 2014.  Please check the links listed below for more information about the computer security issues associated with running Windows XP SP3.

.
 
Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Please uninstall these programs, via the Control Panel. They are considered malware.

  • Ask Toolbar
  • FrostWire 4.18.4
  • WSE_Binkiland

You might also want to consider uninstalling this program: Spybot - Search & Destroy. It is no longer considered to be among the more effective anti-malware software programs. Please see this link for more information.

.

:step2: In going over your logs I noticed that you have StreamTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, your computer will get infected again.
I would recommend that you uninstall StreamTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.

:step3: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\...\RunOnce: [Binkiland] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\DOCUME~1\Ed\APPLIC~1\Binkiland\UpdateProc\bkup.dat"
hosts:
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://binkiland.com/?f=1&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
URLSearchHook: HKU\S-1-5-21-1926703586-1828195735-1695045918-1007 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://isearch.avg.com/tab?cid={C07CAA34-BE14-4BC7-A0D8-5525579E19F5}&mid=4f8a70d232670ecc3c51339fb3fc97ac-bde837214e0fecef59cbbe18c707454cd751203e&lang=us&ds=AVG&pr=&d=2018-03-24 15:27:44&v=9.0.0.18&sap=nt" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
SearchScopes: HKU\.DEFAULT -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
SearchScopes: HKU\S-1-5-21-1926703586-1828195735-1695045918-1007 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
BHO: FrostWire Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll => No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKU\S-1-5-21-1926703586-1828195735-1695045918-1007 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1926703586-1828195735-1695045918-1007 -> FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
FF Extension: (FrostWire Toolbar) - C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\Extensions\toolbar@ask.com [2009-11-15] [Legacy] [not signed]
FF SearchPlugin: C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\searchplugins\askcom.xml [2009-11-15]
FF SearchPlugin: C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\searchplugins\Binkiland.xml [2015-02-25]
CHR HKLM\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - hxxps://clients2.google.com/service/update2/crx
U1 WS2IFSL; no ImagePath
Folder: C:\Documents and Settings\NetworkService\Local Settings\Application Data\{F827CE7B-DC8F-A2C3-B117-872B957F7BB3}
VirusTotal: C:\Documents and Settings\NetworkService\Application Data\WB.CFG;C:\Documents and Settings\Ed\Application Data\WB.CFG;C:\Documents and Settings\Ed\Local Settings\Temp\cp4f8sac.dll
2018-03-24 17:52 - 2015-02-24 04:43 - 000000000 ____D C:\Program Files\WSE_Binkiland
C:\Windows\Tasks\At1.job
2015-09-19 11:08 - 2015-09-19 11:08 - 000627671 _____ () C:\Documents and Settings\Ed\Local Settings\Temp\{4F4298B2-ABB6-4466-A9CB-4C088D0B0DFC}-GoogleUpdateSetup.exe
File: C:\Documents and Settings\Ed\Local Settings\Temp\divx12ce.exe;C:\Documents and Settings\Ed\Local Settings\Temp\ednd0wz2.dll;C:\Documents and Settings\Ed\Local Settings\Temp\mtoggkek.dll
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Ed\APPLIC~1\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#4 edinnyc1

edinnyc1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 03 April 2018 - 07:12 PM

Phil,

 

Thank you so much for your help and your quick response to this issue. You can call me Ed.  I have performed all the steps requested.  I received errors when removing  Ask Toolbar and Binkiland.  I also removed Spybot search and destroy.  Here is the fixlog:

 

Thanks again!

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by Ed (03-04-2018 19:42:35) Run:1
Running from C:\Documents and Settings\Ed\My Documents\Downloads
Loaded Profiles: Ed (Available Profiles: Bill & Ed & Ana & Ed 2 & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\...\RunOnce: [Binkiland] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\DOCUME~1\Ed\APPLIC~1\Binkiland\UpdateProc\bkup.dat"
hosts:
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://binkiland.com/?f=1&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
URLSearchHook: HKU\S-1-5-21-1926703586-1828195735-1695045918-1007 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://isearch.avg.com/tab?cid={C07CAA34-BE14-4BC7-A0D8-5525579E19F5}&mid=4f8a70d232670ecc3c51339fb3fc97ac-bde837214e0fecef59cbbe18c707454cd751203e&lang=us&ds=AVG&pr=&d=2018-03-24 15:27:44&v=9.0.0.18&sap=nt" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
SearchScopes: HKU\.DEFAULT -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
SearchScopes: HKU\S-1-5-21-1926703586-1828195735-1695045918-1007 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0EtD0EyBtDyDtDyCtB0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0EtByEyD0Azy0FtGzz0C0DyBtGtAyDyE0EtG0A0F0CyDtGyC0B0FtDzztA0ByE0DtBzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzztDyCyEtAtCtGtA0C0A0DtGyE0CtCyDtGzy0Dzz0FtGyEtCyCzz0Dzy0E0A0DtA0E0A2Q&cr=2027746181&ir=
BHO: FrostWire Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll => No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKU\S-1-5-21-1926703586-1828195735-1695045918-1007 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1926703586-1828195735-1695045918-1007 -> FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
FF Extension: (FrostWire Toolbar) - C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\Extensions\toolbar@ask.com [2009-11-15] [Legacy] [not signed]
FF SearchPlugin: C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\searchplugins\askcom.xml [2009-11-15]
FF SearchPlugin: C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\searchplugins\Binkiland.xml [2015-02-25]
CHR HKLM\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - hxxps://clients2.google.com/service/update2/crx
U1 WS2IFSL; no ImagePath
Folder: C:\Documents and Settings\NetworkService\Local Settings\Application Data\{F827CE7B-DC8F-A2C3-B117-872B957F7BB3}
VirusTotal: C:\Documents and Settings\NetworkService\Application Data\WB.CFG;C:\Documents and Settings\Ed\Application Data\WB.CFG;C:\Documents and Settings\Ed\Local Settings\Temp\cp4f8sac.dll
2018-03-24 17:52 - 2015-02-24 04:43 - 000000000 ____D C:\Program Files\WSE_Binkiland
C:\Windows\Tasks\At1.job
2015-09-19 11:08 - 2015-09-19 11:08 - 000627671 _____ () C:\Documents and Settings\Ed\Local Settings\Temp\{4F4298B2-ABB6-4466-A9CB-4C088D0B0DFC}-GoogleUpdateSetup.exe
File: C:\Documents and Settings\Ed\Local Settings\Temp\divx12ce.exe;C:\Documents and Settings\Ed\Local Settings\Temp\ednd0wz2.dll;C:\Documents and Settings\Ed\Local Settings\Temp\mtoggkek.dll
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Ed\APPLIC~1\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Binkiland" => removed successfully.
Hosts restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => removed successfully.
HKLM\Software\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => not found
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => removed successfully.
HKLM\Software\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => not found
HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => removed successfully.
HKLM\Software\Classes\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => not found
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => removed successfully.
HKLM\Software\Classes\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => not found
"HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => removed successfully.
HKLM\Software\Classes\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => removed successfully.
"HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => removed successfully.
HKLM\Software\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}" => removed successfully.
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => not found
"HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => removed successfully.
HKLM\Software\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => not found
"HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}" => removed successfully.
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => not found
"C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\Extensions\toolbar@ask.com" => not found
C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\searchplugins\askcom.xml => moved successfully
C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\yvx2gxyz.default\searchplugins\Binkiland.xml => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk" => removed successfully.
"HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\SOFTWARE\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk" => removed successfully.
"HKLM\System\CurrentControlSet\Services\WS2IFSL" => removed successfully.
WS2IFSL => service removed successfully.
 
========================= Folder: C:\Documents and Settings\NetworkService\Local Settings\Application Data\{F827CE7B-DC8F-A2C3-B117-872B957F7BB3} ========================
 
2018-03-24 14:44 - 2018-04-02 19:44 - 000228308 ____A [279002D62321809A5A94B815295CB93B] () C:\Documents and Settings\NetworkService\Local Settings\Application Data\{F827CE7B-DC8F-A2C3-B117-872B957F7BB3}\setup.log
 
====== End of Folder: ======
 
VirusTotal: C:\Documents and Settings\NetworkService\Application Data\WB.CFG => (3) Error
VirusTotal: C:\Documents and Settings\Ed\Application Data\WB.CFG => (3) Error
VirusTotal: C:\Documents and Settings\Ed\Local Settings\Temp\cp4f8sac.dll => (3) Error
C:\Program Files\WSE_Binkiland => moved successfully
C:\Windows\Tasks\At1.job => moved successfully
C:\Documents and Settings\Ed\Local Settings\Temp\{4F4298B2-ABB6-4466-A9CB-4C088D0B0DFC}-GoogleUpdateSetup.exe => moved successfully
 
========================= File: C:\Documents and Settings\Ed\Local Settings\Temp\divx12ce.exe;C:\Documents and Settings\Ed\Local Settings\Temp\ednd0wz2.dll;C:\Documents and Settings\Ed\Local Settings\Temp\mtoggkek.dll ========================
 
C:\Documents and Settings\Ed\Local Settings\Temp\divx12ce.exe
File is digitally signed
MD5: 9ACB77B475EB763FEA1F46650FF60251
Creation and modification date: 2015-02-24 05:03 - 2015-02-24 05:03
Size: 001328472
Attributes: ----A
Company Name: DivX, LLC
Internal Name: 
Original Name: 
Product: Installer
Description: Main Concept AVC Codec Installer
File Version: 1.3.5.26
Product Version: 
Copyright: Copyright © DivX, Inc. 2014
 
C:\Documents and Settings\Ed\Local Settings\Temp\ednd0wz2.dll
File not signed
MD5: F6DB63A6E97F652D1419D978F2C4D78A
Creation and modification date: 2017-12-19 06:35 - 2017-12-19 06:35
Size: 000011264
Attributes: ----A
Company Name: 
Internal Name: ednd0wz2.dll
Original Name: ednd0wz2.dll
Product: 
Description:  
File Version: 4.1.0.41738
Product Version: 4.1.0.41738
Copyright:  
VirusTotal: 0
 
C:\Documents and Settings\Ed\Local Settings\Temp\mtoggkek.dll
File not signed
MD5: 99D12B8A689B3387E0559562D3E83A5C
Creation and modification date: 2017-07-26 16:23 - 2017-07-26 16:23
Size: 000011264
Attributes: ----A
Company Name: 
Internal Name: mtoggkek.dll
Original Name: mtoggkek.dll
Product: 
Description:  
File Version: 4.1.0.41738
Product Version: 4.1.0.41738
Copyright:  
VirusTotal: 0
 
====== End of File: ======
 
"C:\WINDOWS\Tasks\At1.job" => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10169 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 33103 B
Java, Flash, Steam htmlcache => 715266 B
Windows/system/dllcache/drivers => 10492732 B
Edge => 0 B
Chrome => 281019940 B
Firefox => 166706467 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 49659 B
All Users => 0 B
systemprofile => 415265653 B
LocalService => 521 B
NetworkService => 1084141 B
TEMP.ORA => 0 B
rfernandez => 0 B
administrator.ORA => 0 B
Bill => 0 B
Ed => 276957420 B
Ana => 504517 B
Ed 2 => 82427 B
Administrator => 0 B
 
RecycleBin => 2424407 B
EmptyTemp: => 1.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:52:24 ====


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,338 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:46 AM

Posted 04 April 2018 - 12:27 PM

Ed:
 
Thank you for permission to address you by your first name.  Thank you also for running the FRST "fixlist" script and posting the results.  That looks like we have made a good start! :thumbup2:
 
I would now like to run some standard anti-malware scans to detect any residual malware that was not detected by the FRST scan.
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through Reports (double-click the appropriate scan log) or you can just double-click the "Last Scan" entry on the Dashboard. Click "Export"., and then select "Copy to Clipboard". Next, please paste the contents of the log into your next reply.

.

:step3: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining "Clean" instructions until directed to do so by me, if you have any questions about one or more of the detections.
If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#6 edinnyc1

edinnyc1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 05 April 2018 - 07:07 AM

Phil,

 

Thanks again.  I have run 2 of the 3 above (did not have time for #3) and here are the logs:  I will try to do #3 this weekend.

 

ESET:

 

C:\Documents and Settings\Ed\Application Data\Binkiland\UpdateProc\bkup.dat VBS/Kryptik.DY trojan cleaned by deleting
C:\Documents and Settings\Ed\Application Data\Binkiland\UpdateProc\UpdateTask.exe a variant of Win32/DealPly.AI potentially unwanted application cleaned by deleting
C:\Documents and Settings\Ed\My Documents\Downloads\Your File Is Ready To Download_3226211819.exe Win32/InstallCore.Gen.A potentially unwanted application cleaned by deleting
 
 
MalwareBytes:
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/5/18
Scan Time: 5:07 AM
Log File: c8acf44a-38b0-11e8-9444-0016cfe0e705.json
Administrator: Yes
 
-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4624
License: Trial
 
-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: LENOVO-42C241A7\Ed
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 276543
Threats Detected: 32
Threats Quarantined: 32
Time Elapsed: 1 hr, 23 min, 55 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 11
PUP.Optional.InstallCore, HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\SOFTWARE\InstallCore, Quarantined, [386], [239563],1.0.4624
PUP.Optional.Binkiland, HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\SOFTWARE\wse_binkiland, Quarantined, [252], [235814],1.0.4624
Backdoor.Bot, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}, Quarantined, [774], [164724],1.0.4624
Backdoor.Bot, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\{494E6CEC-7483-A4EE-0938-895519A84BC7}, Quarantined, [774], [164731],1.0.4624
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd, Quarantined, [2], [306571],1.0.4624
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd.1, Quarantined, [2], [306571],1.0.4624
PUP.Optional.ASK, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [2], [306571],1.0.4624
PUP.Optional.ASK, HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [2], [306571],1.0.4624
PUP.Optional.ASK, HKU\S-1-5-21-1926703586-1828195735-1695045918-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [2], [306571],1.0.4624
Backdoor.Bot, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\{19127AD2-394B-70F5-C650-B97867BAA1F7}, Quarantined, [774], [164706],1.0.4624
PUP.Optional.Binkiland, HKLM\SOFTWARE\CLASSES\APPID\{a5bbb804-8009-4246-bed3-2d3335981ef6}, Quarantined, [252], [167702],1.0.4624
 
Registry Value: 3
PUP.Optional.Binkiland, HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|BINKILAND, Quarantined, [252], [235818],1.0.4624
PUP.Optional.Binkiland, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|APPPATH, Quarantined, [252], [235824],1.0.4624
PUP.Optional.WinBing.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|BINKILAND, Quarantined, [7312], [390923],1.0.4624
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 4
PUP.Optional.Binkiland, C:\Documents and Settings\Ed\Application Data\Binkiland\UpdateProc, Quarantined, [252], [175635],1.0.4624
PUP.Optional.Binkiland, C:\DOCUMENTS AND SETTINGS\ED\APPLICATION DATA\Binkiland, Quarantined, [252], [175635],1.0.4624
PUP.Optional.SetSearchSettings, C:\DOCUMENTS AND SETTINGS\ANA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8UHH7PTP.DEFAULT\EXTENSIONS\{E48EB377-9675-4F2B-BE40-B8BA3E0D933C}, Quarantined, [1853], [179528],1.0.4624
Trojan.StolenData, C:\WINDOWS\SYSTEM32\LOWSEC, Quarantined, [3631], [181006],1.0.4624
 
File: 14
PUP.Optional.Binkiland, C:\Documents and Settings\Ed\Application Data\Binkiland\UpdateProc\config.dat, Quarantined, [252], [175635],1.0.4624
PUP.Optional.Binkiland, C:\Documents and Settings\Ed\Application Data\Binkiland\UpdateProc\info.dat, Quarantined, [252], [175635],1.0.4624
PUP.Optional.Binkiland, C:\Documents and Settings\Ed\Application Data\Binkiland\UpdateProc\STTL.DAT, Quarantined, [252], [175635],1.0.4624
PUP.Optional.Binkiland, C:\Documents and Settings\Ed\Application Data\Binkiland\UpdateProc\TTL.DAT, Quarantined, [252], [175635],1.0.4624
PUP.Optional.Binkiland, C:\DOCUMENTS AND SETTINGS\ANA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8UHH7PTP.DEFAULT\SEARCHPLUGINS\Binkiland.xml, Quarantined, [252], [235805],1.0.4624
PUP.Optional.SetSearchSettings, C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\8uhh7ptp.default\extensions\{e48eb377-9675-4f2b-be40-b8ba3e0d933c}\bootstrap.js, Quarantined, [1853], [179528],1.0.4624
PUP.Optional.SetSearchSettings, C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\8uhh7ptp.default\extensions\{e48eb377-9675-4f2b-be40-b8ba3e0d933c}\install.rdf, Quarantined, [1853], [179528],1.0.4624
PUP.Optional.SetSearchSettings, C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\8uhh7ptp.default\extensions\{e48eb377-9675-4f2b-be40-b8ba3e0d933c}\search.json, Quarantined, [1853], [179528],1.0.4624
PUP.Optional.Binkiland, C:\DOCUMENTS AND SETTINGS\ANA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8UHH7PTP.DEFAULT\PREFS.JS, Replaced, [252], [303080],1.0.4624
PUP.Optional.ASK, C:\DOCUMENTS AND SETTINGS\ED\MY DOCUMENTS\DOWNLOADS\FROSTWIRE-4.18.4.WINDOWS.EXE, Quarantined, [2], [383618],1.0.4624
PUP.Optional.ClientConnect, C:\PROGRAM FILES\PCDR5\IPC.DLL, Quarantined, [10895], [265395],1.0.4624
PUP.Optional.Binkiland, C:\DOCUMENTS AND SETTINGS\ED\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [252], [455060],1.0.4624
PUP.Optional.Binkiland, C:\DOCUMENTS AND SETTINGS\ED\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [252], [455060],1.0.4624
PUP.Optional.Binkiland, C:\DOCUMENTS AND SETTINGS\ED\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [252], [455060],1.0.4624
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,338 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:46 AM

Posted 05 April 2018 - 01:06 PM

Ed:
 
Thank you for the results of the ESET and Malwarebytes scans.
 
I want to confirm with you that you did indeed enable the Malwarebytes "Scan for rootkits" setting, as I requested.  The reason that I ask this is because the scan log shows it is disabled.  That said, there is a bug in Malwarebytes that shows "Scan for rootkits" as disabled in the scan log, even though "Scan for rootkits" was enabled! :blush:
 
If you did not enable "Scan for rootkits", please re-run the Malwarebytes scan with that setting enabled.  If you did have it enabled, then just let me know and we will chalk it up to the "bug."
 
:step1: I will await the AdwCleaner scan/clean log.
 
.
 
:step2: Also, this weekend, would you be kind enough to also run an SFC scan for me?  I saw some Software Protection Platform errors in your FRST scan logs.

Please run a System File Checker (SFC) scan to assess the integrity of the Windows file system.

  • Click on the "Start" button.
  • In the "search" box at the bottom, type cmd.
  • Look for Cmd.exe to appear at the top of the menu.
  • Right-click on cmd.exe and choose Run As Administrator.
  • Type sfc /scannow. Ensure that there is a space between "sfc" and "/scannow"
  • The scan will start and may take from 20 minutes to an hour to run.
  • Please report the results from the SFC scan in your next post. Does it report "No Resource Integrity Violations Found", "Errors Repaired", or "Unable to Repair", or words to that effect?
  • If the SFC scan reports that some errors were corrected, and some errors were not corrected, please re-run the System File Checker scan again, as it does happen that it can not fix all of the errors detected in a single run.
  • If it again reports that some errors were corrected, and some errors were not corrected, please run it a third time.

If SFC continues to report uncorrectable errors, please immediately navigate to the folder: C:\Windows\Logs\CBS, locate the file "CBS.log", and copy, not move it, to your Desktop. That file is "volatile", so we need to ensure that it is not overwritten with new results.
If SFC reports that "No Resource Integrity Violations Found"; or, if SFC reports that it did correct all of the errors it detected, then there is no need to save the "CBS.log" file or to take any other action. You should just report the scan results message to me.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#8 edinnyc1

edinnyc1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 05 April 2018 - 10:21 PM

Hi Phil,

 

The version of Adwcleaner did not work on this computer.  I used google and found version 6.044 which did work.  I will post the scan log below.  I have not gotten a clean log because while it was cleaning, I got the bliue screen.  I did it again and had the same result.   Here is the first scan log:

 

Please let me know ii I should continue with the other steps you outline.

 

Thanks again,

Ed

 

# AdwCleaner v6.044 - Logfile created 05/04/2018 at 22:36:39
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-02-28.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Ed - LENOVO-42C241A7
# Running from : C:\Documents and Settings\Ed\My Documents\Downloads\adwcleaner_6.044.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Program Files\AVG Secure Search
Folder Found:  C:\Program Files\Common Files\AVG Secure Search
Folder Found:  C:\Documents and Settings\Ed\Local Settings\Application Data\Geckofx
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found:  HKLM\SOFTWARE\Classes\Search.BrowserWndAPI
Key Found:  HKLM\SOFTWARE\Classes\Search.BrowserWndAPI.1
Key Found:  HKLM\SOFTWARE\Classes\Search.PugiObj
Key Found:  HKLM\SOFTWARE\Classes\Search.PugiObj.1
Key Found:  HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found:  HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found:  HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found:  HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Found:  HKU\.DEFAULT\Software\AVG Secure Search
Key Found:  HKU\.DEFAULT\Software\AVG Security Toolbar
Key Found:  HKU\.DEFAULT\Software\IGearSettings
Key Found:  HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\Software\AVG Secure Search
Key Found:  HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\Software\AVG Security Toolbar
Key Found:  HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\Software\Headlight
Key Found:  HKU\S-1-5-18\Software\AVG Secure Search
Key Found:  HKU\S-1-5-18\Software\AVG Security Toolbar
Key Found:  HKU\S-1-5-18\Software\IGearSettings
Key Found:  HKCU\Software\AVG Secure Search
Key Found:  HKCU\Software\AVG Security Toolbar
Key Found:  HKCU\Software\Headlight
Key Found:  HKLM\SOFTWARE\AVG Secure Search
Key Found:  HKLM\SOFTWARE\AVG Security Toolbar
Key Found:  HKU\S-1-5-21-1926703586-1828195735-1695045918-1007\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Found:  HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found:  HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found:  HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
Key Found:  HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Value Found:  HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found:  HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found:  HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [7384 Bytes] - [05/04/2018 20:00:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [7079 Bytes] - [05/04/2018 22:36:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7152 Bytes] ##########
 

 

 


And yes I did enable to Rootkit check on Malwarebytes.

 

Regards,

Ed



#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,338 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:46 AM

Posted 06 April 2018 - 12:15 PM

Ed:
 
Thank you for your post.

.
 
:step1: Please run a System File Checker scan, as I requested in Step :step2: of this post.
 
.
 
:step2: You could try another older version of AdwCleaner, if your computer passes the System File Checker scan.  Older versions are available for download at this link.
 
.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,338 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:46 AM

Posted 09 April 2018 - 12:25 PM

Ed:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to me or to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#11 edinnyc1

edinnyc1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 09 April 2018 - 07:34 PM

Hi Phil,

 

I am still here and will take the next steps tonight if possible.  I use this laptop mostly Monday through Thursday.

 

Ed



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,338 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:46 AM

Posted 10 April 2018 - 05:24 AM

Ed:

 

Thank you for your post.  I am glad that you are still with me! :thumbup2:

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#13 edinnyc1

edinnyc1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 11 April 2018 - 10:26 PM

Hi Phil,

 

I tried both the System File Checker scan and the Adwcleaner and neither worked as expected

 

I ran System File checker.  It did a check but then disappeared and I did not find a log file anywhere.  I tried it again and the same thing happened.

 

With Adwcleaner, I scanned and it found a lot of things to correct.  I hit clean and at some point while cleaning it also closed on its own.  I opened it back up and there is also no cleaning log.  

 

Thanks,

Ed



#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,338 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:46 AM

Posted 12 April 2018 - 06:53 AM

Ed:

 

Thank you for your post.  The news is not good! :(

 

Your Operating System (Windows XP) has not been supported by Microsoft for over four years now: see this link.  You could try posting for assistance in our Windows XP Forum.  I have not personally used Windows XP in many a year because of the enormous security vulnerabilities with an OS that is not being patched, and hasn't been patched for four years and counting ...

 

I did find this link with instructions as to how to run the System File Checker scan in Windows XP.

 

You could try downloading and running Windows Repair All-In-One by Tweaking.com.  I have the Pro version installed on both of my computers, though I seldom have occasion to use it.  You should work through all of the steps, exactly as specified.  They also have a very good Help Forum that I visit every day.  Moderator Tom Boggin will look after you if you have questions or any problems arise.  I can tell you that the program has saved more than a few computers from the scrap yard.

 

Please let me know how you make out.  Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#15 edinnyc1

edinnyc1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 13 April 2018 - 09:56 AM

Phil, 

 

Thank you for your help.  The popup that was bothering me is gone so thanks so much for that.  I will be sure to do my financial transactions elsewhere and will try the utilities you suggest above.  

 

Thanks so much,

Ed






2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users