Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2015 01 Ran by david (administrator) on STOOBZ-E197E62A on 29-04-2015 23:33:38 Running from C:\Documents and Settings\david\My Documents\Downloads Loaded Profiles: david (Available profiles: david) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe () C:\Program Files\Rapoo\RpWireless\LedStatus.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe () C:\WINDOWS\system32\PSIService.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (SPEEDbit) C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe (SpeedBit Ltd.) C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe () C:\Program Files\IObit\Advanced SystemCare 8\RealTimeProtector.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-04-18] (AVAST Software) HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-04-30] (RealNetworks, Inc.) HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2014-12-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [LedStatus] => C:\Program Files\Rapoo\RpWireless\LedStatus.exe [1709736 2013-01-05] () HKLM\...\Run: [Launch] => C:\Program Files\Rapoo\RpWireless\Launch.exe [414008 2014-05-20] () HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.) HKLM\...\Run: [oxido] => C:\Documents and Settings\david\Local Settings\Application Data\oxido\oxido.exe [375262 2015-04-29] () HKLM Group Policy restriction on software: C:\Program Files\SUPERAntiSpyware <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software\Avast <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION HKU\S-1-5-21-1220945662-1644491937-839522115-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682656 2015-03-25] (Skype Technologies S.A.) HKU\S-1-5-21-1220945662-1644491937-839522115-1003\...\Run: [uTorrent] => C:\Documents and Settings\david\Application Data\uTorrent\uTorrent.exe [1699920 2015-04-28] (BitTorrent Inc.) HKU\S-1-5-21-1220945662-1644491937-839522115-1003\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit) HKU\S-1-5-21-1220945662-1644491937-839522115-1003\...\Run: [SpeedBitVideoAccelerator] => C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe [1517296 2014-12-19] (SPEEDbit) HKU\S-1-5-21-1220945662-1644491937-839522115-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6718744 2015-03-25] (SUPERAntiSpyware) HKU\S-1-5-21-1220945662-1644491937-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation) IFEO\BTHelpBrowser.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 8\AutoReactivator.exe IFEO\BTHelpNotifier.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 8\AutoReactivator.exe IFEO\unBTBDH.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 8\AutoReactivator.exe Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-01-13] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-11-26] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\david\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\david\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\david\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\david\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) BootExecute: autocheck autochk * aswBoot.exe /M:536353b6c /dir:"C:\Program Files\AVAST Software\Avast" ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1220945662-1644491937-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKU\S-1-5-21-1220945662-1644491937-839522115-1003 -> DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms} SearchScopes: HKU\S-1-5-21-1220945662-1644491937-839522115-1003 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms} SearchScopes: HKU\S-1-5-21-1220945662-1644491937-839522115-1003 -> {5C55B054-7132-440D-9FF3-D52C243BE404} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0D0ByDzy0DyE0A0CyB0F0AtCtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyCtB0EtAtCtCyBtGyCzy0EyDtGyDyE0FtDtGtBtD0BtAtGtCtD0A0Ezy0E0A0DyB0DyE0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzyzy0Azy0F0A0AtG0CzytD0EtGyEtDtCyEtGzy0C0CzytGyC0C0AtDyE0EtBtCyEyB0EyB2Q&cr=1426630756&ir= BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2014-12-15] (IObit) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-15] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-26] (AVAST Software) BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-15] (Oracle Corporation) Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2014-12-15] (IObit) Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.) Winsock: Catalog9 01 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [174832 2014-12-19] (SPEEDbit) Winsock: Catalog9 02 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [174832 2014-12-19] (SPEEDbit) Winsock: Catalog9 08 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [174832 2014-12-19] (SPEEDbit) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\david\Application Data\Mozilla\Firefox\Profiles\14f9zvre.default-1430298229953 FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1217157.dll No File FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-15] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-15] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent) FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-04-30] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-04-30] (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1220945662-1644491937-839522115-1003: @acestream.net/acestreamplugin,version=3.0.8 -> C:\Documents and Settings\david\Application Data\ACEStream\player\npace_plugin.dll [2014-12-03] (Innovative Digital Technologies) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-11] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-30] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-23] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03] Chrome: ======= CHR HomePage: Default -> CHR StartupUrls: Default -> "hxxp://www.google.co.uk/" CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\david\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.118\internal-nacl-plugin No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll () CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) CHR Plugin: (Ace Stream P2P Multimedia Plug-in) - C:\Documents and Settings\david\Application Data\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Motive Plug-in) - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) CHR Plugin: (Motive Management Plug-in) - C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Deployment Toolkit 7.0.720.14) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U72) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll No File CHR Profile: C:\Documents and Settings\david\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\david\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07] CHR Extension: (Google Drive) - C:\Documents and Settings\david\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07] CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\david\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-06-28] CHR Extension: (YouTube) - C:\Documents and Settings\david\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07] CHR Extension: (Google Search) - C:\Documents and Settings\david\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07] CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\david\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19] CHR Extension: (Google Wallet) - C:\Documents and Settings\david\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07] CHR Extension: (Gmail) - C:\Documents and Settings\david\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-18] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com) R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-26] (AVAST Software) S4 BT Help Wizard; C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed] S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\896\g2aservice.exe [13720 2014-01-07] (Citrix Online, a division of Citrix Systems, Inc.) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-12-15] (Oracle Corporation) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] () R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 VideoAcceleratorService; C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe [277744 2014-12-19] (SpeedBit Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2014-12-16] (Creative) R0 amdide; C:\WINDOWS\System32\DRIVERS\amdide.sys [11832 2015-01-27] (Advanced Micro Devices Inc.) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-26] () R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-11-26] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software) R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-04-18] (ALWIL Software) R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [253640 2014-11-26] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-26] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-26] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-04-18] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-04-18] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-26] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-26] () S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] () R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-01-27] (REALiX(tm)) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2014-12-16] (Creative Technology Ltd.) S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [15808 2014-06-04] (IObit) S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project) S4 IntelIde; No ImagePath S3 MREMPR5; No ImagePath S3 MRENDIS5; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) S3 WinRing0_1_2_0; No ImagePath U3 aswMBR; \??\C:\DOCUME~1\david\LOCALS~1\Temp\aswMBR.sys [X] ========================== Drivers MD5 ======================= C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17 C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5 C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557 C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9 C:\WINDOWS\System32\drivers\Ambfilt.sys 267FC636801EDC5AB28E14036349E3BE C:\WINDOWS\System32\DRIVERS\amdide.sys B39F8C63F6E0655B6CF99899BE039250 C:\WINDOWS\System32\DRIVERS\arp1394.sys B5B8A80875C1DEDEDA8B02765642C32F C:\WINDOWS\system32\drivers\aswHwid.sys 9D23DE88C3B18BA87CD4587177CA6CEA C:\WINDOWS\system32\drivers\aswKbd.sys D1AD7B24E80D34280B9D0463C881CF93 C:\WINDOWS\system32\drivers\aswMonFlt.sys 73A9014A9C4B19AA093DA05ED4246E27 C:\WINDOWS\System32\DRIVERS\aswNdis.sys 7B948E3657BEA62E437BC46CA6EF6012 C:\WINDOWS\system32\Drivers\aswNdis2.sys 3FCCD675CE8BE8C720A9CF66B2282081 C:\WINDOWS\system32\drivers\aswRdr.sys 0926775B8C3B32EE99921CCB0F85378E C:\WINDOWS\system32\Drivers\aswRvrt.sys 6544697080421E62E97AAFBD0A8AA391 C:\WINDOWS\system32\drivers\aswSnx.sys E73CBE3420ECFA8FF7D0467E170E335D C:\WINDOWS\system32\drivers\aswSP.sys 1624D5AD126B8AFE2B2E85E5B8364EB6 C:\WINDOWS\system32\drivers\aswTdi.sys 4C0ECF1AFA6992904814C74B99DD36F9 C:\WINDOWS\system32\Drivers\aswVmm.sys 0EFBC2962B156E8AC267F96D4D93EF06 C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159 C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68 C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9 C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9 C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32 C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE C:\Program Files\SystemRequirementsLab\cpudrv.sys D01F685F8B4598D144B0CCE9FF95D8D5 C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25 C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41 C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45 C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8 C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E C:\WINDOWS\system32\Drivers\Fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81 C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3 C:\WINDOWS\system32\Drivers\Flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0 C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0 C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 573C7D0A32852B48F3058CFD8026F511 C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1 C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38 C:\WINDOWS\system32\drivers\HWiNFO32.SYS 6FFB351C9C9BB88E91785F4CD7396D31 C:\WINDOWS\system32\Drivers\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30 C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E C:\WINDOWS\System32\drivers\RtkHDAud.sys 1F7C55FC32919644BA9124217A612A64 C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B C:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182 C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5 C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91 C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89 C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99 C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378 C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1 C:\WINDOWS\system32\drivers\mbam.sys A3F4391DFDF2F9E9FE4EAD193265A5AD C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6 C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1 C:\WINDOWS\System32\drivers\Monfilt.sys C7D9F9717916B34C1B00DD4834AF485C C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04 C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685 C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD C:\Program Files\Common Files\Motive\MREMP50.sys 9BD4DCB5412921864A7AACDEDFBD1923 C:\Program Files\Common Files\Motive\MRESP50.sys 07C02C892E8E1A72D6BF35004F0E9C5E C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0 C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027 C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1 C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136 C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5 C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D C:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22 C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849 C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0 C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0 C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D C:\WINDOWS\System32\DRIVERS\nic1394.sys E9E47CFB2D461FA0FC75B7A74C6383EA C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57 C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9 C:\WINDOWS\System32\DRIVERS\ohci1394.sys CA33832DF41AFB202EE7AEB05145922F C:\WINDOWS\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6 C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1 C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1 C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0 C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1 C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99 C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424 C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD C:\WINDOWS\System32\Drivers\PxHelp20.sys 40FEDD328F98245AD201CF5F9F311724 C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242 C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1 C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7 C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5 C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys CF84B1F0E8B14D4120AAF9CF35CBB265 C:\WINDOWS\System32\DRIVERS\RTL8139.SYS D507C1400284176573224903819FFDA3 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 39763504067962108505BFF25F024345 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 77B9FC20084B48408AD3E87570EB4A85 C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE C:\WINDOWS\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7 C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562 C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys 853DADF45A76CB18EBC415EEBFFE0065 C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F C:\WINDOWS\system32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D C:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7 C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01 C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290 C:\WINDOWS\System32\DRIVERS\tap0901.sys 432D9D823C4C26B6070C41BAD4404CE4 C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397 C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61 C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9 C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31 C:\WINDOWS\System32\Drivers\usbaapl.sys EC1C23779BB41A8B2AB2AA6FCE308BDE C:\WINDOWS\System32\drivers\usbaudio.sys 65898A183FBF1D1F7759D5CCB364DCD4 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FC C:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204E C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C C:\WINDOWS\System32\DRIVERS\usbohci.sys 0DAECCE65366EA32B162F85F07C6753B C:\WINDOWS\System32\DRIVERS\usbscan.sys F8EDE2B6928970DCE3D5614C27D9E7F6 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9 C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1 C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025 C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6 C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F C:\WINDOWS\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8 ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-29 23:32 - 2015-04-29 23:34 - 00000000 ____D () C:\FRST 2015-04-29 23:31 - 2015-04-29 23:31 - 00002173 _____ () C:\Documents and Settings\david\My Documents\aswMBR.txt 2015-04-29 23:31 - 2015-04-29 23:31 - 00000512 _____ () C:\Documents and Settings\david\My Documents\MBR.dat 2015-04-29 22:46 - 2015-04-29 22:47 - 00003822 _____ () C:\Documents and Settings\david\Desktop\Rkill.txt 2015-04-29 22:24 - 2015-04-29 22:24 - 00006096 __RSH () C:\Documents and Settings\All Users\ntuser.pol 2015-04-29 20:07 - 2015-04-29 23:34 - 00000000 ____D () C:\Documents and Settings\david\Local Settings\Application Data\oxido 2015-04-29 17:10 - 2015-04-29 17:24 - 00000000 ____D () C:\Program Files\Driver Tool 2015-04-29 08:30 - 2015-04-29 22:34 - 00000237 _____ () C:\WINDOWS\wiadebug.log 2015-04-29 08:30 - 2015-04-29 22:34 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2015-04-29 08:30 - 2015-04-29 22:31 - 00018236 _____ () C:\WINDOWS\SchedLgU.Txt 2015-04-29 08:30 - 2015-04-29 08:30 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log 2015-04-26 12:14 - 2015-04-26 12:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2015-04-25 14:19 - 2015-04-25 14:19 - 00090112 _____ () C:\WINDOWS\Minidump\Mini042515-01.dmp 2015-04-24 12:13 - 2015-04-24 12:13 - 00000000 ____D () C:\Documents and Settings\david\Application Data\SUPERAntiSpyware.com 2015-04-24 12:12 - 2015-04-29 10:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2015-04-24 12:12 - 2015-04-24 12:12 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk 2015-04-24 12:12 - 2015-04-24 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware 2015-04-24 12:12 - 2015-04-24 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2015-04-24 10:49 - 2015-04-24 10:49 - 00000000 ___HD () C:\WINDOWS\PIF 2015-04-23 21:46 - 2015-04-25 14:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-22 11:58 - 2015-04-22 11:58 - 00090112 _____ () C:\WINDOWS\Minidump\Mini042215-01.dmp 2015-04-20 21:31 - 2015-04-20 21:31 - 00000000 ____D () C:\WINDOWS\system32\appmgmt 2015-04-19 20:58 - 2015-04-19 20:58 - 00026027 _____ () C:\Documents and Settings\david\Desktop\bookmarks-2015-04-19.json 2015-04-18 23:00 - 2015-04-18 23:00 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\AVAST Software 2015-04-18 22:45 - 2015-04-18 22:45 - 00001797 _____ () C:\Documents and Settings\All Users\Desktop\Avast SafeZone.lnk 2015-04-18 22:39 - 2014-11-26 20:15 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-04-18 22:28 - 2015-04-18 22:28 - 00000000 ____D () C:\Documents and Settings\david\Desktop\Unused Desktop Shortcuts 2015-04-18 22:19 - 2015-04-18 22:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2015-04-18 22:18 - 2015-04-18 22:19 - 00000000 ____D () C:\Program Files\QuickTime 2015-04-18 22:17 - 2015-04-26 12:15 - 00000000 ____D () C:\Program Files\iTunes 2015-04-18 22:17 - 2015-04-26 12:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes 2015-04-18 22:17 - 2015-04-26 12:14 - 00000000 ____D () C:\Program Files\iPod 2015-04-18 18:37 - 2015-04-18 18:37 - 00090112 _____ () C:\WINDOWS\Minidump\Mini041815-01.dmp 2015-04-15 21:10 - 2015-04-18 22:17 - 00000000 ____D () C:\Program Files\iTunes(2) 2015-04-15 21:10 - 2015-04-18 22:17 - 00000000 ____D () C:\Program Files\iPod(2) 2015-04-15 21:10 - 2015-04-18 22:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB(2) 2015-04-13 13:46 - 2015-04-18 22:18 - 00000000 ____D () C:\Program Files\QuickTime(2) 2015-04-12 00:56 - 2015-04-29 23:19 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2015-04-03 18:24 - 2015-04-03 18:24 - 00000000 ____D () C:\Documents and Settings\david\Local Settings\Application Data\Geckofx 2015-04-03 18:19 - 2015-04-03 18:19 - 00000051 _____ () C:\Documents and Settings\david\My Documents\CGhostUpdate.log 2015-04-03 13:46 - 2015-04-03 18:13 - 00000000 ____D () C:\Program Files\CyberGhost VPN 2015-03-30 22:38 - 2015-03-30 22:38 - 00000000 __SHD () C:\Documents and Settings\LocalService\IETldCache ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-29 23:36 - 2014-01-08 18:55 - 00000000 ____D () C:\Documents and Settings\david\Application Data\Skype 2015-04-29 23:35 - 2014-01-07 22:47 - 00000000 ____D () C:\Documents and Settings\david\Local Settings\Temp 2015-04-29 23:11 - 2015-01-19 20:42 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-04-29 23:00 - 2014-01-07 23:03 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-29 22:41 - 2014-01-23 10:45 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-04-29 22:38 - 2014-01-08 23:14 - 00000000 ____D () C:\Documents and Settings\david\Application Data\uTorrent 2015-04-29 22:35 - 2014-01-07 22:40 - 02075950 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-29 22:34 - 2014-01-07 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-04-29 22:31 - 2014-01-07 22:47 - 00000278 ___SH () C:\Documents and Settings\david\ntuser.ini 2015-04-29 22:31 - 2014-01-07 22:47 - 00000000 ____D () C:\Documents and Settings\david 2015-04-29 22:22 - 2014-02-20 19:08 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2015-04-29 21:17 - 2014-03-08 21:51 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk 2015-04-29 21:15 - 2014-01-07 22:39 - 00000000 ____D () C:\WINDOWS\system32\Restore 2015-04-29 21:14 - 2014-02-20 18:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData 2015-04-29 20:08 - 2014-01-08 23:49 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2015-04-29 10:04 - 2015-03-05 15:06 - 00000000 ____D () C:\Documents and Settings\david\Desktop\Old Firefox Data 2015-04-29 10:03 - 2014-02-20 18:57 - 31105024 _____ () C:\WINDOWS\system32\config\software.iobit 2015-04-29 10:03 - 2014-02-20 18:57 - 00720896 _____ () C:\WINDOWS\system32\config\default.iobit 2015-04-29 10:03 - 2014-02-20 18:57 - 00065536 _____ () C:\WINDOWS\system32\config\SECURITY.iobit 2015-04-29 10:03 - 2014-02-20 18:57 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iobit 2015-04-29 10:03 - 2014-01-07 22:45 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2015-04-29 10:03 - 2014-01-07 22:45 - 00000000 __SHD () C:\Documents and Settings\LocalService 2015-04-29 10:00 - 2014-01-07 23:03 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-29 08:30 - 2004-08-04 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2015-04-28 23:07 - 2014-01-07 22:45 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini 2015-04-27 23:17 - 2014-04-30 19:46 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1220945662-1644491937-839522115-1003.job 2015-04-26 16:34 - 2014-07-10 23:59 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-04-26 12:15 - 2015-02-24 14:36 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk 2015-04-25 14:19 - 2015-03-02 21:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-25 14:19 - 2014-01-12 10:25 - 00000000 ____D () C:\WINDOWS\Minidump 2015-04-25 11:08 - 2015-03-02 21:17 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2015-04-25 11:08 - 2015-03-02 21:17 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2015-04-24 19:02 - 2014-01-22 16:03 - 00000000 ____D () C:\Documents and Settings\david\Application Data\vlc 2015-04-24 10:53 - 2014-07-10 23:58 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-04-19 21:34 - 2015-01-05 15:20 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-04-19 21:34 - 2015-01-05 15:20 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-04-19 21:34 - 2014-01-08 11:17 - 00000000 ____D () C:\Documents and Settings\david\Local Settings\Application Data\Adobe 2015-04-18 23:02 - 2014-12-15 10:42 - 00001822 _____ () C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 8.lnk 2015-04-18 23:01 - 2014-01-07 22:38 - 00000000 ____D () C:\WINDOWS\Registration 2015-04-18 22:45 - 2014-11-26 20:16 - 00001737 _____ () C:\Documents and Settings\All Users\Desktop\Avast Internet Security.lnk 2015-04-18 22:45 - 2014-11-26 20:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software 2015-04-18 22:44 - 2014-01-23 10:44 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2015-04-18 22:44 - 2014-01-23 10:44 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2015-04-18 22:40 - 2014-01-08 18:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype 2015-04-18 22:29 - 2015-03-14 10:34 - 00000664 _____ () C:\Documents and Settings\david\Local Settings\Application Data\d3d9caps.dat 2015-04-18 22:17 - 2014-01-08 23:47 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-04-13 21:08 - 2014-02-22 11:38 - 00000000 ____D () C:\Documents and Settings\david\My Documents\My Digital Editions 2015-04-12 16:34 - 2014-01-07 22:15 - 00000000 ____D () C:\WINDOWS\Help 2015-04-03 09:05 - 2014-01-07 23:03 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2015-03-31 19:06 - 2014-01-22 20:36 - 00020480 _____ () C:\Documents and Settings\david\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-30 23:17 - 2014-04-30 19:46 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1220945662-1644491937-839522115-1003.job ==================== Files in the root of some directories ======= 2015-03-14 10:34 - 2015-04-18 22:29 - 0000664 _____ () C:\Documents and Settings\david\Local Settings\Application Data\d3d9caps.dat 2014-01-22 20:36 - 2015-03-31 19:06 - 0020480 _____ () C:\Documents and Settings\david\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some content of TEMP: ==================== C:\Documents and Settings\david\Local Settings\Temp\DriverTool.exe C:\Documents and Settings\david\Local Settings\Temp\vlc-2.2.1-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================