Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help unable to install any antivirus [Closed]

antivirus installation

  • This topic is locked This topic is locked

#1
lusilusi

lusilusi

    New Member

  • Member
  • Pip
  • 7 posts

Malwarebytes did not solve the problem...i cannot run safe mode with networking ..some downloads are stuck on 99 percent..otherwise computer behave ok .I can send diagnostic log...

~ Report of ZHPDiag v2015.6.4.54 - Nicolas Coolman  (5/31/2015)

~ Launched by XXXX (6/20/2015 2:16:18 PM)
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by 
~ Version State : New version available
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found
 
 
---\\ Internet browsers
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 38.0.5
GCIE: Google Chrome v43.0.2357.124 (Defaut)
 
---\\ Windows product information
~ Langage: Anglais
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
 
---\\ System protection software
Malwarebytes Anti-Malware version 2.1.6.1022
 
---\\ System optimization software
 
---\\ Sharing software PeerToPeer
 
---\\ Surveillance software
Adobe Flash Player 15 ActiveX
Adobe Reader XI
 
---\\ Information on the system
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3325.5 MB (41% free)
System Restore: Activé (Enable)
System drive C: has 704 GB (76%) free of 922 GB
 
---\\ Connection to the system mode
~ Computer Name: XXXX-0EA46F90D0
~ User Name: XXXX
~ All Users Names: XXXX, SUPPORT_388945a0, HelpAssistant, Guest, Administrator, 
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
 
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\XXXX\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\XXXX\Application Data\
~ %Desktop% : C:\Documents and Settings\XXXX\Desktop\
~ %Favorites% : C:\Documents and Settings\XXXX\Favorites\
~ %LocalAppData% : C:\Documents and Settings\XXXX\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\XXXX\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
 
---\\ Enumeration of the disk units
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 704 Go of 922 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 377 Go of 941 Go)
G: CD-ROM drive (Free 0 Go of 0 Go)
I: Hard drive, Flash drive, Thumb drive (Free 560 Go of 699 Go)
J: CD-ROM drive (Free 0 Go of 0 Go)
 
 
 
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified  =>Hijacker.Application
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: Modified
~ Security Center: 49 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Search Generic System Files
[MD5.2BB75B7F548D82A099125D0C5971DE7D] - (.Microsoft Corporation - Windows Explorer.) (.2/12/2014 - 3:55:48 PM.) -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.8AF91E4B4C1F5338EBE1548117304296] - (.Microsoft Corporation - Internet Extensions for Win32.) (.3/6/2014 - 7:59:23 PM.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.4A83111AA75D8A26AB0EABC03CFC95E0] - (.Microsoft Corporation - Windows NT Logon Application.) (.2/12/2014 - 3:56:28 PM.) -- C:\WINDOWS\system32\Winlogon.exe [509440]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2/12/2014 - 3:55:42 PM.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.4/13/2008 - 10:10:32 PM.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2/12/2014 - 3:55:44 PM.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44544]
[MD5.3FCC124B6E08EE0E9351F717DD136939] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.6/16/2010 - 4:59:42 PM.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [138752]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2/12/2014 - 3:55:57 PM.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.4C51D5275AE8A16999EDFE7E647D00DE] - (.Microsoft Corporation - NT File System Driver.) (.11/18/2008 - 4:02:08 PM.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [576384]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) (.2/12/2014 - 4:00:21 PM.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.47EA20320E3D6FDC7B7BB22B2B881CA6] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.9/4/2009 - 3:43:46 PM.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [195712]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.4/14/2008 - 12:10:28 AM.) -- C:\WINDOWS\system32\Drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [52352]
~ Generic Processes:  Scanned in 00mn AMs
 
 
 
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/245
~ Mes musiques (My Musics) : 1/9
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 2/5585
~ Mon Bureau (My Desktop) : 1/52
~ Menu demarrer (Programs) : 1/86
~ Hidden Files:  Scanned in 02mn AMs
 
 
 
---\\ Process running
[MD5.9D35F4CD788ED5FF8CC22F89317E7C83] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe   [878368] [PID.1016]
[MD5.805310DDD49C3B8F9CA759040F676A5F] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe   [614400] [PID.1104]
[MD5.03CA51525DEA925DB51B2F1727D10D7D] - (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\XXXX\Application Data\uTorrent\uTorrent.exe   [1769824] [PID.332]  =>P2P.BitTorrent
[MD5.6B73E94F9FE82D45781B8C8A09483082] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe   [43336] [PID.540]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe   [390504] [PID.1480]
[MD5.BEFF149A82F78B648046108EB9D28893] - (.IObit - Product Updater.) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe   [2151200] [PID.304]
[MD5.09B32CA2265397A6FADB3AB34F34CA9A] - (.No owner - MA_CMIDI USB MIDI Installer Service.) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe   [94208] [PID.1576]
[MD5.67785D54BCECA5683607542997AE3A70] - (.Native Instruments GmbH - NIHardwareService.) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe   [4595064] [PID.660]
[MD5.EF9978C1D89C88727DB2AAA75B5104E7] - (.Nalpeiron Ltd. - This service enables products that use the.) -- C:\WINDOWS\system32\nlssrv32.exe   [71280] [PID.204]
[MD5.F7B2140AE98B068A6F0FD19685570279] - (.Vimicro - Vimicro.) -- C:\WINDOWS\VMSNAP3.exe   [122880] [PID.3796]
[MD5.A08A6D194884DFC35C619F8A5E1FFFBD] - (.No owner - Real-time Protector.) -- C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe   [1120032] [PID.3440]
[MD5.32498E50D40C37E874CB25D9624D7B74] - (...) -- C:\Program Files\Calibre2\calibre.exe   [249856] [PID.2400]
[MD5.4547360EB0D90804B3AD080CE1D1D814] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe   [813896] [PID.4004]
[MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [8214016] [PID.12484]
~ Processes Running:  Scanned in 01mn AMs
 
 
 
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 22 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [XXXX - 8ssyqsaa.default\[email protected]] [] SeguranГ§a do navegador Avira v1.4.9 (..)
M2 - MFEP: prefs.js [XXXX - 8ssyqsaa.default\[email protected]] [] Advanced SystemCare Surfing Protection v1.0 (..)
M2 - MFEP: Extension [XXXX - 8ssyqsaa.default] [email protected]
M2 - MFEP: Extension [XXXX - 8ssyqsaa.default] [email protected]
M2 - MFEP: Extension [XXXX - 8ssyqsaa.default] [email protected]
M2 - MFEP: Extension [XXXX - 8ssyqsaa.default] [email protected]
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml
~ Firefox Browser: 24 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru
~ IE Browser: 11 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management:  Scanned in 00mn AMs
 
 
 
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys:  Scanned in 00mn AMs
 
 
 
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File:  Scanned in 00mn AMs
 
 
 
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: ExplorerWnd Helper - [HKLM]{10921475-03CE-4E04-90CE-E2E7EF20C814} . (.IObit - Uninstall for explorer.) -- C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O3 - Toolbar: Яндекс.Бар - [HKLM]{91397D20-1446-11D4-8AF4-0040CA1127B6} . (.ООО «ЯНДЕКС» - Яндекс.Бар для Microsoft Internet Explorer.) -- C:\Program Files\Yandex\YandexBarIE\yndbar.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{91397D20-1446-11D4-8AF4-0040CA1127B6} Orphan key
~ Toolbar:  Scanned in 00mn AMs
 
 
 
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [{8467e01f-0496-42ce-b247-88ef205b4880}] . (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Documents and Settings\All Users\Application Data\Package Cache\{8467e01f-0496-42ce-b247-88ef205b4880}\Avira.OE.Setup.Bundle.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\XXXX\Application Data\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - HKCU\..\Run: [AdobeBridge] Orphan key
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe 
O4 - HKUS\.DEFAULT\..\Run: [AviraSpeedup] C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe (.not file.) 
O4 - HKUS\S-1-5-18\..\Run: [AviraSpeedup] C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe (.not file.) 
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] . (.Microsoft Corporation - Microsoft Narrator.) -- C:\WINDOWS\system32\Narrator.exe 
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] . (.Microsoft Corporation - Microsoft Narrator.) -- C:\WINDOWS\system32\Narrator.exe 
O4 - HKUS\S-1-5-21-1177238915-1035525444-682003330-1003\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\XXXX\Application Data\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-1177238915-1035525444-682003330-1003\..\Run: [AdobeBridge] Orphan key
O4 - HKUS\S-1-5-21-1177238915-1035525444-682003330-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe 
~ Application:  Scanned in 00mn AMs
 
 
 
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
~ IE Extra Buttons:  Scanned in 00mn AMs
 
 
 
---\\ Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"
~ IE Paramètres WEB:  Scanned in 00mn AMs
 
 
 
---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
~ IE Zone Confiance:  Scanned in 00mn AMs
 
 
 
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{354D136D-1AED-4840-AC9D-9520BD7C409E}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{354D136D-1AED-4840-AC9D-9520BD7C409E}: DhcpDomain = skknet.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{354D136D-1AED-4840-AC9D-9520BD7C409E}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{354D136D-1AED-4840-AC9D-9520BD7C409E}: DhcpDomain = skknet.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{354D136D-1AED-4840-AC9D-9520BD7C409E}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{354D136D-1AED-4840-AC9D-9520BD7C409E}: DhcpDomain = skknet.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
~ Domain:  Scanned in 00mn AMs
 
 
 
---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn AMs
 
 
 
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon:  Scanned in 00mn AMs
 
 
 
---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO:  Scanned in 00mn AMs
 
 
 
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) . (.No owner - MA_CMIDI USB MIDI Installer Service.) - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
~ Services: 12 Legitimates Filtered in 02mn AMs
 
 
 
---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Task Planned Automatically (039)
O39 - APT:  - (..) -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job   [220]
O39 - APT:  - (..) -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job   [214]
O39 - APT:  - (..) -- C:\WINDOWS\Tasks\shutdown.job   [258]
~ Scheduled Task: 16 Legitimates Filtered in 00mn AMs
 
 
 
---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Installed Component - S-1-5-21-1177238915-1035525444-682003330-1003 - >{X9B49E34-C7CC-11D0-8953-00A0C90347FF} -- Not Hexadécimal CLSID
~ Active Setup: 20 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Software installed (O42)
O42 - Logiciel: Ample Bass P version 1.0.0 - (.Ample Sound Technology Co., Ltd..) [HKLM] -- {9E12DB30-0896-11E4-9191-0800200C9A66}_is1
O42 - Logiciel: Any Wallpaper 1.1.1 - (.AnyUtils.) [HKLM] -- Any Wallpaper_is1
O42 - Logiciel: Aya Audio to MP3/WMA/AAC/MP2/WAV/OGG/M4A/AMR Audio Converter V1 - (.Aya Software.) [HKLM] -- Aya Audio to MP3/WMA/AAC/MP2/WAV/OGG/M4A/AMR Aud~232DB3A3_is1
O42 - Logiciel: Bulgarian (Phonetic) by Iliya Dankov - (.ILIYA DANKOV - www.dankov.hit.bg.) [HKLM] -- {57BA3105-8E44-45BD-BB3A-F0BD5EA0575B}
O42 - Logiciel: CoolEdit Pro - (.EKE58.) [HKLM] -- {0D2A50C4-8DE4-4A47-B6DD-F9F0CE24E269}
O42 - Logiciel: FlexType 2K - (...) [HKLM] -- FlexType 2K
O42 - Logiciel: MorphoX - (...) [HKCU] -- MorphoX
O42 - Logiciel: PSP VintageWarmer2 2.5.2 32bit - (.PSPaudioware.com.) [HKLM] -- PSP VintageWarmer2 2.5.2 32bit
O42 - Logiciel: Perfectly Clear Plugin 1.7.0 - (.Athentech.) [HKLM] -- Perfectly Clear Plugin
O42 - Logiciel: Phonetic Cyrillic for Windows 2000 v1.0 - (.5Group & Co..) [HKLM] -- BGPHO-WIN2K_is1
O42 - Logiciel: REmatrix - (.Overloud.) [HKLM] -- {FA90E0EB-2AF1-44E8-BBA0-7D151516995D}_is1
O42 - Logiciel: Service Installer II - (.Nalpeiron.) [HKLM] -- Service Installer II
O42 - Logiciel: Service Installer II - (.Nalpeiron.) [HKLM] -- {251D3D16-D48D-40E3-9B35-243274D64B78}
O42 - Logiciel: SoulSeek 157 NS 13e - (...) [HKLM] -- Soulseek2  =>P2P.SoulSeek
O42 - Logiciel: Spirit of Revenge - Cursed Castle Collectors Edition - (.LeeGT-Games.) [HKLM] -- Spirit of Revenge - Cursed Castle Collectors Edition
O42 - Logiciel: UmmyVideoDownloader - (...) [HKLM] -- {E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1
O42 - Logiciel: Valve Exciter version 1.1.0 - (.AudioThing.) [HKLM] -- {7AF49065-7792-4BF8-BD39-BC50F2E3AA11}_is1
~ Logic: 40 Legitimates Filtered in 01mn AMs
 
 
 
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ample Sound]
[HKCU\Software\Anbo]
[HKCU\Software\DATECS ltd]
[HKCU\Software\O2D]
[HKCU\Software\PSP-audioware]
[HKCU\Software\Soulseek2]  =>P2P.SoulSeek
[HKCU\Software\Yandex]
[HKLM\Software\DATECS ltd]
~ Key Software: 463 Legitimates Filtered in 01mn AMs
 
 
 
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 6/6/2015 - 12:24:17 PM - [] ----D C:\Program Files\5Group
O43 - CFD: 10/28/2014 - 3:26:56 PM - [] ----D C:\Program Files\Ample Sound
O43 - CFD: 2/12/2015 - 1:31:52 AM - [] ----D C:\Program Files\AnyUtils
O43 - CFD: 10/8/2014 - 10:52:18 PM - [] ----D C:\Program Files\Aya Audio to Audio Converter
O43 - CFD: 6/19/2015 - 11:08:20 PM - [] ----D C:\Program Files\CursorMania
O43 - CFD: 6/15/2015 - 9:30:57 AM - [] ----D C:\Program Files\cyrillic
O43 - CFD: 6/6/2015 - 12:12:43 PM - [] ----D C:\Program Files\Datecs
O43 - CFD: 6/15/2015 - 9:31:06 AM - [] ----D C:\Program Files\Flex_utl
O43 - CFD: 6/19/2015 - 10:59:47 PM - [] ----D C:\Program Files\LeeGT-Games
O43 - CFD: 10/20/2014 - 6:49:19 PM - [] ----D C:\Program Files\Pro-53
O43 - CFD: 6/15/2015 - 9:30:57 AM - [] ----D C:\Program Files\Protype
O43 - CFD: 2/14/2015 - 11:43:41 PM - [] ----D C:\Program Files\RTEQ
O43 - CFD: 3/15/2015 - 10:26:20 AM - [] ----D C:\Program Files\SoulseekNS  =>P2P.SoulSeek
O43 - CFD: 6/15/2015 - 9:31:06 AM - [] ----D C:\Program Files\standart
O43 - CFD: 11/6/2014 - 4:40:24 PM - [] ----D C:\Program Files\Yandex
O43 - CFD: 6/15/2015 - 9:00:43 AM - [] ----D C:\Documents and Settings\All Users\Application Data\ProductData
O43 - CFD: 4/16/2015 - 12:20:03 AM - [] ----D C:\Documents and Settings\All Users\Application Data\Soulseek  =>P2P.SoulSeek
O43 - CFD: 11/6/2014 - 6:23:47 PM - [0] ----D C:\Documents and Settings\All Users\Application Data\SpeedBit
O43 - CFD: 11/6/2014 - 4:40:42 PM - [] ----D C:\Documents and Settings\All Users\Application Data\Yandex
O43 - CFD: 10/28/2014 - 4:39:42 PM - [] --H-D C:\Documents and Settings\All Users\Application Data\{3006A797-CDFA-44FC-98EF-155579E2CDBF}
O43 - CFD: 10/28/2014 - 4:48:10 PM - [] --H-D C:\Documents and Settings\All Users\Application Data\{3A409EC6-A047-4692-9F61-C2BBA9F5CA82}
O43 - CFD: 10/5/2014 - 7:30:50 PM - [0] ----D C:\Documents and Settings\All Users\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 10/28/2014 - 4:49:46 PM - [] --H-D C:\Documents and Settings\All Users\Application Data\{56C5D4F0-9E6D-421F-AA70-A7EF727C1C69}
O43 - CFD: 10/28/2014 - 4:59:40 PM - [] --H-D C:\Documents and Settings\All Users\Application Data\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}
O43 - CFD: 10/28/2014 - 4:45:50 PM - [] --H-D C:\Documents and Settings\All Users\Application Data\{6495CC1D-C10B-40C5-A92B-241A2B2C8D20}
O43 - CFD: 11/5/2014 - 12:23:21 AM - [] --H-D C:\Documents and Settings\All Users\Application Data\{70E22094-D034-40C3-89F7-AA970A0C0232}
O43 - CFD: 10/28/2014 - 4:45:24 PM - [] --H-D C:\Documents and Settings\All Users\Application Data\{9C588B44-42B6-434D-90BD-824BBB1F328A}
O43 - CFD: 10/28/2014 - 4:45:12 PM - [] --H-D C:\Documents and Settings\All Users\Application Data\{B49C92CB-1A73-4A41-A84C-5091582E7AA8}
O43 - CFD: 10/8/2014 - 11:03:30 PM - [] --H-D C:\Documents and Settings\All Users\Application Data\{E8674DB2-4487-4238-A191-4DD8B190B0BC}
O43 - CFD: 10/28/2014 - 4:45:37 PM - [] --H-D C:\Documents and Settings\All Users\Application Data\{F57C376F-E7ED-4527-9EE2-4D50799418BC}
O43 - CFD: 6/6/2015 - 12:24:17 PM - [] ----D C:\Documents and Settings\All Users\Start Menu\Programs\5Group
O43 - CFD: 10/28/2014 - 3:26:55 PM - [] ----D C:\Documents and Settings\All Users\Start Menu\Programs\Ample Sound
O43 - CFD: 2/12/2015 - 1:31:52 AM - [] ----D C:\Documents and Settings\All Users\Start Menu\Programs\AnyUtils
O43 - CFD: 11/5/2014 - 12:23:22 AM - [] ----D C:\Documents and Settings\All Users\Start Menu\Programs\Perfectly Clear Plugin
O43 - CFD: 10/11/2014 - 7:54:22 PM - [] ----D C:\Documents and Settings\All Users\Start Menu\Programs\PSPaudioware
O43 - CFD: 1/28/2015 - 12:06:12 AM - [] ----D C:\Documents and Settings\All Users\Start Menu\Programs\UmmyVideoDownloader
O43 - CFD: 11/6/2014 - 4:40:43 PM - [] ----D C:\Documents and Settings\All Users\Start Menu\Programs\Яндекс
O43 - CFD: 10/28/2014 - 3:32:01 PM - [] ----D C:\Documents and Settings\XXXX\Application Data\Ample Sound
O43 - CFD: 6/19/2015 - 8:12:50 PM - [] ----D C:\Documents and Settings\XXXX\Application Data\Graphium
O43 - CFD: 6/19/2015 - 6:28:25 PM - [] ----D C:\Documents and Settings\XXXX\Application Data\MysteryTag
O43 - CFD: 11/6/2014 - 6:17:22 PM - [] ----D C:\Documents and Settings\XXXX\Application Data\SpeedBit
O43 - CFD: 3/15/2015 - 10:28:10 AM - [] ----D C:\Documents and Settings\XXXX\Application Data\Ultra Fractal 5
O43 - CFD: 2/12/2015 - 1:14:24 AM - [0] ----D C:\Documents and Settings\XXXX\Application Data\WebacamSurveyor
O43 - CFD: 11/6/2014 - 4:40:44 PM - [] ----D C:\Documents and Settings\XXXX\Application Data\Yandex
O43 - CFD: 2/12/2015 - 1:31:55 AM - [] ----D C:\Documents and Settings\XXXX\Local Settings\Application Data\AnyUtils
O43 - CFD: 11/19/2014 - 6:38:13 PM - [] ----D C:\Documents and Settings\XXXX\Local Settings\Application Data\HiSuite
O43 - CFD: 4/27/2015 - 12:38:54 AM - [] ----D C:\Documents and Settings\XXXX\Local Settings\Application Data\UmmyVideoDownloader
O43 - CFD: 11/6/2014 - 4:40:48 PM - [] ----D C:\Documents and Settings\XXXX\Local Settings\Application Data\Yandex
O43 - CFD: 6/19/2015 - 6:22:41 PM - [] ----D C:\Documents and Settings\XXXX\Start Menu\Programs\Beyond the Invisible - Evening 1.0
O43 - CFD: 6/19/2015 - 6:06:57 PM - [] ----D C:\Documents and Settings\XXXX\Start Menu\Programs\Vampire Legends 2 - The Untold Story of Elizabeth Bathory CE
~ Program Folder: 366 Legitimates Filtered in 01mn AMs
 
 
 
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.53DC1951A78FDEBFCAD28F6B4F682ACC] - 6/19/2015 - 4:39:35 PM ---A- . (...) -- C:\WINDOWS\system.ini   [309]
O44 - LFC:[MD5.C06353363CE1FAD2128FA88B94CB3165] - 6/19/2015 - 4:39:35 PM ---A- . (...) -- C:\WINDOWS\win.ini   [681]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 6/19/2015 - 7:32:42 PM ---A- . (...) -- C:\WINDOWS\Sti_Trace.log   [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 6/20/2015 - 11:05:23 AM ---A- . (...) -- C:\asc_rdflag   [0]
O44 - LFC:[MD5.F9C4FBBEF52308C5088767B74570FF8B] - 6/20/2015 - 12:40:54 PM ---A- . (...) -- C:\gqlv.exe   [103140]
O44 - LFC:[MD5.7DA0B59442D5DD7CE2A9B0A8125A1252] - 6/20/2015 - 12:47:22 PM ---A- . (...) -- C:\WINDOWS\mlkumidi.log   [19909]
O44 - LFC:[MD5.BA610CE795FC15D834578AF67B845519] - 6/20/2015 - 12:48:01 PM ---A- . (...) -- C:\WINDOWS\wiadebug.log   [159]
O44 - LFC:[MD5.A83AE8DA3C03D508390ABE59F2706DD1] - 6/20/2015 - 12:48:03 PM ---A- . (...) -- C:\WINDOWS\wiaservc.log   [52]
O44 - LFC:[MD5.B1008433D80F720EC10141B88C42B66B] - 6/20/2015 - 9:21:34 AM ---A- . (...) -- C:\JavaRa.log   [412]
O44 - LFC:[MD5.9C26D3FBEDAF383359F7F5550D92A556] - 6/5/2015 - 2:26:01 PM ---A- . (...) -- C:\WINDOWS\OverlayXP.ini   [20]
O44 - LFC:[MD5.0860F429B1A0276EE75FAFAB05FC9CA7] - 6/6/2015 - 11:09:33 AM ---A- . (...) -- C:\WINDOWS\system32\newdll.dll   [45056]
~ Files: 25 Legitimates Filtered in 02mn AMs
 
 
 
---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\SoulseekNS\slsk.exe" [Enabled] .(..) -- C:\Program Files\SoulseekNS\slsk.exe  =>P2P.SoulSeek
O47 - AAKE:Key Export SP - "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [Enabled] .(.Alcohol Soft Development Team.) -- C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O47 - AAKE:Key Export SP - "C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe" [Enabled] .(..) -- C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
~ Keys Export: 25 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \drivers.desc\"mciqtz32.dll"="mciqtz32.dll" . (...) -- C:\WINDOWS\system32\mciqtz32.dll
~ TDSD: 28 Legitimates Filtered in 00mn AMs
 
 
 
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Praetorian  [Key] . (.ООО «ЯНДЕКС» - Защитник Яндекс.) -- c:\documents and settings\xxxx\local settings\application data\yandex\updater\praetorian.exe
O53 - SMSR:HKLM\...\startupreg\uTorrent  [Key] . (.BitTorrent Inc. - µTorrent.) -- c:\documents and settings\xxxx\application data\utorrent\utorrent.exe  =>P2P.BitTorrent
~ SMSR Keys: 18 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
~ MWPS: 7 Legitimates Filtered in 00mn AMs
 
 
 
---\\ System Drivers List (SDL) (O58)
O58 - SDL:6/15/2010 - 10:32:04 AM ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\WINDOWS\system32\Drivers\ADIHdAud.sys   [339456]
O58 - SDL:2/12/2014 - 3:59:49 PM ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys   [262528]
O58 - SDL:7/26/2011 - 4:26:44 PM ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\WINDOWS\system32\Drivers\dgderdrv.sys   [20032]
O58 - SDL:9/4/2013 - 10:22:02 AM ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver.) -- C:\WINDOWS\system32\Drivers\eubakup.sys   [52040]
O58 - SDL:9/4/2013 - 10:22:02 AM ---A- . (...) -- C:\WINDOWS\system32\Drivers\EUBKMON.sys   [40776]
O58 - SDL:9/4/2013 - 10:22:02 AM ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver.) -- C:\WINDOWS\system32\Drivers\eudskacs.sys   [14920]
O58 - SDL:9/4/2013 - 10:22:02 AM ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver.) -- C:\WINDOWS\system32\Drivers\EuFdDisk.sys   [185800]
O58 - SDL:6/16/2010 - 4:59:42 PM ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys   [138752]
O58 - SDL:8/29/2012 - 12:49:20 PM ---A- . (.MusicLab, Inc. - MusicLab Virtual MIDI Device.) -- C:\WINDOWS\system32\Drivers\mlkumidi.sys   [41536]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys   [17792]
O58 - SDL:10/28/2014 - 2:33:57 PM ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\WINDOWS\system32\Drivers\sptd.sys   [320120]
O58 - SDL:7/20/2011 - 9:46:04 AM ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudbus.sys   [77624]
O58 - SDL:7/20/2011 - 9:46:04 AM ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudmdm.sys   [181432]
O58 - SDL:10/24/2007 - 9:47:26 AM ---A- . (.SIA Syncrosoft - SynasUSB.sys.) -- C:\WINDOWS\system32\Drivers\synasUSB.sys   [23288]
O58 - SDL:8/16/2006 - 8:24:00 AM ---A- . (.MIDIMAN - USB11LDR.) -- C:\WINDOWS\system32\Drivers\USB11LDR.SYS   [13504]
O58 - SDL:6/10/2014 - 9:50:24 PM ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\system32\Drivers\usbaapl.sys   [45056]
O58 - SDL:6/27/2005 - 3:39:28 PM ---A- . (.VM - Video streaming and Capture Device Driver.) -- C:\WINDOWS\system32\Drivers\usbVM31b.sys   [94445]
O58 - SDL:2/12/2014 - 3:59:49 PM ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys   [58112]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ansi.sys   [9029]
O58 - SDL:10/7/2014 - 9:58:40 PM ---A- . (...) -- C:\WINDOWS\system32\audcon.sys   [2892]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\country.sys   [27097]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\himem.sys   [4768]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\key01.sys   [42809]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys   [42537]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys   [27866]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys   [29146]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys   [29370]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys   [29274]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys   [29146]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio.sys   [33840]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys   [34560]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys   [35648]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys   [35424]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys   [34560]
O58 - SDL:9/30/2013 - 3:26:46 PM ----- . (...) -- C:\WINDOWS\system32\pwdrvio.sys   [15688]
O58 - SDL:9/30/2013 - 3:26:44 PM ----- . (...) -- C:\WINDOWS\system32\pwdspio.sys   [10320]
~ Drivers: 67 Legitimates Filtered in 02mn AMs
 
 
 
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn AMs
 
 
 
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 2/26/1746 - C:\WINDOWS\system32\drivers\slsis.sys (amsint32) .(...) - LEGACY_AMSINT32
O64 - Services: CurCS - 1/8/2007 - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (MA_CMIDI_InstallerService)  .(.No owner - MA_CMIDI USB MIDI Installer Service.) - LEGACY_MA_CMIDI_INSTALLERSERVICE
~ Legacy: 167 Legitimates Filtered in 00mn AMs
 
 
 
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn AMs
 
 
 
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] Moikrug - (Люди на Моем Круге) - http://moikrug.ru
O69 - SBI: SearchScopes [HKCU] Yandex [DefaultScope] - (Яндекс) - http://yandex.ru
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {8F7AB32B-C552-40BD-9D20-D28986BDDC81} - (Google) - http://www.google.com
~ Keys:  Scanned in 00mn AMs
 
 
 
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.AB89B4683F962A630A9146134321EDEB] [SPRF][10/16/2000] (...) -- C:\Program Files\Fdos.com   [7202]
[MD5.1FCA66697340F05A283344CA2FA6C357] [SPRF][10/25/2000] (...) -- C:\Program Files\Flex2K.exe   [206848]
[MD5.10D45E2DC219F7558A35942BE9FF2406] [SPRF][5/19/2002] (...) -- C:\Program Files\FType2K.exe   [180224]
[MD5.02D74363AF9D746D020AF99E922FF446] [SPRF][5/13/2002] (...) -- C:\Program Files\Remove.exe   [131072]
[MD5.F18E0BD7FF53A17207649A34DA91EA2A] [SPRF][10/18/2000] (...) -- C:\Program Files\SetupUtl.exe   [86528]
[MD5.F26BB0994D473245641B256E829CEC0B] [SPRF][11/5/2009] (.Softube - Softube: Tube Delay.) -- C:\Program Files\Tube Delay.dll   [9535488]
~ Files: 6 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{30E7F2A0-EC4C-11ce-8865-00805F742EF6}] (SpeedDial)  =>PUP.SpeedDial
~ BCK: 5687 Legitimates Filtered in 09mn AMs
 
 
 
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 1/5/2012 153448 |  (AxAutoMntSrv) . (.Alcohol Soft Development Team.) - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
SS - | Demand 4/14/2008 224768 |  (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 9/26/2014 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 9/26/2014 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 9/26/2014 267760 |  (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 7/8/2014 553288 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Disabled 4/14/2015 1871160 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SS - | Auto 4/14/2015 1080120 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Demand 6/20/2015 148080 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 12/11/2014 315496 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 2/19/2010 517096 |  (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 2/17/2015 5222720 |  (wxpSvc) . (.Moonware Studios.) - C:\Program Files\webcamXP5\wService.exe
SR - | Auto 10/25/2013 878368 |  (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 6/12/2014 43336 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 10/26/2010 614400 |  (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SR - | Auto 8/30/2011 390504 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 10/25/2013 2151200 |  (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SR - | Auto 1/8/2007 94208 |  (MA_CMIDI_InstallerService) . (...) - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
SR - | Auto 11/9/2012 4595064 |  (NIHardwareService) . (.Native Instruments GmbH.) - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
SR - | Auto 11/9/2012 71280 |  (nlsX86cc) . (.Nalpeiron Ltd..) - C:\WINDOWS\system32\nlssrv32.exe
~ Services:  Scanned in 10mn AMs
 
 
 
---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:10/28/2014 - 2:33:57 PM ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\WINDOWS\system32\Drivers\sptd.sys   [320120]
~ Emulateurs:  Scanned in 10mn AMs
 
 
 
---\\ Scan Additionnel (O88)
Database Version : 13008 - (5/31/2015)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 2
Fichiers trouvés  (Files found) : 4
 
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Soulseek2]   =>P2P.SoulSeek^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]   =>P2P.BitTorrent^
[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}]   =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}]   =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}]   =>PUP.Whitesmoke
[HKLM\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}]   =>PUP.Babylon
[HKLM\Software\Classes\protector_dll.protectorbho.1]   =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho]   =>PUP.BProtector
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}]   =>PUP.Babylon
[HKLM\Software\Classes\AppID\secman.DLL]   =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91397D20-1446-11D4-8AF4-0040CA1127B6}]   =>Toolbar.YandexFastDial
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{91397D20-1446-11D4-8AF4-0040CA1127B6}]   =>Toolbar.YandexFastDial
[HKLM\Software\Classes\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6}]   =>Toolbar.YandexFastDial
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent   =>P2P.BitTorrent^
C:\Program Files\SoulseekNS   =>P2P.SoulSeek^
C:\Documents and Settings\All Users\Application Data\Soulseek   =>P2P.SoulSeek^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified   =>Hijacker.Application^
C:\Documents and Settings\XXXX\Application Data\uTorrent\uTorrent.exe   =>P2P.BitTorrent^
[HKCU\Software\Soulseek2]   =>P2P.SoulSeek^
[HKCR\CLSID\{30E7F2A0-EC4C-11ce-8865-00805F742EF6}] (SpeedDial)   =>PUP.SpeedDial^
~ Additionnel Scan: 508804 Items scanned in 27mn AMs
 
 
 
---\\ Additional information about modules
~ http://nicolascoolma...anagement-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolma...lorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://nicolascoolma...ar-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ AMI: 3 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Summary of the detections found on your workstation
http://www.nicolascoolman.fr/blog/ =>Hijacker.Application
http://www.nicolascoolman.fr/blog/ =>Toolbar.YandexFastDial
~ MSI: 7 link(s) detected in 00mn AMs
 
 
 
~ 1196 Legitimates filtered by white list
End of the scan (617 lines in 06mn AMs)(0.4)
 

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi we do not use ZHP here but FRST

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
lusilusi

lusilusi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-06-2015 01
Ran by XXXX at 2015-06-20 23:34:33
Running from F:\DOWNLOADS
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1177238915-1035525444-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1177238915-1035525444-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1177238915-1035525444-682003330-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1177238915-1035525444-682003330-1002 - Limited - Disabled)
XXXX (S-1-5-21-1177238915-1035525444-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\XXXX
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
ACID Pro 7.0 (HKLM\...\{10B39DCD-0325-49FE-BFBC-8EC011CB7CA8}) (Version: 7.0.653 - Sony)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM\...\Advanced SystemCare 7_is1) (Version: 7.0.5 - IObit)
Alcohol 120% (HKLM\...\Alcohol 120%) (Version:  - Alcohol Soft Development Team)
Alien Skin Eye Candy 7 (HKLM\...\Alien Skin Eye Candy 7) (Version:  - Alien Skin)
Ample Bass P version 1.0.0 (HKLM\...\{9E12DB30-0896-11E4-9191-0800200C9A66}_is1) (Version: 1.0.0 - Ample Sound Technology Co., Ltd.)
Ample Guitar F version 1.2.6 (HKLM\...\{F0855D86-F7D9-4E24-987C-CD7CEBB61AF1}_is1) (Version: 1.2.6 - Ample Sound Technology Co., Ltd.)
Ample Guitar G version 1.7.0 (HKLM\...\{F0855D86-F7D9-4E24-987C-CD7CEBB61AF2}_is1) (Version: 1.7.0 - Ample Sound Technology Co., Ltd.)
Ample Guitar M version 1.7.0 (HKLM\...\{F0855D86-F7D9-4E24-987C-CD7CEBB61AF4}_is1) (Version: 1.7.0 - Ample Sound Technology Co., Ltd.)
Ample Guitar P version 1.2.6 (HKLM\...\{F0855D86-F7D9-4E24-987C-CD7CEBB61AF3}_is1) (Version: 1.2.6 - Ample Sound Technology Co., Ltd.)
Analog Factory 2.5 (HKLM\...\Analog Factory_is1) (Version:  - Arturia)
Any Wallpaper 1.1.1 (HKLM\...\Any Wallpaper_is1) (Version: 1.1.1 - AnyUtils)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARP2600 V2 2.0 (HKLM\...\ARP2600 V2_is1) (Version:  - Arturia)
AutoEye (HKLM\...\{D4CBB77C-8143-44E9-9506-6DA1925DAA5C}) (Version: 2.00.0000 - Auto FX Software)
Avira (HKLM\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Aya Audio to MP3/WMA/AAC/MP2/WAV/OGG/M4A/AMR Audio Converter V1 (HKLM\...\Aya Audio to MP3/WMA/AAC/MP2/WAV/OGG/M4A/AMR Aud~232DB3A3_is1) (Version: 1.2.7 - Aya Software)
Bass Station 2.1 (HKLM\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.1 - Novation)
Beyond the Invisible - Evening 1.0 (HKLM\...\Beyond the Invisible - Evening 1.0) (Version: 1.0 - Игры на Cat-A-Cat.NET)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brass 2.0.1 (HKLM\...\Brass 2.0.1_is1) (Version:  - Arturia)
Bulgarian (Phonetic) by Iliya Dankov (HKLM\...\{57BA3105-8E44-45BD-BB3A-F0BD5EA0575B}) (Version: 1.0.3.13 - ILIYA DANKOV - www.dankov.hit.bg)
calibre (HKLM\...\{90037203-AAD8-412F-8265-DD54FD4EFD10}) (Version: 0.9.35 - Kovid Goyal)
Camel Audio Cameleon 5000 v1.7 VSTi (HKLM\...\Camel Audio Cameleon 5000 v1.7 VSTi) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cool Edit Pro 2.1 (HKLM\...\Cool Edit Pro 2.1) (Version:  - )
CoolEdit Pro (HKLM\...\{0D2A50C4-8DE4-4A47-B6DD-F9F0CE24E269}) (Version: 2.1 - EKE58)
CS-80V2 2.0 (HKLM\...\CS-80V2_is1) (Version:  - Arturia)
Dell System Detect (HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\73f463568823ebbe) (Version: 5.14.0.9 - Dell)
DreamSuite Ultimate (HKLM\...\{F29962BA-432D-483F-A008-F5552BE9647B}) (Version: 2.00.0000 - Auto FX Software)
eLicenser Control (HKLM\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Filter Forge 3.006 (HKLM\...\Filter Forge 3_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 1 - Metals 2.009 (HKLM\...\Filter Forge Freepack 1 - Metals_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 2 - Photo Effects 2.009 (HKLM\...\Filter Forge Freepack 2 - Photo Effects_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 4 - Distortions 2.009 (HKLM\...\Filter Forge Freepack 4 - Distortions_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 6 - Patterns 2.009 (HKLM\...\Filter Forge Freepack 6 - Patterns_is1) (Version:  - Filter Forge, Inc.)
FL Studio 11 (HKLM\...\FL Studio 11) (Version:  - Image-Line)
FlexType 2K (HKLM\...\FlexType 2K) (Version:  - )
FlowStone FL 3.0 (HKLM\...\FlowStone) (Version:  - )
Foxit Advanced PDF Editor 3 (HKLM\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.1.0.0 - Foxit Corporation)
Frischluft Lenscare v1.41 и Flair v1.2 (HKLM\...\Frischluft Lenscare v1.41 и Flair v1.2) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version:  - Image-Line)
Imagenomic Noiseware 5.0.2 Plug-in (build 5020) (HKLM\...\ImagenomicNoisewarePlugin) (Version:  - )
Imagenomic Portraiture 2.3.3 Plug-in (build 2330) (HKLM\...\ImagenomicPortraiturePlugin) (Version:  - )
Imagenomic Realgrain 2.0 Plug-in (build 2001) (HKLM\...\ImagenomicRealgrainPlugin) (Version:  - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.3 - Intel)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.0.3.1064 - IObit)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
iZotope Nectar 2 Production Suite (HKLM\...\iZotope Nectar 2 Production Suite_is1) (Version: 2.02 - iZotope, Inc.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jupiter-8V2 2.0 (HKLM\...\Jupiter-8V2_is1) (Version:  - Arturia)
K-Lite Mega Codec Pack 7.8.0 (HKLM\...\KLiteCodecPack_is1) (Version: 7.8.0 - )
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
M-Audio Series II MIDI (HKLM\...\{379BD39E-F13E-458F-96D8-56BD7F2CC516}) (Version: 4.2.03v4 - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
minimoog V2 2.0 (HKLM\...\minimoog V2_is1) (Version:  - Arturia)
MiniTool Partition Wizard Free 9.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MorphoX (HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\MorphoX) (Version:  - )
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MusicLab RealLPC (HKLM\...\{38209080-8888-4418-8117-D190FC71BF58}) (Version: 3.0 - MusicLab, Inc.)
MusicLab RealStrat (HKLM\...\{58206080-8888-4418-8117-D190FC71BF58}) (Version: 3.0 - MusicLab, Inc.)
MusicLab Virtual MIDI Driver (HKLM\...\{A30B7FD7-04A1-46e1-ABDF-FD592C113253}) (Version: 2.0.1.0 - MusicLab, Inc.)
Mystery of the Ancients 4. Deadly Cold CE 1.0 (HKLM\...\Mystery of the Ancients 4. Deadly Cold CE 1.0) (Version: 1.0 - Игры на Cat-A-Cat.NET)
Mystical (HKLM\...\{B64A9435-8F83-41DF-891D-D82550A7C431}) (Version: 2.00.0000 - Auto FX Software)
N.I Pro-53 v3.0-OxYGeN (HKLM\...\N.I Pro-53 v3.0-OxYGeN) (Version:  - )
Native Instruments Controller Editor (HKLM\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments FM8 (HKLM\...\Native Instruments FM8) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM\...\Native Instruments Kontakt 5) (Version:  - Native Instruments)
Native Instruments Maschine (HKLM\...\Native Instruments Maschine) (Version:  - Native Instruments)
Native Instruments Maschine Controller Driver (HKLM\...\Native Instruments Maschine Controller Driver) (Version:  - Native Instruments)
Native Instruments Maschine Controller MK2 Driver (HKLM\...\Native Instruments Maschine Controller MK2 Driver) (Version:  - Native Instruments)
Native Instruments Maschine Mikro Driver (HKLM\...\Native Instruments Maschine Mikro Driver) (Version:  - Native Instruments)
Native Instruments Maschine Mikro MK2 Driver (HKLM\...\Native Instruments Maschine Mikro MK2 Driver) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version:  - Native Instruments)
Native Instruments Traktor 2 (HKLM\...\Native Instruments Traktor 2) (Version:  - Native Instruments)
PDF Creator Plus 4.0 (HKLM\...\{49D56762-52DA-4350-9420-97BACA9D7D62}) (Version: 4.0.008 - PEERNET Inc.)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Perfect Effects 3 (HKLM\...\{7C27218C-912B-4B0E-9B6E-E87A6DFD84F7}) (Version: 3.0.2 - onOne Software)
Perfectly Clear Plugin 1.7.0 (HKLM\...\Perfectly Clear Plugin) (Version: 1.7.0 - Athentech)
Phonetic Cyrillic for Windows 2000 v1.0 (HKLM\...\BGPHO-WIN2K_is1) (Version: v1.0 - 5Group & Co.)
Prophet-V2 2.0 (HKLM\...\Prophet-V2_is1) (Version:  - Arturia)
PSP VintageWarmer2 2.5.2 32bit (HKLM\...\PSP VintageWarmer2 2.5.2 32bit) (Version: 2.5.2 32bit - PSPaudioware.com)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.36 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM\...\reFX Nexus_is1) (Version:  - )
REmatrix (HKLM\...\{FA90E0EB-2AF1-44E8-BBA0-7D151516995D}_is1) (Version: 1.0.0 - Overloud)
Rob Papen Albino 3 (HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\Rob Papen Albino 3) (Version:  - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.2.11071_128 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.0.2.11071_128 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.2.2 - SAMSUNG Electronics Co., Ltd.)
Service Installer II (HKLM\...\Service Installer II) (Version: 1.2 - Nalpeiron)
Service Installer II (Version: 1.2 - Nalpeiron) Hidden
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Softube Spring Reverb VST RTAS v1.0.4 (HKLM\...\Softube Spring Reverb VST RTAS_is1) (Version:  - )
Softube Tube Delay VST RTAS v1.0.5 (HKLM\...\Softube Tube Delay VST RTAS_is1) (Version:  - )
Sony Vocal Eraser (HKLM\...\Sony Vocal Eraser_is1) (Version: 1.00 - iZotope, Inc.)
SoulSeek 157 NS 13e (HKLM\...\Soulseek2) (Version:  - )
Spectrasonics Omnisphere Library version 1.0 (HKLM\...\Spectrasonics Omnisphere Library_is1) (Version:  - Copyright © 2008-2011 Spectrasonics)
Spectrasonics Omnisphere VSTi Plug-In version 1.5 (HKLM\...\Spectrasonics Omnisphere VSTi Plug-In_is1) (Version:  - Copyright © 2008-2011 Spectrasonics)
Spirit of Revenge - Cursed Castle Collectors Edition (HKLM\...\Spirit of Revenge - Cursed Castle Collectors Edition) (Version: 1.0.0.2 - LeeGT-Games)
Steinberg Cubase 5 (HKLM\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg Hypersonic VSTi DXi v2.0 (HKLM\...\Steinberg Hypersonic VSTi DXi_is1) (Version:  - )
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Sylenth1 v2.21 (HKLM\...\Sylenth1_is1) (Version:  - )
Syncrosoft License Control (HKLM\...\Syncrosoft License Control) (Version:  - SIA Syncrosoft)
The KMPlayer 3.6.0.87 (LAV) (HKLM\...\{ACBA5A14-2D62-4820-8206-D768C74C1E10}_is1) (Version:  - ©7sh3. (Сборка от 01.07.2013))
UmmyVideoDownloader (HKLM\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.3.0.3 - )
Unlocker 1.8.9 (HKLM\...\Unlocker) (Version: 1.8.9 - Cedrick Collomb)
USB PC Camera (ZC0301PLH) (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}) (Version:  - )
Valve Exciter version 1.1.0 (HKLM\...\{7AF49065-7792-4BF8-BD39-BC50F2E3AA11}_is1) (Version: 1.1.0 - AudioThing)
Vampire Legends 2 - The Untold Story of Elizabeth Bathory CE (HKLM\...\Vampire Legends 2 - The Untold Story of Elizabeth Bathory CE1.1) (Version: 1.1 - Foxy Games)
Vimicro USB PC Camera (VC0305) (HKLM\...\{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}) (Version: 1.00.000 - )
Vitamin D Video r5150 (HKLM\...\Vitamin D Video_is1) (Version:  - Vitamin D, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
webcamXP 5 (HKLM\...\wLite) (Version: 5.7.4.0 - Moonware Studios)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDjView 1.0.3 (HKLM\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
Windows Driver Package - AnalogDevices (ADIHdAudAddService) MEDIA  (06/15/2010 5.10.01.7280) (HKLM\...\4CDCB90B2EFB804FE32D2C9FA5B9B962D6F6DBDF) (Version: 06/15/2010 5.10.01.7280 - AnalogDevices)
Windows Driver Package - ATI Technologies Inc. (ati2mtag) Display  (10/26/2010 8.791.0.0000) (HKLM\...\7C00C778C242677415C0193DAD28660598D1A612) (Version: 10/26/2010 8.791.0.0000 - ATI Technologies Inc.)
Windows Driver Package - Intel hdc  (07/25/2013 9.1.9.1005) (HKLM\...\45E15243FF229D0F06670A5B262CA9C7887085F6) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (04/01/2004 6.0.0.1013) (HKLM\...\CFCAB4709E52E3AF3F14E0AB9D735787D8588D2E) (Version: 04/01/2004 6.0.0.1013 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\55FC653506E73D0EF241309C7F5E3A6366568BC1) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\B081E57B1455374FB610EEC26F6154A8870B8859) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB  (07/09/2013 9.1.9.1004) (HKLM\...\0D3177F1E077022671B9E6C22E0EE7CA9A92EDDE) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Samsung Monitor  (03/19/2007 3.0) (HKLM\...\AE87B468E63D63CADCCE2A8EE2E615ED8B2F9809) (Version: 03/19/2007 3.0 - Samsung)
Windows Driver Package - Synaptics (SmbDrv) System  (07/25/2014 16.2.19.14) (HKLM\...\82FC900FCA04F9EBC3BE3E9660B43D4C0D81BC1B) (Version: 07/25/2014 16.2.19.14 - Synaptics)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
WinRAR 4.00 (32-битова версия) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Witch Hunters 2 Full Moon Ceremony CE 1.0 (HKLM\...\Witch Hunters 2 Full Moon Ceremony CE 1.0) (Version: 1.0 - Cat-A-Cat)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
ZHPDiag 2015 (HKLM\...\ZHPDiag_is1) (Version: 2015 - Nicolas Coolman)
Яндекс.Бар 5.1 для Internet Explorer (HKLM\...\{9B202815-09F6-4D0F-96F8-24A42277B9B8}) (Version: 5.1.3.1239 - Яндекс)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1177238915-1035525444-682003330-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\XXXX\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-1035525444-682003330-1003_Classes\CLSID\{2614C37E-2C78-4bfb-B7A6-E49B62B9CD9B}\localserver32 -> C:\Documents and Settings\XXXX\Local Settings\Application Data\Yandex\Updater\yupdate-executor.exe (ООО "Яндекс")
CustomCLSID: HKU\S-1-5-21-1177238915-1035525444-682003330-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\XXXX\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-1035525444-682003330-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\XXXX\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1177238915-1035525444-682003330-1003_Classes\CLSID\{949CDFC6-2A52-4C27-A0A2-F87EF62D5536}\localserver32 -> C:\Documents and Settings\XXXX\Local Settings\Application Data\Yandex\Updater\praetorian.exe (ООО «ЯНДЕКС»)
CustomCLSID: HKU\S-1-5-21-1177238915-1035525444-682003330-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\XXXX\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1177238915-1035525444-682003330-1003_Classes\CLSID\{D236C998-BECE-472D-B939-541727B72AEF}\localserver32 -> C:\Documents and Settings\XXXX\Local Settings\Application Data\Yandex\Updater\yupdate-executor.exe (ООО "Яндекс")
 
==================== Restore Points =========================
 
06-06-2015 18:27:01 System Checkpoint
07-06-2015 20:54:24 System Checkpoint
09-06-2015 00:17:19 Software Distribution Service 3.0
11-06-2015 09:06:07 System Checkpoint
12-06-2015 17:58:54 System Checkpoint
13-06-2015 19:30:41 System Checkpoint
14-06-2015 22:17:55 System Checkpoint
16-06-2015 22:16:02 System Checkpoint
17-06-2015 22:37:52 System Checkpoint
19-06-2015 20:52:06 Installed ESET NOD32 Antivirus
19-06-2015 23:18:41 avast! antivirus system restore point
19-06-2015 23:55:22 avast! antivirus system restore point
20-06-2015 10:35:34 Installed Microsoft Fix it 50195
20-06-2015 21:01:30 Restore Operation
20-06-2015 23:00:24 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 14:00 - 2014-10-07 22:11 - 00000764 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-XXXX-0EA46F90D0-XXXX.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1035525444-682003330-1003Core.job => C:\Documents and Settings\XXXX\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1035525444-682003330-1003UA.job => C:\Documents and Settings\XXXX\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\shutdown.job => C:\WINDOWS\system32\shutdown.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-10-05 19:30 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 7\sqlite3.dll
2014-07-03 14:20 - 2014-07-03 14:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 14:19 - 2014-07-03 14:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-07 14:16 - 2007-01-08 16:08 - 00094208 _____ () C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
2008-04-14 14:00 - 2008-04-14 14:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 14:00 - 2008-04-14 14:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2014-10-05 19:30 - 2013-10-25 12:07 - 01120032 _____ () C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
2014-10-05 19:30 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madExcept_.bpl
2014-10-05 19:30 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madBasic_.bpl
2014-10-05 19:30 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madDisAsm_.bpl
2015-06-11 10:50 - 2015-06-05 21:22 - 15003464 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:474022C7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:56E2E879
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\dell.com -> dell.com
 
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1177238915-1035525444-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\XXXX\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => c:\program files\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "c:\program files\common files\adobe\cs5.5servicemanager\cs5.5servicemanager.exe" -launchedbylogin
MSCONFIG\startupreg: AlcoholAutomount => "c:\program files\alcohol soft\alcohol 120\axautomntsrv.exe" -automount
MSCONFIG\startupreg: Avira Systray => 
MSCONFIG\startupreg: DellSystemDetect => c:\documents and settings\xxxx\local settings\apps\2.0\j49wc1ye.k2c\a4946org.5km\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\dellsystemdetect.exe
MSCONFIG\startupreg: EaseUs Tray => 
MSCONFIG\startupreg: EaseUs Watch => 
MSCONFIG\startupreg: Facebook Update => "c:\documents and settings\xxxx\local settings\application data\facebook\update\facebookupdate.exe" /c /nocrashserver
MSCONFIG\startupreg: iTunesHelper => c:\program files\itunes\ituneshelper.exe
MSCONFIG\startupreg: KiesHelper => c:\program files\samsung\kies\kieshelper.exe /s
MSCONFIG\startupreg: KiesPDLR => c:\program files\samsung\kies\external\firmwareupdate\kiespdlr.exe
MSCONFIG\startupreg: Praetorian => c:\documents and settings\xxxx\local settings\application data\yandex\updater\praetorian.exe
MSCONFIG\startupreg: SoundMAXPnP => c:\program files\analog devices\core\smax4pnp.exe
MSCONFIG\startupreg: SwitchBoard => c:\program files\common files\adobe\switchboard\switchboard.exe
MSCONFIG\startupreg: uTorrent => "c:\documents and settings\xxxx\application data\utorrent\utorrent.exe"  /minimized
MSCONFIG\startupreg: VMSnap3 => c:\windows\vmsnap3.exe
MSCONFIG\startupreg: webcam 7 => 
MSCONFIG\startupreg: wLite => "c:\program files\webcamxp5\wlite.exe" -auto
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\muzapp.exe] => Enabled:MUZ AOD APP player
StandardProfile\AuthorizedApplications: [C:\Program Files\SoulseekNS\slsk.exe] => Enabled:SoulSeek
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\XXXX\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe] => Enabled:Facebook Video Calling Plugin
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\XXXX\Application Data\uTorrent\uTorrent.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\webcamXP5\wLite.exe] => Enabled:webcamXP
StandardProfile\AuthorizedApplications: [C:\Program Files\webcamXP5\wService.exe] => Enabled:webcamXP Service
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\XXXX\Desktop\M\Skype.exe] => Enabled:Skype 
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Explorer.EXE] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\PROGRA~1\MagicISO\MagicISO.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\CTFMON.EXE] => C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\WINDOWS\VMSNAP3.EXE] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\XXXX\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe] => Enabled:ipsec
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management 
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/20/2015 01:59:11 PM) (Source: MsiInstaller) (EventID: 10005) (User: XXXX-0EA46F90D0)
Description: Product: Avira -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2753. The arguments are: Avira.OE.Systray, ,
 
Error: (06/20/2015 09:03:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5634, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (06/20/2015 09:00:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
 
Error: (06/20/2015 08:57:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5634, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (06/19/2015 11:10:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5634, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (06/19/2015 09:45:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
 
Error: (06/19/2015 09:44:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5634, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (06/19/2015 09:10:36 PM) (Source: MsiInstaller) (EventID: 10005) (User: XXXX-0EA46F90D0)
Description: Product: Avira -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2753. The arguments are: Avira.OE.Systray, ,
 
Error: (06/19/2015 09:02:57 PM) (Source: MsiInstaller) (EventID: 10005) (User: XXXX-0EA46F90D0)
Description: Product: Avira -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2753. The arguments are: Avira.OE.Systray, ,
 
Error: (06/19/2015 09:02:35 PM) (Source: MsiInstaller) (EventID: 10005) (User: XXXX-0EA46F90D0)
Description: Product: Avira -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2753. The arguments are: Avira.OE.Systray, ,
 
 
System errors:
=============
Error: (06/20/2015 11:01:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error: (06/20/2015 11:01:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error: (06/20/2015 11:01:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error: (06/20/2015 11:01:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error: (06/20/2015 11:01:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error: (06/20/2015 11:01:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error: (06/20/2015 11:01:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error: (06/20/2015 11:01:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error: (06/20/2015 09:01:30 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error: (06/20/2015 09:01:30 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
 
Microsoft Office:
=========================
Error: (06/20/2015 01:59:11 PM) (Source: MsiInstaller) (EventID: 10005) (User: XXXX-0EA46F90D0)
Description: Product: Avira -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2753. The arguments are: Avira.OE.Systray, , (NULL)(NULL)(NULL)(NULL)
 
Error: (06/20/2015 09:03:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.56340.0.0.000000000
 
Error: (06/20/2015 09:00:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d
 
Error: (06/20/2015 08:57:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.56340.0.0.000000000
 
Error: (06/19/2015 11:10:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.56340.0.0.000000000
 
Error: (06/19/2015 09:45:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d
 
Error: (06/19/2015 09:44:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.56340.0.0.000000000
 
Error: (06/19/2015 09:10:36 PM) (Source: MsiInstaller) (EventID: 10005) (User: XXXX-0EA46F90D0)
Description: Product: Avira -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2753. The arguments are: Avira.OE.Systray, , (NULL)(NULL)(NULL)(NULL)
 
Error: (06/19/2015 09:02:57 PM) (Source: MsiInstaller) (EventID: 10005) (User: XXXX-0EA46F90D0)
Description: Product: Avira -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2753. The arguments are: Avira.OE.Systray, , (NULL)(NULL)(NULL)(NULL)
 
Error: (06/19/2015 09:02:35 PM) (Source: MsiInstaller) (EventID: 10005) (User: XXXX-0EA46F90D0)
Description: Product: Avira -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2753. The arguments are: Avira.OE.Systray, , (NULL)(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E6850 @ 3.00GHz
Percentage of memory in use: 46%
Total physical RAM: 3325.54 MB
Available physical RAM: 1789.57 MB
Total Pagefile: 5209.26 MB
Available Pagefile: 3411.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.08 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:922.32 GB) (Free:697.56 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Fixed) (Total:940.7 GB) (Free:364.61 GB) NTFS
Drive g: (HBCD 14.0) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS
Drive i: (TOSHIBA EXT) (Fixed) (Total:698.64 GB) (Free:556.89 GB) NTFS
Drive j: (Slax CD) (CDROM) (Total:0.21 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: E1A703CD)
Partition 1: (Active) - (Size=922.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=940.7 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: FAB2E3FE)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
 
==================== End of log ============================

  • 0

#4
lusilusi

lusilusi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi we do not use ZHP here but FRST

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

 

There we go the attachments...I will send some cash to the person who help me solve the issue A friend of mine did this mess and  i am facing the perspective to reinstall windows and suffer the loss of many programs and data..Thank you and i appreciate what you do for me

Attached Files


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see that you have Avira but it is not properly installed ... What error do you get when you try to install an AV ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1177238915-1035525444-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 Avira.OE.ServiceHost; No ImagePath
C:\Documents and Settings\All Users\Application Data\Package Cache\{8467e01f-0496-42ce-b247-88ef205b4880}\Avira.OE.Setup.Bundle.exe
C:\Documents and Settings\HARRYS FLASH\FINDANDMOUNT.EXE
C:\Documents and Settings\HARRYS FLASH\LOGONUI.EXE
C:\Documents and Settings\HARRYS FLASH\MAGICDISC.EXE
C:\Documents and Settings\HARRYS FLASH\MagicISO Maker 5.5 Build 281 (kaldata.com).exe
C:\Documents and Settings\HARRYS FLASH\Rufus.exe
C:\Documents and Settings\HARRYS FLASH\winamp_metadata.dat
C:\Documents and Settings\HARRYS FLASH\YUMI-2.0.1.0.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#6
lusilusi

lusilusi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

 

This is the log..there is no change in the situation..so far..

Attached Files


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you able to download an antivirus using another computer to a USB drive and transferring that to your system ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP